Yan, Fix the error first. It could be eating the parameters. Return to default login flow and try again. Are you sure your authentication handler is correct?
Ray On Wed, 2019-02-06 at 14:28 -0800, Yan Zhou wrote: I think the log may help better. I do not believe CheckLoginUserAction has anything to do with it, because it only comes into the picture if authN is successful. I just enabled debug logging, the stacktrace below is only because I entered incorrect credential. Notice that my URL had service parameter, but at the end, it is gone. Yan 2019-02-06 17:13:43,958 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Last-Modified value for [/cas5/favicon.ico] is: -1> 2019-02-06 17:13:43,975 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling> 2019-02-06 17:13:43,975 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Successfully completed request> 2019-02-06 17:13:47,047 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <DispatcherServlet with name 'dispatcherServlet' processing POST request for [/cas5/login]> 2019-02-06 17:13:47,048 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Looking up handler method for path /login> 2019-02-06 17:13:47,048 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Did not find handler method for [/login]> 2019-02-06 17:13:47,048 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <Mapping request with URI '/cas5/login' to flow with id 'login'> 2019-02-06 17:13:47,048 DEBUG [org.springframework.web.cors.DefaultCorsProcessor] - <Skip CORS processing: request is from same origin> 2019-02-06 17:13:47,049 DEBUG [org.springframework.webflow.executor.FlowExecutorImpl] - <Resuming flow execution with key '91f58848-e4a7-48f3-bd06-.............................................VVS2gxbFQwdmRpNnFCb0wvczRxLmFIMzV5MXFOWGRzMFZrdjdBSUxRMDRyd2VMcjNNYUZCbnRfV3paVUROVTBoc1Y2RThwejNaVzFqREFLRVFjQUJLQnlvQWxDd1p4M3RpN1o0RXdvQVFB> 2019-02-06 17:13:47,076 DEBUG [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] - <Getting FlowDefinition with id 'login'> 2019-02-06 17:13:47,076 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - <Resuming in org.springframework.webflow.mvc.servlet.MvcExternalContext@45a73f16> 2019-02-06 17:13:47,076 DEBUG [org.springframework.webflow.engine.Flow] - <Restoring [FlowVariable@28166464 name = 'credential', valueFactory = [BeanFactoryVariableValueFactory@598dbb8a type = UsernamePasswordCredential]]> 2019-02-06 17:13:47,076 DEBUG [org.springframework.webflow.engine.Flow] - <Restoring [FlowVariable@7ebfbf0d name = 'password', valueFactory = [BeanFactoryVariableValueFactory@51b9ecc3 type = PasswordChangeBean]]> 2019-02-06 17:13:47,077 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Processing user event 'submit'> 2019-02-06 17:13:47,077 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Resolved model UsernamePasswordCredential(username=null)> 2019-02-06 17:13:47,077 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Binding to model> 2019-02-06 17:13:47,092 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Adding mapping for parameter 'username'> 2019-02-06 17:13:47,092 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Adding mapping for parameter 'password'> 2019-02-06 17:13:47,110 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - <Validating model> 2019-02-06 17:13:47,119 DEBUG [org.springframework.webflow.engine.ViewState] - <Event 'submit' returned from view [ServletMvcView@7b85d56 view = org.thymeleaf.spring4.view.ThymeleafView@2e45283e]> 2019-02-06 17:13:47,119 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@37040f3d on = submit, to = realSubmit]> 2019-02-06 17:13:47,119 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'viewLoginForm'> 2019-02-06 17:13:47,119 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'realSubmit' of flow 'login'> 2019-02-06 17:13:47,119 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@6e964906 expression = flowScope.doChangePassword = requestParameters.doChangePassword != null, resultExpression = [null]]> 2019-02-06 17:13:47,120 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@6e964906 expression = flowScope.doChangePassword = requestParameters.doChangePassword != null, resultExpression = [null]]; result = no> 2019-02-06 17:13:47,120 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@78ba11bc expression = authenticationViaFormAction, resultExpression = [null]]> 2019-02-06 17:13:47,120 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]> 2019-02-06 17:13:47,120 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.actions.InitialAuthenticationAction@3544577f> 2019-02-06 17:13:47,121 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Attempting to resolve authentication event using resolver [ServiceTicketRequestWebflowEventResolver]> 2019-02-06 17:13:47,121 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Located