Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 00:03
    codecov[bot] commented #5487
  • 00:01
    codecov[bot] commented #5487
  • Jul 02 23:46
    codecov[bot] commented #5487
  • Jul 02 23:43
    codecov[bot] commented #5487
  • Jul 02 23:41
    codecov[bot] commented #5487
  • Jul 02 23:36
    codecov[bot] commented #5487
  • Jul 02 23:34
    codecov[bot] commented #5487
  • Jul 02 23:33
    codecov[bot] commented #5487
  • Jul 02 23:32
    codecov[bot] commented #5487
  • Jul 02 23:31
    codecov[bot] commented #5487
  • Jul 02 23:30
    codecov[bot] commented #5487
  • Jul 02 23:28
    codecov[bot] commented #5487
  • Jul 02 23:25
    codecov[bot] commented #5487
  • Jul 02 23:24
    codecov[bot] commented #5487
  • Jul 02 23:22
    codecov[bot] commented #5487
  • Jul 02 23:20
    codecov[bot] commented #5487
  • Jul 02 23:18
    codecov[bot] commented #5487
  • Jul 02 23:16
    codecov[bot] commented #5487
  • Jul 02 23:14
    codecov[bot] commented #5487
  • Jul 02 23:10
    codecov[bot] commented #5487
Daniel Maldonado
@dannymk
No dice: 2022-04-11 21:05:29,241 ERROR [org.apereo.cas.pm.web.flow.actions.VerifyPasswordResetRequestAction] - <Password reset token could not be located or verified>
tomcat | java.lang.IllegalArgumentException: SQL must not be null
The thing is that Authentication and attribute release to my app is working without a problem. It is just the "password recovery" option that I am having difficulty with.
Hmmm... "None of the principal resolvers in the chain where able to produce a principal" reported by ChainingPrincipalResolver.
Daniel Maldonado
@dannymk
Hmmm... After matching the property names to the 6.4.4.2 version it I am getting: "No service is available to determine event for principal". which is getting me closer.
@billjojo Heads up! The property names are different in 6.4.x
Daniel Maldonado
@dannymk
OK, so it seems my PrincipalResolver is the issue. Now to try to figure that out.
Daniel Maldonado
@dannymk
@billjojo Alright, now I am definitely lost. I am going to have to create a project to make it available and see if anyone can figure this out.
I turned on debugging, attribute resolution looks good in the log but I still cannot do things like: <shiro:principal property="firstName" />
Daniel Maldonado
@dannymk
@billjojo Upgraded to 6.5.2 and everything is working as expected :-). Thank you for your help.
Daniel Maldonado
@dannymk
OK, unfortunately I spoke too soon, ran into the same problem that this person is having: https://groups.google.com/a/apereo.org/g/cas-user/c/kfOyXA8WSNA
The pattern: cas.authn.pm.core.password-policy-pattern=^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[$@$!%?&])[A-Za-z\d$@$!%?&]{8,20}
No matter what pattern we type into the password boxes we get: "Password does not match the password policy requirement."
dhanesh238
@dhanesh238

Hi.. I am using CAS 6.4.6.2 version with x509 REST authentication. Have noticed that 'x509RestHttpRequestCredentialFactoryConfigurer' from 'X509RestConfiguration.java' is getting initialized twice. Because of this, CAS is not starting up and getting the following stacktrace. Similar use-case on CAS 6.3.4 is working fine. Seems like something is changed in CAS 6.4.x which is causing this issue. Have cross-verified if there are any duplicate jars which might be causing the issue as well.

Following are the jars added to CAS war for enabling x509:

cas-server-core-api-throttle-6.4.6.2.jar
cas-server-core-authentication-throttle-6.4.6.2.jar
cas-server-core-rest-6.4.6.2.jar
cas-server-core-webflow-6.4.6.2.jar
cas-server-core-webflow-api-6.4.6.2.jar
cas-server-support-rest-6.4.6.2.jar
cas-server-support-rest-core-6.4.6.2.jar
cas-server-support-rest-x509-6.4.6.2.jar
cas-server-support-throttle-6.4.6.2.jar
cas-server-support-throttle-core-6.4.6.2.jar
cas-server-support-x509-6.4.6.2.jar
cas-server-support-x509-core-6.4.6.2.jar
cas-server-support-x509-webflow-6.4.6.2.jar

Stacktrace:

