This browser storage state decryption issue might have been fixed in 7.1.x (no, I don’t have a specific commit info). Just need to try it out.
Best, D. On Tue, Feb 4, 2025 at 19:49 Wickham, Jeremy <jeremy.wick...@msstate.edu> wrote: > Here for the past week or so I have had quite a few users receive the MFA > Unavailable screen after they Duo Authenticate. Duo shows a successful > authentication, but when it is returned back to CAS, it appears to throw a > DecryptionException. I cannot recreate this behavior myself, but I do have > one coworker who can. I have turned on trace on quite a few packages to > attempt to, I have found the following stacktrace, Any idea how I can > diagnose this? > > > > 2025-02-04 15:09:52,977 TRACE > [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] > - <Received Duo Security state [XXXXXXXXXXXXXXXXXXXXXXXXX]> > > 2025-02-04 15:09:52,977 WARN > [org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction] > - <DecryptionException> > > org.apereo.cas.util.crypto.DecryptionException: null > > at > org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:96) > ~[cas-server-core-util-api-7.0.9.jar:7.0.9] > > at > org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:36) > ~[cas-server-core-util-api-7.0.9.jar:7.0.9] > > at > org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:140) > ~[cas-server-core-util-api-7.0.9.jar:7.0.9] > > at > org.apereo.cas.util.serialization.SerializationUtils.decodeAndDeserializeObject(SerializationUtils.java:156) > ~[cas-server-core-util-api-7.0.9.jar:7.0.9] > > at > org.apereo.cas.pac4j.BrowserWebStorageSessionStore.buildFromTrackableSession(BrowserWebStorageSessionStore.java:68) > ~[cas-server-support-pac4j-api-7.0.9.jar:7.0.9] > > at > org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityUniversalPromptValidateLoginAction.handleDuoSecurityUniversalPromptResponse(DuoSecurityUniversalPromptValidateLoginAction.java:96) > ~[cas-server-support-duo-core-7.0.9.jar:7.0.9] > > > > Thanks, > > -Jeremy > > > > ________________________ > > Jeremy Wickham > > Mississippi State University > > jeremy.wick...@msstate.edu > > Webex Personal Room: https://msstate.webex.com/meet/jrw16 > > > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB83129872901186AC0E8E0E2899F42%40CYYPR01MB8312.prod.exchangelabs.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB83129872901186AC0E8E0E2899F42%40CYYPR01MB8312.prod.exchangelabs.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKig11BYLuVJgz97KSjO8upoOPmy5gwwLq5sh7SwNtLf%3Dg%40mail.gmail.com.