ticket-granting ticket [null] from the request context> 2019-02-06 17:13:47,122 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Located service [AbstractWebApplicationService(id=https://test.com, originalUrl=https://test.com, artifactId=null, principal=null, source=service, loggedOutAlready=false, format=XML, attributes={})] from the request context> 2019-02-06 17:13:47,122 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Provided value for [renew] request parameter is [null]> 2019-02-06 17:13:47,122 DEBUG [org.apereo.cas.web.flow.resolver.impl.ServiceTicketRequestWebflowEventResolver] - <Request is not eligible to be issued service tickets just yet> 2019-02-06 17:13:47,123 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Attempting to resolve authentication event using resolver [InitialAuthenticationAttemptWebflowEventResolver]> 2019-02-06 17:13:47,292 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=dd)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.> 2019-02-06 17:13:47,293 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[questAuthHandler]: []> 2019-02-06 17:13:47,304 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: dd WHAT: Supplied credentials: [UsernamePasswordCredential(username=dd)] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Wed Feb 06 17:13:47 EST 2019 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2019-02-06 17:13:47,313 DEBUG [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] - <1 errors, 0 successes> org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 successes at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:391) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:371) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:144) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:84) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135) ~[inspektr-audit-1.8.3.GA.jar:1.8.3.GA] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121] at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:627) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:616) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45) ~[metrics-spring-3.1.3.jar:?] at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32) ~[metrics-spring-3.1.3.jar:?] at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) ~[metrics-spring-3.1.3.jar:?] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48) ~[metrics-spring-3.1.3.jar:?] at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34) ~[metrics-spring-3.1.3.jar:?] at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) ~[metrics-spring-3.1.3.jar:?] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46) ~[metrics-spring-3.1.3.jar:?] at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32) ~[metrics-spring-3.1.3.jar:?] at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) ~[metrics-spring-3.1.3.jar:?] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$EnhancerBySpringCGLIB$$401a6dc.authenticate(<generated>) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:29) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:48) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleInitialAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:34) ~[cas-server-core-authentication-api-5.3.4.jar:5.3.4] at org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver.resolveInternal(InitialAuthenticationAttemptWebflowEventResolver.java:80) ~[cas-server-core-webflow-api-5.3.4.jar:5.3.4] at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:403) ~[cas-server-core-webflow-api-5.3.4.jar:5.3.4] at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:408) ~[cas-server-core-webflow-api-5.3.4.jar:5.3.4] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at com.sun.proxy.$Proxy205.resolveSingle(Unknown Source) ~[?:?] at org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecute(AbstractAuthenticationAction.java:56) ~[cas-server-core-webflow-api-5.3.4.jar:5.3.4] at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at com.sun.proxy.$Proxy202.execute(Unknown Source) ~[?:?] at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.ViewState.resume(ViewState.java:195) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.Flow.resume(Flow.java:537) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_121] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_121] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_121] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_121] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.19.RELEASE.jar:4.3.19.RELEASE] at com.sun.proxy.$Proxy200.resumeExecution(Unknown Source) ~[?:?] at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:254) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967) ~[spring-webmvc-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) ~[spring-webmvc-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) ~[spring-webmvc-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872) ~[spring-webmvc-4.3.19.RELEASE.jar:4.3.19.