Hi, we noticed issues when trying to surrogate on a service protected by
gauth or web-authn.
Both MFA work perfectly when not using surrogate privilege elevation.
Surrogate work perfectly on services not protected by any MFA merthod.
regards,
Below is the log :
2025-02-13 12:13:01,235 INFO [org.apereo.inspektr.audit.AuditTrailManager]
- <Audit trail record BEGIN
=============================================================
WHEN: 2025-02-13T11:13:01.235109901
WHO: (Primary User: [prenom.nom], Surrogate User: [support.monapplimetier])
WHAT: {result=Service Access Denied,
principal=SimplePrincipal(id=support.monapplimetier,
attributes={}),
service=https://monserveurcas01.ad.masupermonetablissement.fr:9447/protected,
requiredAttributes={memberOf=[OU=Service Accounts, OU=AD, DC=ad,
DC=monetablissement,
CN=casmanagers, DC=fr]}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
CLIENT_IP: 199.52.21.3
SERVER_IP: 127.0.0.1
=============================================================
>
2025-02-13 12:13:01,236 INFO [org.apereo.inspektr.audit.AuditTrailManager]
- <Audit trail record BEGIN
=============================================================
WHEN: 2025-02-13T11:13:01.236454511
WHO: (Primary User: [prenom.nom], Surrogate User: [support.monapplimetier])
WHAT: {result=Surrogate Authentication Ineligible, selfPrincipal
=SurrogatePrincipal(primary=SimplePrincipal(id=prenom.nom, attributes={
aupAccepted=[true], cn=[nomsuperprenomnom nomsupernom],
displayName=[nomsuperprenomnom
nomsupernom],
eduPersonPrincipalName=[prenom....@ad.masupermonetablissement.fr],
givenName=[nomsuperprenomnomavecdesaccents],
mail=[prenom....@masupermonetablissement.fr],
memberOf=[CN=CasSurogate-Pierre.Michu,OU=Surrogate,OU=CAS,OU=Groupes,],
msDS-UserPasswordExpiryTimeComputed=[134068058054550169],
pwdLastSet=[133752698054550169],
sn=[nomsupernom], uid=[prenom.nom]}),
surrogate=SimplePrincipal(id=support.monapplimetier,
attributes={})), surrogatePrincipal=null, service
=https://monserveurcas01.ad.masupermonetablissement.fr:9447/protected}
ACTION: SURROGATE_AUTHENTICATION_ELIGIBILITY_VERIFICATION_TRIGGERED
CLIENT_IP: 199.52.21.3
SERVER_IP: 127.0.0.1
=============================================================
>
2025-02-13 12:13:01,237 INFO [org.apereo.inspektr.audit.AuditTrailManager]
- <Audit trail record BEGIN
=============================================================
WHEN: 2025-02-13T11:13:01.237310936
WHO: prenom.nom
WHAT: {credential=****************, source=null, customFields={})],
registeredServiceId=https://(monserveurcas0([123])|cas-pp)(.ad|).masupermonetablissement.fr:944([678]).*,
registeredServiceName=Service Test Bootiful, service
=https://monserveurcas01.ad.masupermonetablissement.fr:9447/protected}
ACTION: AUTHENTICATION_FAILED
CLIENT_IP: 199.52.21.3
SERVER_IP: 127.0.0.1
=============================================================
>
2025-02-13 12:13:01,249 WARN
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <1 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 successes
at
org.apereo.cas.authentication.SurrogateAuthenticationPostProcessor.process(SurrogateAuthenticationPostProcessor.java:105)
~[cas-server-support-surrogate-core-7.1.3.jar:7.1.3]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.lambda$invokeAuthenticationPostProcessors$1(DefaultAuthenticationManager.java:96)
~[cas-server-core-authentication-api-7.1.3.jar:7.1.3]
at org.jooq.lambda.Unchecked.lambda$consumer$17(Unchecked.java:694)
~[jool-0.9.15.jar:?]
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
~[?:?]
at
java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
~[?:?]
at
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1708)
~[?:?]
at
java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
~[?:?]
at
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
~[?:?]
at
java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
~[?:?]
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
~[?:?]
at
java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
~[?:?]
at
java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
~[?:?]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.invokeAuthenticationPostProcessors(DefaultAuthenticationManager.java:96)
~[cas-server-core-authentication-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:76)
~[cas-server-core-authentication-api-7.1.3.jar:7.1.3]
at
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
~[?:?]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:355)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:102)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.apereo.cas.monitor.ExecutableObserver.executeJoinPoint(ExecutableObserver.java:84)
~[cas-server-core-api-monitor-7.1.3.jar:7.1.3]
at
org.apereo.cas.monitor.ExecutableObserver.lambda$observe$0(ExecutableObserver.java:63)
~[cas-server-core-api-monitor-7.1.3.jar:7.1.3]
at
org.jooq.lambda.Unchecked.lambda$supplier$38(Unchecked.java:1695)
~[jool-0.9.15.jar:?]
