Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 19:58
    codecov[bot] commented #4963
  • 19:57
    codecov[bot] commented #4963
  • 19:32
    apereocas-bot labeled #4963
  • 19:32
    apereocas-bot labeled #4963
  • 19:32
    apereocas-bot labeled #4963
  • 19:32
    apereocas-bot milestoned #4963
  • 19:32
    marwatk opened #4963
  • 19:26
    codecov[bot] commented #4962
  • 19:25
    codecov[bot] commented #4962
  • 19:24
    codecov[bot] commented #4962
  • 19:02
    marwatk synchronize #4962
  • 17:01
    codecov[bot] commented #4962
  • 17:00
    codecov[bot] commented #4962
  • 16:59
    codecov[bot] commented #4962
  • 16:58
    codecov[bot] commented #4962
  • 16:58
    codecov[bot] commented #4962
  • 16:05
    marwatk commented #4962
  • 16:04
    apereocas-bot labeled #4962
  • 16:04
    apereocas-bot labeled #4962
  • 16:04
    apereocas-bot labeled #4962
Lavkumarking
@Lavkumarking
hey guys i am getting this issue while deplying in jboss
Lavkumarking
@Lavkumarking
Caused by: java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupportEnhancerBySpringCGLIBEnhancerBySpringCGLIB51689c97.<init>()"}}
08:27:53,767 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "cas-server-webapp-6.2.4-SNAPSHOT.war" (runtime-name : "cas-server-webapp-6.2.4-SNAPSHOT.war")
08:27:53,768 INFO [org.jboss.as.controller] (DeploymentScanner-threads - 2) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."cas-server-webapp-6.2.4-SNAPSHOT.war".undertow-deployment: java.lang.RuntimeException: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'threadContextMDCServletFilter' defined in class path resource [org/apereo/cas/logging/config/CasLoggingConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.FilterRegistrationBean]: Factory method 'threadContextMDCServletFilter' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultTicketRegistrySupport' defined in class path resource [org/apereo/cas/config/CasCoreTicketsConfiguration.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.aop.framework.AopConfigException: Unable to instantiate proxy using Objenesis, and regular proxy instantiation via default constructor fails as well; nested exception is java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport$$E
Lavkumarking
@Lavkumarking
Caused by: java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupportEnhancerBySpringCGLIBEnhancerBySpringCGLIB51689c97.<init>()"}}
08:27:53,767 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "cas-server-webapp-6.2.4-SNAPSHOT.war" (runtime-name : "cas-server-webapp-6.2.4-SNAPSHOT.war")
08:27:53,768 INFO [org.jboss.as.controller] (DeploymentScanner-threads - 2) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."cas-server-webapp-6.2.4-SNAPSHOT.war".undertow-deployment: java.lang.RuntimeException: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'threadContextMDCServletFilter' defined in class path resource [org/apereo/cas/logging/config/CasLoggingConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.FilterRegistrationBean]: Factory method 'threadContextMDCServletFilter' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultTicketRegistrySupport' defined in class path resource [org/apereo/cas/config/CasCoreTicketsConfiguration.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.aop.framework.AopConfigException: Unable to instantiate proxy using Objenesis, and regular proxy instantiation via default constructor fails as well; nested exception is java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupportEnhancerBySpringCGLIBEnhancerBySpringCGLIB51689c97.<init>()
Kripal Singh
@kripalsingh
anyone completed build for FIDO2 WebAuthn? , if yes what was the version you used . I attempted to build using cas.version=6.3.0-SNAPSHOT , but ran into dependency hell
Could not find com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.12.0-SNAPSHOT.
Searched in the following locations:
   - file:/C:/Users/test/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - file:/C:/Users/test/.m2/repository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://repo.maven.apache.org/maven2/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://repo.maven.apache.org/maven2/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://jcenter.bintray.com/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://jcenter.bintray.com/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://oss.sonatype.org/content/repositories/snapshots/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://oss.sonatype.org/content/repositories/snapshots/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://repo.spring.io/snapshot/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://repo.spring.io/snapshot/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://oss.jfrog.org/artifactory/oss-snapshot-local/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://oss.jfrog.org/artifactory/oss-snapshot-local/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://dl.bintray.com/uniconiam/maven/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://dl.bintray.com/uniconiam/maven/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://jitpack.io/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://jitpack.io/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
   - https://dl.bintray.com/apereocas/webauthn-cas/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/maven-metadata.xml
   - https://dl.bintray.com/apereocas/webauthn-cas/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0-SNAPSHOT/jackson-jaxrs-json-provider-2.12.0-SNAPSHOT.pom
 Required by:
     project : > org.apereo.cas:cas-server-support-json-service-registry:6.3.0-SNAPSHOT:20201007.054742-143 > com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.12.0-SNAPSHOT:20201002.022700-2 > com.fasterxml.jackson:jackson-bom:2.12.0-SNAPSHOT:20201002.004258-22
Kripal Singh
@kripalsingh
cas.version=6.3.0-SNAPSHOT
springBootVersion=2.3.4.RELEASE
Fafa59
@Fafa59