2022-04-07 16:47:58,902 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <building REST credential factory from [[org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1489/0x0000000100d06840@79c849c7, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3]]>
2022-04-07 16:47:58,903 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1489/0x0000000100d06840@79c849c7]>
2022-04-07 16:47:58,905 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3]>
2022-04-07 16:47:58,910 TRACE [org.apereo.cas.support.x509.rest.config.X509RestConfiguration] - <Is certificate extractor available? = [org.apereo.cas.adaptors.x509.authentication.RequestHeaderX509CertificateExtractor@8c3b634], headerAuth = [true], bodyAuth = [true], tlsClientAuth = [false]>
2022-04-07 16:47:58,917 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceTicketResource' defined in class path resource [org/apereo/cas/config/CasRestConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.rest.resources.ServiceTicketResource]: Factory method 'serviceTicketResource' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'restHttpRequestCredentialFactory' defined in class path resource [org/apereo/cas/rest/config/CasCoreRestConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.rest.factory.RestHttpRequestCredentialFactory]: Factory method 'restHttpRequestCredentialFactory' threw exception; nested exception is java.lang.ClassCastException: class com.sun.proxy.$Proxy282 cannot be cast to class org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer (com.sun.proxy.$Proxy282 and org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @3cbbc1e0)>
1 reply
billjojo
@billjojo
@dannymk the following pass in Java matches(): ^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%?&])[A-Za-z\\d$@$!%?&]{8,20} and ^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[@$!%?&])[A-Za-z0-9d@$!%?&]{8,20}
Daniel Maldonado
@dannymk
Yup, that first pattern passes. Thank you.
billjojo
@billjojo
That is because the backslashes need to be escaped so \d must be written as \\d. I always just use [0-9], but I am an old crank who gets stuck in the old ways on occasion. :-)
Palmurugan
@palmuruganchandran
Hi Team, I am trying to generate JWT token using 6.6.X gradle overlay. I did all the configuration mentioned in the documentation.

JWT Token Details

cas.authn.token.crypto.encryption-enabled=true
cas.authn.token.crypto.signing-enabled=true

cas.authn.token.crypto.encryption.key=tfvWcDVrxhIX7_d9mfLBXfRAmRZawFSPxwkXQtFwtuU
cas.authn.token.crypto.signing.key=qQhJicEW7P019WYG1VuJz8X8SowI2nXhbTIPNeFs5iTZ8hg6CLt1wB7e3vHC_oMJRE_am4x41In_y5IV9j_unQ

But still its not generating the JWT token. I am getting ST Token only.
Can anyone please guide me.
I am getting the below log
2022-04-12 22:45:39,203 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [RegisteredServiceJwtTicketCipherExecutor] will attempt to produce plain objects>
@billjojo
billjojo
@billjojo

@palmuruganchandran Looks like cas.authn.token.crypto.signing.key-size=512 cas.authn.token.crypto.encryption.key-size=512 are the defaults.

You can run wget https://raw.githubusercontent.com/apereo/cas/master/etc/jwk-gen.jar

Then java -jar jwk-gen.jar -t oct -s 512 | grep k.: | cut -f4 -d\" for each.

Palmurugan
@palmuruganchandran
@billjojo I have generated both and updated properties but still I am not getting the JWT token. Kindly help me
cas.authn.token.crypto.encryption.key=urcOPA6okI_UPhUdr7mDmzgl2BTan55Qmqh0n5tZNgsGTxv-6XKGqc-6r9z2ogS8VORHrH6Om9ZJLyVD5Pnz8Q
cas.authn.token.crypto.signing.key=gKAejbstj8HuELbfwampu9zOT6lyd-Jm5Ylj33yESnsnT5WwwEi3240BY5RnqtjMcWdVtiUYoA4l9-EKi7KnNg
2022-04-13 07:12:49,953 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not enabled for [Token/JWT Tickets]. The cipher [RegisteredServiceJwtTicketCipherExecutor] will only attempt to produce signed objects>
2022-04-13 07:12:49,953 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [RegisteredServiceJwtTicketCipherExecutor] will attempt to produce plain objects>
Palmurugan
@palmuruganchandran
cas.authn.token.principal-transformation.groovy.location=
is this property mandatory, if it so what value I have to provide
billjojo
@billjojo
@palmuruganchandran Have you tested this with 6.5.2 or 6.4.6.2? As 6.6 is RC1, I am wondering if this may be a bug. Unless the docs are incorrect, encryption and signing are on by default and the order is ENCRYPT_AND_SIGN. You may want to turn on debugging in the log to see if there is another clue to be found.
Palmurugan
@palmuruganchandran
@billjojo Thank you, I just tried the same with 6.5.2. Its working as expected.
Palmurugan
@palmuruganchandran
@billjojo I am integrating oAuth now. As part of that I have added the dependency and created service. Now I am able to get the code but not able to get the accessToken. I am getting below error.
2022-04-15 19:37:43,380 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Access token request is not supported>
java.lang.UnsupportedOperationException: Access token request is not supported
My Service
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"serviceId" : "^(https|imaps)://cas-client.com/.*",
"name" : "oauthservice",
"id" : 1,
"bypassApprovalPrompt": true
}
Kindly help me
Palmurugan
@palmuruganchandran
@billjojo Kindly advice me what I have to do for the above error
jojowil
@jojowil
@palmuruganchandran I was on holiday. OAuth is not my area of expertise, but I would say your config is incomplete. Please see the service properties and sample configs near the bottom of https://apereo.github.io/cas/6.5.x/authentication/OAuth-Authentication-TokenExpirationPolicy.html
Palmurugan
@palmuruganchandran
Thank you @jojowil I ll try the same.
TimPionnier
@TimPionnier
Hi, did anyone manage to implement fido webauthn with cas 6.5. I am new with cas and kinda struggling
TimPionnier
@TimPionnier
Actually, to be more precise, I am trying to understand how to fill these requirements: cas.authn.mfa.web-authn.core.application-id , cas.authn.mfa.web-authn.core.relying-party-id
SpaceFox
@SpaceFox