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:661) ~[servlet-api.jar:?] at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) ~[spring-webmvc-4.3.19.RELEASE.jar:4.3.19.RELEASE] at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[servlet-api.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-websocket.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55) ~[spring-boot-1.5.16.RELEASE.jar:1.5.16.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:30) ~[cas-server-core-web-api-5.3.4.jar:5.3.4] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:237) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apereo.cas.security.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:94) ~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) ~[spring-boot-actuator-1.5.16.RELEASE.jar:1.5.16.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:91) ~[cas-server-core-logging-5.3.4.jar:5.3.4] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:103) ~[spring-boot-actuator-1.5.16.RELEASE.jar:1.5.16.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130) ~[spring-boot-1.5.16.RELEASE.jar:1.5.16.RELEASE] at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66) ~[spring-boot-1.5.16.RELEASE.jar:1.5.16.RELEASE] at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105) ~[spring-boot-1.5.16.RELEASE.jar:1.5.16.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.19.RELEASE.jar:4.3.19.RELEASE] at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123) ~[spring-boot-1.5.16.RELEASE.jar:1.5.16.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.3.GA.jar:1.8.3.GA] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.11.0.jar:2.11.0] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:8.5.32] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:8.5.32] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[catalina.jar:8.5.32] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[catalina.jar:8.5.32] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) ~[catalina.jar:8.5.32] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) ~[catalina.jar:8.5.32] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) ~[catalina.jar:8.5.32] at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) ~[catalina.jar:8.5.32] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) ~[catalina.jar:8.5.32] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) ~[catalina.jar:8.5.32] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) ~[tomcat-coyote.jar:8.5.32] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-coyote.jar:8.5.32] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800) ~[tomcat-coyote.jar:8.5.32] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471) ~[tomcat-coyote.jar:8.5.32] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:8.5.32] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[?:1.8.0_121] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[?:1.8.0_121] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:8.5.32] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121] 2019-02-06 17:13:47,313 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [authenticationFailure] via [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] for this context> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.InitialAuthenticationAction@3544577f; result = authenticationFailure> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action execution attributes map[[empty]]> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@78ba11bc expression = authenticationViaFormAction, resultExpression = [null]]; result = authenticationFailure> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@2bd3cfbc on = authenticationFailure, to = handleAuthenticationFailure]> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'realSubmit'> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'handleAuthenticationFailure' of flow 'login'> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@47dbc0ab expression = authenticationExceptionHandler, resultExpression = [null]]> 2019-02-06 17:13:47,313 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@299c6cf0> 2019-02-06 17:13:47,313 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located current event [authenticationFailure]> 2019-02-06 17:13:47,314 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Located error attribute [class org.apereo.cas.authentication.AuthenticationException] with message [1 errors, 0 successes] from the current event> 2019-02-06 17:13:47,316 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Unable to translate handler errors of the authentication exception [org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 successes]. Returning [UNKNOWN]> 2019-02-06 17:13:47,321 DEBUG [org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] - <Final event id resolved from the error is [UNKNOWN]> 2019-02-06 17:13:47,321 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction@299c6cf0; result = UNKNOWN> 2019-02-06 17:13:47,321 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Finished executing [EvaluateAction@47dbc0ab expression = authenticationExceptionHandler, resultExpression = [null]]; result = UNKNOWN> 2019-02-06 17:13:47,321 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [Transition@73e96d0f on = *, to = initializeLoginForm]> 2019-02-06 17:13:47,321 DEBUG [org.springframework.webflow.engine.Transition] - <Exiting state 'handleAuthenticationFailure'> 2019-02-06 17:13:47,321 DEBUG [org.springframework.webflow.engine.ActionState] - <Entering state 'initializeLoginForm' of flow 'login'> 2019-02-06 17:13:47,321 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing [EvaluateAction@3474bb36 expression = initializeLoginAction, resultExpression = [null]]> 2019-02-06 17:13:47,321 DEBUG [org.springframework.webflow.execution.AnnotatedAction] - <Putting action execution attributes map[[empty]]> 2019-02-06 17:13:47,322 DEBUG [org.springframework.webflow.execution.ActionExecutor] - <Executing org.apereo.cas.web.flow.login.InitializeLoginAction@65338763> 2019-02-06 17:13:47,322 INFO [org.apereo.cas.web.flow.login.InitializeLoginAction] - <Initialized Quest login sequence, original request URL: http://localhost:8180/cas5/login> Now we lost the service parameter as you can see in the last line. On Wednesday, February 6, 2019 at 4:42:09 PM UTC-5, rbon wrote: Yan, The log in flow that exists when CAS is running is considerably more complex than the xml file that is in the code base. A number of features will modify the flow. It may be possible that your 'checkLoginUser' is not being executed where/when in the flow you think. I have a gist, https://gist.github.com/rbonatuvic/d3ef9e8dc0c5a78870a8520bc2ab2b74, that will format the login flow during startup. Use this to see what the flow looks like when your custom configuration is being configured. Where is 'checkLoginUserAction' defined? Ray On Wed, 2019-02-06 at 11:02 -0800, Yan Zhou wrote: Hi, I made some customization on the login flow, see all login related code/configuration below. I read this in CAS 5.3.X documentation: If “service” was specified to /login, “service” MUST also be a parameter of the form, containing the value originally passed to /login. Is this saying the Form in casLoginView.html should have "service" parameter, along with username & password? With the sample overlay project, I did not see "service" parameter in the form, but this works fine, i.e., if credential is incorrect, it keeps "service" parameter. This is my complete login webflow. <?xml version="1.0" encoding="UTF-8"?> <flow xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/webflow" xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd"> <action-state id="initializeLoginForm"> <evaluate expression="initializeLoginAction" /> <transition on="success" to="viewLoginForm"/> </action-state> <view-state id="viewLoginForm" view="casLoginView" model="credential"> <binder> <binding property="username" required="true"/> <binding property="password" required="true"/> </binder> <transition on="submit" bind="true" validate="true" to="realSubmit" history="invalidate"/> <transition on="forgotPassword" to="forgotPwdSubFlow"/> </view-state> <action-state id="realSubmit"> <evaluate expression="authenticationViaFormAction"/> <transition on="warn" to="warn"/> <transition on="success" to="checkLoginUser"/> <transition on="successWithWarnings" to="showAuthenticationWarningMessages"/> <transition on="authenticationFailure" to="handleAuthenticationFailure"/> <transition on="error" to="initializeLoginForm"/> </action-state> <action-state id="checkLoginUser"> <evaluate expression="flowScope.forgotPasswordFlow=false" /> <evaluate expression="checkLoginUserAction" /> <transition on="changeLoginUserPassword" to="casMustChangePassView" /> <transition on="setupEmail" to="confirmEmailAddress" /> <transition on="success" to="createTicketGrantingTicket" /> <transition on="error" to="initializeLoginForm" /> </action-state> <view-state id="confirmEmailAddress" view="casConfirmEmailAddressView" model="emailAddressValue"> <binder> <binding property="emailAddress" /> <binding property="confirmEmailAddress" /> </binder> <transition on="submit" bind="true" validate="true" to="realChangeEmail"/> </view-state> <action-state id="realChangeEmail"> <evaluate expression="confirmEmailAddressAction" /> <transition on="success" to="createTicketGrantingTicket" /> <transition on="error" to="confirmEmailAddress" /> </action-state> </flow> package org.apereo.cas.config; import javax.sql.DataSource; import org.apereo.cas.adaptors.jdbc.QuestAuthenticationHandler; import