I have nothing configured or defined for endpoints or actuators besides
what is default set by cas, we have never used those. I went back and
configured according to
management.endpoint.webAuthnDevices.enabled=true
management.endpoints.web.exposure.include=*
cas.monitor.endpoints.endpoint.webAuthnDevices.access=PERMIT
even tried ANONYMOUS below, which makes all actuators work, I can even pull
/cas/actuator/webAuthnDevices/username anonymously and gets devices for
user. I don't think the endpoint webAuthnDevices controls the end user
registration page as it falls under/webauthn/register and NOT
/cas/actuator/webAuthnDevices
cas.monitor.endpoints.endpoint.defaults.access=ANONYMOUS
Below is debug output,
2023-01-31 09:05:41,149 DEBUG
[org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the
received exception
[org.springframework.security.access.AccessDeniedException: Access is
denied] due to a type mismatch with handler
[org.apereo.cas.webauthn.web.WebAuthnController#startRegistration(String,
String, String, boolean, String, HttpServletRequest, HttpServletResponse)]>
And browser POST response to /webauthn/register , base64 decoded is
--- !<java.util.LinkedHashMap>
timestamp: "2023-01-31T15:05:41.161+00:00"
status: 403
error: "Forbidden"
path: "/cas/webauthn/register"
On Monday, January 30, 2023 at 11:16:42 PM UTC-6 micha...@gmail.com wrote:
> Hi,
> have you, by any chance, configured spring security for the webauthn
> endpoint?
>
> Best regards,
>
> Michal Vocu
>
> On 1/26/23 19:03, John wrote:
>
> When trying to register a new device, the POST request to
> /webauthn/register is failing from spring security, access denied, http 403.
>
> Commenting out the below within
> (support/cas-server-support-webauthn-core/src/main/java/org/apereo/cas/webauthn/web/WebAuthnController.java)
>
> got it working again,
>
> @PreAuthorize("isAuthenticated()")
>
> Looks like it was added in 6.4.x release, is anyone else not having a
> registration issue?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5ad6db18-8a87-41e9-8216-98f6c1fa8492n%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5ad6db18-8a87-41e9-8216-98f6c1fa8492n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c3df6fd1-38d1-42cf-a8bc-8f9e8848e2f7n%40apereo.org.