Hello,

My client has a problem with metadata generation.
In fact, when he changed his certificate, metadata was not genetrated automatically.

To solve this problem we have had to delete the metadat file and restart the service.

But the client don't want to do this.
He wants the metadata to regerate itself when the certificate change.

Is it possible to do this ?
And how to do this ?

Thanks a lot.

Sincerly,
Farid

hsartoris-bard
@hsartoris-bard
@kripalsingh just wanted to chime in with the same issue - it's definitely due to including webauthn, but, despite looking pretty hard, I can't figure out where the dependency override is actually coming from. It only appears in the dependency tree when building the overlay, too, not when compiling the underlying project.
hsartoris-bard
@hsartoris-bard
@kripalsingh I have a workaround, cribbed from the CAS repository: https://gist.github.com/hsartoris-bard/02a12393b36542a2d2da039226420e7a
Kripal Singh
@kripalsingh
thanks i am runnign into missing yubico libs
Caused by: java.lang.IllegalStateException: Failed to introspect Class [org.apereo.cas.config.MongoDbWebAuthnConfiguration] from ClassLoader [ParallelWebappClassLoader
context: cas
delegate: false
----------> Parent Classloader:
java.net.URLClassLoader@b81eda8
]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:481)
at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:358)
at org.springframework.util.ReflectionUtils.getUniqueDeclaredMethods(ReflectionUtils.java:414)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.lambda$getTypeForFactoryMethod$2(AbstractAutowireCapableBeanFactory.java:742)
at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1737)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getTypeForFactoryMethod(AbstractAutowireCapableBeanFactory.java:741)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.determineTargetType(AbstractAutowireCapableBeanFactory.java:680)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:648)
at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1614)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doGetBeanNamesForType(DefaultListableBeanFactory.java:523)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:495)
at org.springframework.boot.autoconfigure.condition.OnBeanCondition.collectBeanNamesForType(OnBeanCondition.java:238)
at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getBeanNamesForType(OnBeanCondition.java:231)
at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getBeanNamesForType(OnBeanCondition.java:221)
at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getMatchingBeans(OnBeanCondition.java:169)
at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getMatchOutcome(OnBeanCondition.java:119)
at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:47)
... 59 more
Caused by: java.lang.NoClassDefFoundError: com/yubico/webauthn/core/RegistrationStorage
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174)
at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2418)
at org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:865)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1334)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1188)
at java.base/java.lang.Class.getDeclaredMethods0(Native Method)
at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3166)
at java.base/java.lang.Class.getDeclaredMethods(Class.java:2309)
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:463)
... 75 more
hsartoris-bard
@hsartoris-bard
Yeah currently debugging the same thing. It also occurs even without a storage method defined
@kripalsingh do you have a local copy of the source?
Kripal Singh
@kripalsingh
@hsartoris-bard No i do not
hsartoris-bard
@hsartoris-bard
@kripalsingh Hm, depending on how interested you are in testing webauthn it might be worth cloning it and running the bci alias given at the end of this page on the master branch. Something has changed from 6.3.0-RC3 to master such that the above error doesn't arise anymore.
You'd have to update your gradle.properties to indicate 6.3.0-SNAPSHOT
