Jeremy, Assuming _no_ changes to cas (config, UI, upgrades, etc), it may be a cookie issue. Does this happen in a private window?
In browser dev tools, check the value of cookies sent and received from cas. If you have multiple cas hosts, is this isolated to only one of them? Ray On Tue, 2025-02-04 at 23:03 +0000, Wickham, Jeremy wrote: You don't often get email from jeremy.wick...@msstate.edu. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Here for the past week or so I have had quite a few users receive the MFA Unavailable screen after they Duo Authenticate. Duo shows a successful authentication, but when it is returned back to CAS, it appears to throw a DecryptionException. I cannot recreate this behavior myself, but I do have one coworker who can. I have turned on trace on quite a few packages to attempt to, I have found the following stacktrace, Any idea how I can diagnose this? 2025-02-04 15:09:52,977 TRACE [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] - <Received Duo Security state [XXXXXXXXXXXXXXXXXXXXXXXXX]> 2025-02-04 15:09:52,977 WARN [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] - <DecryptionException> org.apereo.cas.util.crypto.DecryptionException: null at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:96) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:36) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:140) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:156) ~[cas-server-core-util-api-7.0.9.jar:7.0.9] at org.apereo.cas.pac4j.BrowserWebStorageSessionStore.buildFromTrackableSession(BrowserWebStorageSessionStore.java:68) ~[cas-server-support-pac4j-api-7.0.9.jar:7.0.9] at org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.handleDuoSecurityUniversalPromptResponse(DuoSecurityUniversalPromptValidateLoginAction.java:96) ~[cas-server-support-duo-core-7.0.9.jar:7.0.9] Thanks, -Jeremy ________________________ Jeremy Wickham Mississippi State University jeremy.wick...@msstate.edu<mailto:jeremy.wick...@msstate.edu> Webex Personal Room: https://msstate.webex.com/meet/jrw16 -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e0538b44114627fdad88bc63126726cce5e098e.camel%40uvic.ca.
