Re: [cas-user] Re: MFA DUO for 6.6.7 errors

Wed, 31 May 2023 02:50:34 -0700 

Hi All

I can not understand what's up here bypass

=============================================================

WHO: audit:unknown
WHAT: {result=Service Access Granted, service=
https://guacamole-01:6443/xtam/, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed May 31 08:52:48 UTC 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================

2023-05-31 08:52:48,429 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN

=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Granted, service=
https://guacamole-01:6443/xtam/, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed May 31 08:52:48 UTC 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================

2023-05-31 08:52:48,439 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN

=============================================================
WHO: mfa
WHAT: {ticket=ST-2-********xCvZsnA-guacamole-01, service=
https://guacamole-01:6443/xtam/}
ACTION: SERVICE_TICKET_VALIDATE_SUCCESS
APPLICATION: CAS
WHEN: Wed May 31 08:52:48 UTC 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================

2023-05-31 08:52:48,440 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN

=============================================================
WHO: mfa
WHAT: {principal=mfa, service=https://guacamole-01:6443/xtam/, renew=false, 
gateway=false}
ACTION: PROTOCOL_SPECIFICATION_VALIDATE_SUCCESS
APPLICATION: CAS
WHEN: Wed May 31 08:52:48 UTC 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================

2023-05-31 08:52:48,591 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN

=============================================================
WHO: mfa
WHAT: {principal=mfa, execution=true, provider=mfa-duo}
ACTION: MULTIFACTOR_AUTHENTICATION_BYPASS
APPLICATION: CAS
WHEN: Wed May 31 08:52:48 UTC 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================

2023-05-31 08:52:48,592 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN

=============================================================
WHO: mfa
WHAT: {principal=mfa, execution=true, provider=mfa-duo}
ACTION: MULTIFACTOR_AUTHENTICATION_BYPASS
APPLICATION: CAS
WHEN: Wed May 31 08:52:48 UTC 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================

2023-05-31 08:52:48,602 WARN 
[org.apereo.cas.web.AbstractServiceValidateController] - <Cannot invoke 
"String.equals(Object)" because the return value of 
"org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" 
is null

        
DefaultMultifactorAuthenticationContextValidator.java:lambda$locateRequestedProvider$0:42
        ReferencePipeline.java:accept:178
        Spliterators.java:tryAdvance:1856
>
On Monday, May 29, 2023 at 9:31:32 PM UTC+3 Andrey Nikolaev wrote:

> Hi Ray Bon
>
> This error crashes on both universal and traditional types.
> I know that this key value should not be defined.
> I repeat that when using the 6.5 branch, all versions 6.5.5 - 6.5.9 with 
> this account everything works successfully.
>
> And one more note, the authorization itself in Duo is successful, the 
> prompt for the MFA appears and passes authentication, which is reflected in 
> the admin panel.
> When returning to the application, a URL is generated in which the service 
> parameter is missing, like this:
>
> https://cas-01.domain.com:6443/xtam/?ticket=ST-2-OY-cshfKVULtV7Lnbey0JT0Qwm4-cas-01
>
> already tried all the options
>
> Thank you
>
> On Monday, May 29, 2023 at 7:27:45 PM UTC+3 Ray Bon wrote:
>
>> Andrey,
>>
>> For universal prompt, duo-application-key should be commented out (for 
>> traditional, it should have a value).
>>
>> Ray
>>
>> On Mon, 2023-05-29 at 03:42 -0700, Andrey Nikolaev wrote:
>>
>> Notice: This message was sent from outside the University of Victoria 
>> email system. Please be cautious with links and sensitive information.
>>
>>
>> I can’t understand the reason why Duo doesn’t work for me in the 6.6 
>> branch, more precisely, when I return to the application, an error occurs 
>> Caused by: java.lang.NullPointerException: Cannot invoke 
>> "String.equals(Object)" because the return value of 
>> "org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" 
>> is null
>>         at 
>> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.lambda$locateRequestedProvider$0(DefaultMultifactorAuthenticationContextValidator.java:42)
>>  
>> ~[cas-server-core-authentication-mfa-api-6.6.8.jar:6.6.8]
>>         at 
>> java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:178) 
>> ~[?:?]
>>         at 
>> java.util.Spliterators$IteratorSpliterator.tryAdvance(Spliterators.java:1856)
>>  
>> ~[?:?]
>>         at 
>> java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129)
>>  
>> ~[?:?]
>>         at 
>> java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527)
>>  
>> ~[?:?]
>>
>> Configuration standart
>> #cas.authn.mfa.triggers.global.global-provider-id=mfa-duo
>> cas.authn.mfa.duo[0].duoSecretKey=wUSSJXxbaHyEV1OgTJ1zuTrMJLRdcniPeISPl
>> cas.authn.mfa.duo[0].rank=0
>> cas.authn.mfa.duo[0].duoApplicationKey=
>> cas.authn.mfa.duo[0].duoIntegrationKey=DIWQ5H7JY7XXZDUE6FN3
>> cas.authn.mfa.duo[0].duoApiHost=api-d3751880.duosecurity.com
>> cas.authn.mfa.duo[0].trustedDeviceEnabled=false
>> cas.authn.mfa.duo[0].id=mfa-duo
>> cas.authn.mfa.duo[0].name=Duo
>>
>> and in branch 6.5 everything works fine
>> On Wednesday, May 24, 2023 at 2:07:40 PM UTC+3 Andrey Nikolaev wrote:
>>
>> Hi all
>> I used MFA DUO version 6.5.5 with universal and traditional prompt.
>> When using the new version 6.6.7 and 6.6.8-SNAPSHOT I get an error:
>>
>> 2023-05-22 08:40:35,991 DEBUG 
>> [org.apereo.cas.authentication.DefaultRequestedAuthenticationContextValidator]
>>  
>> - <Multifactor providers eligible for validation are 
>> [[AbstractMultifactorAuthenticationProvider(bypassEvaluator=org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider@7a106341,
>>  
>> failureModeEvaluator=org.apereo.cas.authentication.DefaultMultifactorAuthenticationFailureModeEvaluator@681672fd,
>>  
>> failureMode=CLOSED, id=mfa-duo, order=0)]]>
>> 2023-05-22 08:40:35,995 WARN 
>> [org.apereo.cas.web.AbstractServiceValidateController] - <Cannot invoke 
>> "String.equals(Object)" because the return value of 
>> "org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" 
>> is null>
>> java.lang.NullPointerException: Cannot invoke "String.equals(Object)" 
>> because the return value of 
>> "org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" 
>> is null
>>         at 
>> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.lambda$locateRequestedProvider$0(DefaultMultifactorAuthenticationContextValidator.java:42)
>>  
>> ~[cas-server-core-authentication-mfa-api-6.6.7.jar:6.6.7]
>>         at 
>> java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:178) 
>> ~[?:?]
>>         at 
>> java.util.Spliterators$IteratorSpliterator.tryAdvance(Spliterators.java:1856)
>>  
>> ~[?:?]
>>         at 
>> java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129)
>>  
>> ~[?:?]
>>         at 
>> java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527)
>>  
>> ~[?:?]
>>         at 
>> java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) ~[?:?]
>>         at 
>> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) 
>> ~[?:?]
>>         at 
>> java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) ~[?:?]
>>         at 
>> java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
>>         at 
>> java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647) 
>> ~[?:?]
>>         at 
>> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.locateRequestedProvider(DefaultMultifactorAuthenticationContextValidator.java:42)
>>  
>> ~[cas-server-core-authentication-mfa-api-6.6.7.jar:6.6.7]
>>         at 
>> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.validate(DefaultMultifactorAuthenticationContextValidator.java:66)
>>  
>> ~[cas-server-core-authentication-mfa-api-6.6.7.jar:6.6.7]
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e0b14be1-592d-4094-baf4-eb132451c7bbn%40apereo.org.

Reply via email to