Also, be aware that you should probably parameterize the version specified in overrides.gradle in gradle.properties or something, and in general get rid of that snippet as soon as it's no longer necessary, otherwise you'll probably encounter weird Jackson version issues in the future due to unintended version pinning
Kripal Singh
@kripalsingh
@hsartoris-bard i am not interested in building from source as that might lead us into a different issues on production plaforms , any ides where is the com.yubico.webauthn.core.RegistrationStorage located and how to inclue it ? thanks
ssrinathraju
@ssrinathraju
Hi Anyone
I'm trying to get the response for /status/health API in Apereo CAS 5.3 
endpoints.enabled = true
endpoints.sensitive = false
endpoints.actuator.enabled = true
management.security.enabled = false
cas.adminPagesSecurity.ip = 127\\.0\\.0\\.1
cas.adminPagesSecurity.actuatorEndpointsEnabled = true
cas.monitor.endpoints.enabled = true
cas.monitor.endpoints.sensitive = false
Using these properties as mentioned above
But still, I'm getting Access Denied error
@virgium03
Andreich2010
@Andreich2010
Hello, Friends!
I'm setting up CAS for SPNERGO. I have little experience in JAVA. Can someone show an example of cas.properties for Kerberos?
Thank you in advance
hsartoris-bard
@hsartoris-bard
@kripalsingh if you're not interested in messing with the source (which is fair) then I would suggest holding off on implementing webauthn. In my testing, being able to dive into the source has been somewhat important. As yet there are also some rough edges. What I mean to say by suggesting compiling the source is not to deploy that to production, but to acknowledge that you're treading into bleeding-edge features and will need to be able to support yourself to some extent.
In any case, I would suggest tracking down the Yubico Github repo for the relevant artifact and locating RegistrationStorage if you're intent on using it with RC3
Kripal Singh
@kripalsingh
@hsartoris-bard Thanks for your help , I was able to build and deploy the CAS but unable to activate the webauthn flow . Do you the device registration URL for webauthn
hsartoris-bard
@hsartoris-bard
@kripalsingh the same requirements as usual for MFA providers apply for getting it to activate. Start by making sure that your test service identifies mfa-webauthn as an allowed provider, and that your MFA triggering policy is selecting mfa-webauthn for your test account. In all of this it will likely be necessary to increase the log level to debug at least.
Kripal Singh
@kripalsingh
@hsartoris-bard i attempted to set up MFA for webauthn with keycas.authn.mfa.web-authn.id=web-authn but i do not see it as MFA provider in supported list https://apereo.github.io/cas/development/mfa/Configuring-Multifactor-Authentication.html#supported-providers
Kripal Singh
@kripalsingh
running into the issue of WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <class org.apereo.cas.authentication.AuthenticationException: Transition definition cannot be found for event web-authn>
hsartoris-bard
@hsartoris-bard
Yeah I would recommend leaving the id parameter unset and using the built-in 'mfa-webauthn'
Kripal Singh
@kripalsingh
@hsartoris-bard i made the recommended changes i got this error 2020-10-14 14:43:16,728 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.webauthn.web.flow.WebAuthnAccountCheckRegistrationAction@ad2154a in state 'accountRegistrationCheck' of flow 'mfa-webauthn' -- action execution attributes were 'map['resolvedAuthenticationEvents' -> list[mfa-webauthn]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.webauthn.web.flow.WebAuthnAccountCheckRegistrationAction@ad2154a in state 'accountRegistrationCheck' of flow 'mfa-webauthn' -- action execution attributes were 'map['resolvedAuthenticationEvents' -> list[mfa-webauthn]]'
Carlos
@travisbrkr1234

Hello, I am attempting to use an MFA flow in addition to a First Party OAuth2 flow and having some issues. To be clear, we currently have a working service using MFA and are able to complete the registration/authenticator device registration flow. We also have a different service using OAuth2 and are able to authorize and get an access/refresh token successfully.