Hy everyone,
I try to run Spring Boot "integration tests" on an Apereo CAS overlay.
I have this test class with JUnit 5 and CAS 6.5.x:

@ExtendWith(SpringExtension.class)
@ActiveProfiles({"test"})
@SpringBootTest(webEnvironment =  SpringBootTest.WebEnvironment.RANDOM_PORT,
                classes = {
                        MyConfigurationClasses.class
                })
class RunTest {

    @Test
    public void run() {
        // Test the starting of SpringBoot application
    }
}

My application works fine when launched by hand with the "test" profile, but in the test context, I only got a Unable to start ServletWebServerApplicationContext due to missing ServletWebServerFactory bean. exception.
If someone has any idea of why this error?

mijutu
@mijutu:ellipsis.fi
[m]
I'm logging in with mfa: first ldap then gauth. But there is only GoogleAuthenticatorAuthenticationHandler in <cas:successfulAuthenticationHandlers> and no LdapAuthenticationHandler. Is there some setting I could change to get LdapAuthenticationHandler there too or is this a bug?
Palmurugan
@palmuruganchandran
Hi I configured oAuth related configuration that you mentioned @jojowil But still I am getting the below exception. Please help me

============= OAuth ==================================

cas.authn.oauth.access-token.crypto.encryption.key=92KEd0m4i9q0DjT8BoYRcN3MDjhhM4QSB6qR0elMhdVoKk4_RMW9jterIIVehJmoo5RMp5wbZtwyz7iHOtfFxw
cas.authn.oauth.access-token.crypto.signing.key=ucoR35oNkUPQzCmlmjFsqsdj2JRXrdjZKd58_a7LlFALIOn2ku8wL9ufdvkR9rkF4fG1J9ym_uH6aU53g_MqBQ
cas.authn.oauth.crypto.encryption.key=TSQouPQPwnOcEIbsWJ8ETWujJQy_SnEaOjGJ544UPVRl36fzu6AH0JjsUkHNWADfIUFli5hZ2uqy7uYvvByQTQ
cas.authn.oauth.crypto.signing.key=9yJv_k8A_AuJEjHtWb01GIuWenKPP4hG76mZLy4HL2ojhdEWN0EFlHws2Ms0fCtrqLP9bBc3TSQMOeOqkcilRg

cas.authn.oauth.code.number-of-uses=1
cas.authn.oauth.code.remove-related-access-tokens=false
cas.authn.oauth.code.storage-name=oauthCodesCache
cas.authn.oauth.code.time-to-kill-in-seconds=30

cas.authn.oauth.access-token.crypto.enabled=false
cas.authn.oauth.access-token.crypto.signing-enabled=false
cas.authn.oauth.access-token.crypto.encryption-enabled=false

======================================================

2022-04-28 22:11:58,625 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Access token request is not supported>
java.lang.UnsupportedOperationException: Access token request is not supported
at org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.lambda$verifyAccessTokenRequest$2(OAuth20AccessTokenEndpointController.java:187) ~[cas-server-support-oauth-core-api-6.5.3.jar!/:6.5.3]
2022-04-28 22:11:58,625 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Access token request is not supported> java.lang.UnsupportedOperationException: Access token request is not supported at org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.lambda$verifyAccessTokenRequest$2(OAuth20AccessTokenEndpointController.java:187) ~[cas-server-support-oauth-core-api-6.5.3.jar!/:6.5.3]
Palmurugan
@palmuruganchandran
{
"grant_type": "authorization_code",
"client_id": "clientid",
"client_secret": "clientSecret",
"code": "OC-1-2hshFPar2So9iu91ke504xq69vK-5MzQ",
"redirect_uri": "https://cas-client.com/intermediate"
}