org.apereo.cas.authentication.AuthenticationEventExecutionPlan; import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer; import org.apereo.cas.authentication.AuthenticationHandler; import org.apereo.cas.configuration.CasConfigurationProperties; import org.apereo.cas.services.ServicesManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.AutoConfigureAfter; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.transaction.annotation.EnableTransactionManagement; import com.quest.hub.cas.entity.UserRepository; @Configuration("QuestAuthenticationEventExecutionPlanConfiguration") @AutoConfigureAfter(QuestDatabaseConfiguration.class) @EnableConfigurationProperties(CasConfigurationProperties.class) @EnableTransactionManagement(proxyTargetClass = true) public class QuestAuthenticationEventExecutionPlanConfiguration implements AuthenticationEventExecutionPlanConfigurer { private static final Logger logger = LoggerFactory.getLogger(QuestAuthenticationEventExecutionPlanConfiguration.class); @Autowired private CasConfigurationProperties casProperties; @Autowired @Qualifier("servicesManager") private ServicesManager servicesManager; @Autowired @Qualifier("casDataSource") DataSource dataSource; @Autowired private UserRepository userRepository; @Bean public AuthenticationHandler questAuthenticationHandler() { final QuestAuthenticationHandler handler = new QuestAuthenticationHandler("questAuthHandler", servicesManager, null, 0, dataSource, userRepository); return handler; } @Override public void configureAuthenticationExecutionPlan(final AuthenticationEventExecutionPlan plan){ plan.registerAuthenticationHandler(questAuthenticationHandler()); } } package org.apereo.cas.adaptors.jdbc; import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import java.util.Date; import java.util.HashMap; import java.util.Map; import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.sql.DataSource; import org.apache.commons.lang3.time.DateUtils; import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult; import org.apereo.cas.authentication.BasicCredentialMetaData; import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult; import org.apereo.cas.authentication.UsernamePasswordCredential; import org.apereo.cas.authentication.exceptions.AccountDisabledException; import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException; import org.apereo.cas.authentication.exceptions.AccountTemporaryLockedException; import org.apereo.cas.authentication.exceptions.OneMoreAttemptLoginException; import org.apereo.cas.authentication.exceptions.TwoMoreAttemptLoginException; import org.apereo.cas.authentication.principal.PrincipalFactory; import org.apereo.cas.services.ServicesManager; import org.apereo.cas.util.PasswordDigest; import org.springframework.dao.DataAccessException; import com.quest.hub.cas.entity.User; import com.quest.hub.cas.entity.UserRepository; import lombok.extern.slf4j.Slf4j; /** */ @Slf4j public class QuestAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler { private UserRepository userRepo; public QuestAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order, DataSource dataSource, UserRepository userRepo) { super(name, servicesManager, principalFactory, order, dataSource); this.userRepo = userRepo; } protected final AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException { try { User user = userRepo.findByLoginNameIgnoreCase(credential.getUsername()); validateUser(user); if (!user.isEmployee()) { return authenticateNonEmployee(credential, user); } else { throw new FailedLoginException("Login failed: do not support employee login yet."); } } catch (DataAccessException ex) { LOGGER.error("Looking up user error: " + credential.getUsername(), ex); throw new FailedLoginException("Login failed: cannot find user"); } } org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ org.apereo.cas.config.QuestAuthenticationEventExecutionPlanConfiguration,\ org.apereo.cas.config.EmbeddedTomcatDatabaseConfiguration,\ org.apereo.cas.config.QuestDatabaseConfiguration,\ org.apereo.cas.config.EnvironmentConfig,\ org.apereo.cas.config.CollaborationConfiguration,\ org.apereo.cas.config.pm.JdbcPasswordManagementConfiguration,\ org.apereo.cas.web.config.QuestCasSupportActionsConfiguration Thx! On Wednesday, February 6, 2019 at 1:35:57 PM UTC-5, rbon wrote: Yan, Can you post your code? Ray On Wed, 2019-02-06 at 10:00 -0800, Yan Zhou wrote: Hi there, I extended CAS 5.3.4. The app. redirects to CAS login page with service parameter. When I type incorrect credential, I saw the invalid credential message, but I lost service parameter, the screen refreshes to have only the CAS url. What could be missing in my code? Thx! -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca<javascript:> -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1549493715.3601.114.camel%40uvic.ca.