Some detail to the issue: When debugging the DefaultMultifactorAuthenticationProviderWebflowEventResolver (which appears to show an activated state for the mfa-gauth trigger) we are noticing that the event skips passed the DefaultMultifactorAuthenticationTrustedDeviceBypassEvaluator and the DefaultChainingMultifactorAuthenticationBypassProvider. However, we do see a valid, matching policy in the call stack for the request in RegisteredServiceMultifactorAuthenticationTrigger.

I can provide more info, I was just not sure how verbose to be
Carlos
@travisbrkr1234
I get that this might be a cross of paradigms, as an OAuth token can be present without a user session after the initial grant. Does anybody know if this means that MFA and OAuth2 do not play nice together in CAS? BTW we are using CAS 6.2.1
xgdz
@xgdz
Hello everyone!How to configure multiple LDAP connections in cas5. 3,Now I can only configure one LDAP connection。
Sheldon
@peterzha
Can spnego authentication mode support a highly available deployment ? Why it does not work when I add a nginx server between a client browser and the cas server which is configured to use spnego authentication mode? The nginx proxy upstream I configured domain name already,but it alse dosen't work.
Łukasz
@lgwozniak
Anyone got problem with remember me in version 6.2.1 ?
Andreich2010
@Andreich2010
image.png
I'm having problems with Kerberos.
The keys and principals are correct, the account is active.
But you can't log in. (version 6.3.0)
Kripal Singh
@kripalsingh
@hsartoris-bard i was successfully able to test the wenauthn flow on my device , is there a way to go passwordless with webauthn flow ?
Fabrice Bacchella
@fbacchella
do you have a common set of encription algorithm ?
klist -e might help you
Sheldon
@peterzha
Is your keytab file on the cas server correct?
hsartoris-bard
@hsartoris-bard
@kripalsingh Start here: https://apereo.github.io/cas/development/installation/Passwordless-Authentication.html
You will need to set cas.authn.passwordless.multifactor-authentication-activated=true and then flag the target accounts as eligible as demonstrated in the example here. Unfortunately, I am not aware of how to integrate flagging the account with the webauthn repository; i.e., to ask it who is registered and flag as such. I'm sure there is a way but I do not know of it at this time.
Kripal Singh
@kripalsingh
@hsartoris-bard thanks
hsartoris-bard
@hsartoris-bard
@kripalsingh np, good luck
fotis120
@fotis120

Good morning to everyone.

I am currently trying to run a build in the master branch and I am receiving the following error:
Could not determine the dependencies of task ':support:cas-server-support-simple-mfa-core:compileTestJava'.

Could not resolve all dependencies for configuration ':support:cas-server-support-simple-mfa-core:testAnnotationProcessor'.
Failed to calculate the value of task ':support:cas-server-support-simple-mfa-core:compileJava' property 'javaCompiler'.
Unable to configure Java installation, probing failed with the following message: A problem occurred starting process 'command '/usr/lib/jvm/openjdk-11/bin/java''

My $JAVA_HOME does not point to this path and I cannot find why the build process searches for java in that particular path.

I face the current problem only when cloning the master branch and trying to run a build.
If I switch to 6.2 branch, the build is successful.

Has anyone else tried to clone and build the master branch and received a similar error?

Pavlos Drandakis
@pdrados
@fotis120 It seems that there is a problem with gradle's toolchain feature, when locating jvm. The build process completes successfully by commenting out lines 181-185 in build.gradle or by adding in gradle.properties the following lines
org.gradle.java.installations.auto-detect=false
org.gradle.java.installations.auto-download=false
org.gradle.java.installations.paths=/THE_PATH_WHERE_YOUR_JDK_IS