Hi All I can not understand what's up here bypass
============================================================= WHO: audit:unknown WHAT: {result=Service Access Granted, service= https://guacamole-01:6443/xtam/, requiredAttributes={}} ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Wed May 31 08:52:48 UTC 2023 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= 2023-05-31 08:52:48,429 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: {result=Service Access Granted, service= https://guacamole-01:6443/xtam/, requiredAttributes={}} ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Wed May 31 08:52:48 UTC 2023 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= 2023-05-31 08:52:48,439 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: mfa WHAT: {ticket=ST-2-********xCvZsnA-guacamole-01, service= https://guacamole-01:6443/xtam/} ACTION: SERVICE_TICKET_VALIDATE_SUCCESS APPLICATION: CAS WHEN: Wed May 31 08:52:48 UTC 2023 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= 2023-05-31 08:52:48,440 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: mfa WHAT: {principal=mfa, service=https://guacamole-01:6443/xtam/, renew=false, gateway=false} ACTION: PROTOCOL_SPECIFICATION_VALIDATE_SUCCESS APPLICATION: CAS WHEN: Wed May 31 08:52:48 UTC 2023 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= 2023-05-31 08:52:48,591 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: mfa WHAT: {principal=mfa, execution=true, provider=mfa-duo} ACTION: MULTIFACTOR_AUTHENTICATION_BYPASS APPLICATION: CAS WHEN: Wed May 31 08:52:48 UTC 2023 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= 2023-05-31 08:52:48,592 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: mfa WHAT: {principal=mfa, execution=true, provider=mfa-duo} ACTION: MULTIFACTOR_AUTHENTICATION_BYPASS APPLICATION: CAS WHEN: Wed May 31 08:52:48 UTC 2023 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= 2023-05-31 08:52:48,602 WARN [org.apereo.cas.web.AbstractServiceValidateController] - <Cannot invoke "String.equals(Object)" because the return value of "org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" is null DefaultMultifactorAuthenticationContextValidator.java:lambda$locateRequestedProvider$0:42 ReferencePipeline.java:accept:178 Spliterators.java:tryAdvance:1856 > On Monday, May 29, 2023 at 9:31:32 PM UTC+3 Andrey Nikolaev wrote: > Hi Ray Bon > > This error crashes on both universal and traditional types. > I know that this key value should not be defined. > I repeat that when using the 6.5 branch, all versions 6.5.5 - 6.5.9 with > this account everything works successfully. > > And one more note, the authorization itself in Duo is successful, the > prompt for the MFA appears and passes authentication, which is reflected in > the admin panel. > When returning to the application, a URL is generated in which the service > parameter is missing, like this: > > https://cas-01.domain.com:6443/xtam/?ticket=ST-2-OY-cshfKVULtV7Lnbey0JT0Qwm4-cas-01 > > already tried all the options > > Thank you > > On Monday, May 29, 2023 at 7:27:45 PM UTC+3 Ray Bon wrote: > >> Andrey, >> >> For universal prompt, duo-application-key should be commented out (for >> traditional, it should have a value). >> >> Ray >> >> On Mon, 2023-05-29 at 03:42 -0700, Andrey Nikolaev wrote: >> >> Notice: This message was sent from outside the University of Victoria >> email system. Please be cautious with links and sensitive information. >> >> >> I can’t understand the reason why Duo doesn’t work for me in the 6.6 >> branch, more precisely, when I return to the application, an error occurs >> Caused by: java.lang.NullPointerException: Cannot invoke >> "String.equals(Object)" because the return value of >> "org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" >> is null >> at >> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.lambda$locateRequestedProvider$0(DefaultMultifactorAuthenticationContextValidator.java:42) >> >> ~[cas-server-core-authentication-mfa-api-6.6.8.jar:6.6.8] >> at >> java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:178) >> ~[?:?] >> at >> java.util.Spliterators$IteratorSpliterator.tryAdvance(Spliterators.java:1856) >> >> ~[?:?] >> at >> java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) >> >> ~[?:?] >> at >> java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) >> >> ~[?:?] >> >> Configuration standart >> #cas.authn.mfa.triggers.global.global-provider-id=mfa-duo >> cas.authn.mfa.duo[0].duoSecretKey=wUSSJXxbaHyEV1OgTJ1zuTrMJLRdcniPeISPl >> cas.authn.mfa.duo[0].rank=0 >> cas.authn.mfa.duo[0].duoApplicationKey= >> cas.authn.mfa.duo[0].duoIntegrationKey=DIWQ5H7JY7XXZDUE6FN3 >> cas.authn.mfa.duo[0].duoApiHost=api-d3751880.duosecurity.com >> cas.authn.mfa.duo[0].trustedDeviceEnabled=false >> cas.authn.mfa.duo[0].id=mfa-duo >> cas.authn.mfa.duo[0].name=Duo >> >> and in branch 6.5 everything works fine >> On Wednesday, May 24, 2023 at 2:07:40 PM UTC+3 Andrey Nikolaev wrote: >> >> Hi all >> I used MFA DUO version 6.5.5 with universal and traditional prompt. >> When using the new version 6.6.7 and 6.6.8-SNAPSHOT I get an error: >> >> 2023-05-22 08:40:35,991 DEBUG >> [org.apereo.cas.authentication.DefaultRequestedAuthenticationContextValidator] >> >> - <Multifactor providers eligible for validation are >> [[AbstractMultifactorAuthenticationProvider(bypassEvaluator=org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider@7a106341, >> >> failureModeEvaluator=org.apereo.cas.authentication.DefaultMultifactorAuthenticationFailureModeEvaluator@681672fd, >> >> failureMode=CLOSED, id=mfa-duo, order=0)]]> >> 2023-05-22 08:40:35,995 WARN >> [org.apereo.cas.web.AbstractServiceValidateController] - <Cannot invoke >> "String.equals(Object)" because the return value of >> "org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" >> is null> >> java.lang.NullPointerException: Cannot invoke "String.equals(Object)" >> because the return value of >> "org.apereo.cas.authentication.MultifactorAuthenticationProvider.getId()" >> is null >> at >> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.lambda$locateRequestedProvider$0(DefaultMultifactorAuthenticationContextValidator.java:42) >> >> ~[cas-server-core-authentication-mfa-api-6.6.7.jar:6.6.7] >> at >> java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:178) >> ~[?:?] >> at >> java.util.Spliterators$IteratorSpliterator.tryAdvance(Spliterators.java:1856) >> >> ~[?:?] >> at >> java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) >> >> ~[?:?] >> at >> java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) >> >> ~[?:?] >> at >> java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) ~[?:?] >> at >> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) >> ~[?:?] >> at >> java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) ~[?:?] >> at >> java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?] >> at >> java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647) >> ~[?:?] >> at >> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.locateRequestedProvider(DefaultMultifactorAuthenticationContextValidator.java:42) >> >> ~[cas-server-core-authentication-mfa-api-6.6.7.jar:6.6.7] >> at >> org.apereo.cas.authentication.DefaultMultifactorAuthenticationContextValidator.validate(DefaultMultifactorAuthenticationContextValidator.java:66) >> >> ~[cas-server-core-authentication-mfa-api-6.6.7.jar:6.6.7] >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e0b14be1-592d-4094-baf4-eb132451c7bbn%40apereo.org.