at
io.micrometer.observation.Observation.observe(Observation.java:565)
~[micrometer-observation-1.13.3.jar:1.13.3]
at
org.apereo.cas.monitor.DefaultExecutableObserver.supply(DefaultExecutableObserver.java:34)
~[cas-server-core-monitor-7.1.3.jar:7.1.3]
at
org.apereo.cas.monitor.ExecutableObserver.observe(ExecutableObserver.java:63)
~[cas-server-core-api-monitor-7.1.3.jar:7.1.3]
at
org.apereo.cas.monitor.ExecutableObserver.observe(ExecutableObserver.java:78)
~[cas-server-core-api-monitor-7.1.3.jar:7.1.3]
at
org.apereo.cas.config.CasCoreAuthenticationMonitoringConfiguration$AuthenticationManagerMonitoringAspect.aroundAuthenticationManagementOperations(CasCoreAuthenticationMonitoringConfiguration.java:51)
~[cas-server-core-authentication-7.1.3.jar:7.1.3]
at
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
~[?:?]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:637)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:627)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:129)
~[cas-server-core-audit-api-7.1.3.jar:7.1.3]
at
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
~[?:?]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:637)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:627)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:223)
~[spring-aop-6.1.12.jar:6.1.12]
at jdk.proxy3/jdk.proxy3.$Proxy222.authenticate(Unknown Source)
~[?:?]
at
org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:37)
~[cas-server-core-authentication-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:69)
~[cas-server-core-authentication-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleInitialAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:59)
~[cas-server-core-authentication-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.resolveInternal(DefaultCasDelegatingWebflowEventResolver.java:73)
~[cas-server-core-webflow-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:52)
~[cas-server-core-webflow-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:57)
~[cas-server-core-webflow-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecuteInternal(AbstractAuthenticationAction.java:61)
~[cas-server-core-webflow-api-7.1.3.jar:7.1.3]
at
org.apereo.cas.web.flow.actions.BaseCasWebflowAction.doExecute(BaseCasWebflowAction.java:57)
~[cas-server-core-webflow-api-7.1.3.jar:7.1.3]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
~[spring-webflow-3.0.0.jar:3.0.0]
at org.springframework.webflow.engine.State.enter(State.java:194)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.Transition.execute(Transition.java:228)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.ViewState.resume(ViewState.java:195)
~[spring-webflow-3.0.0.jar:3.0.0]
at org.springframework.webflow.engine.Flow.resume(Flow.java:537)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.apereo.cas.web.flow.executor.WebflowExecutorFactory$CasFlowExecutorImpl.resumeExecution(WebflowExecutorFactory.java:95)
~[cas-server-core-webflow-api-7.1.3.jar:7.1.3]
at
java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
~[?:?]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:355)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
~[spring-aop-6.1.12.jar:6.1.12]
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:223)
~[spring-aop-6.1.12.jar:6.1.12]
at jdk.proxy3/jdk.proxy3.$Proxy168.resumeExecution(Unknown Source)
~[?:?]
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:254)
~[spring-webflow-3.0.0.jar:3.0.0]
at
org.apereo.cas.web.flow.CasFlowHandlerAdapter.handle(CasFlowHandlerAdapter.java:39)
~[cas-server-core-webflow-api-7.1.3.jar:7.1.3]
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
~[spring-webmvc-6.1.12.jar:6.1.12]
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
~[spring-webmvc-6.1.12.jar:6.1.12]
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
~[spring-webmvc-6.1.12.jar:6.1.12]
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
~[spring-webmvc-6.1.12.jar:6.1.12]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
~[servlet-api.jar:6.0]
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
~[spring-webmvc-6.1.12.jar:6.1.12]
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
~[servlet-api.jar:6.0]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
~[tomcat-websocket.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110)
~[spring-web-6.1.12.jar:6.1.12]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:393)
~[cas-server-core-web-api-7.1.3.jar:7.1.3]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:188)
~[cas-server-core-web-api-7.1.3.jar:7.1.3]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62)
~[cas-server-core-web-api-7.1.3.jar:7.1.3]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.boot.actuate.web.exchanges.servlet.HttpExchangesFilter.doFilterInternal(HttpExchangesFilter.java:89)
~[spring-boot-actuator-3.3.3.jar:3.3.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:181)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:75)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
~[spring-webmvc-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230)
~[spring-security-config-6.3.3.jar:6.3.3]
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
~[spring-web-6.1.12.jar:6.1.12]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:111)
~[cas-server-core-logging-7.1.3.jar:7.1.3]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:113)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
~[spring-security-web-6.3.3.jar:6.3.3]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:32)
~[cas-server-core-audit-api-7.1.3.jar:7.1.3]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:124)
~[spring-boot-3.3.3.jar:3.3.3]
at
org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:99)
~[spring-boot-3.3.3.jar:3.3.3]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117)
~[spring-boot-3.3.3.jar:3.3.3]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
~[spring-web-6.1.12.jar:6.1.12]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
~[spring-web-6.1.12.jar:6.1.12]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:70)
~[log4j-jakarta-web-2.23.1.jar:2.23.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
~[catalina.jar:10.1.15]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
~[catalina.jar:10.1.15]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
~[catalina.jar:10.1.15]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
~[catalina.jar:10.1.15]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
~[catalina.jar:10.1.15]
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:735)
~[catalina.jar:10.1.15]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)
~[catalina.jar:10.1.15]
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
~[tomcat-coyote.jar:10.1.15]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
~[tomcat-coyote.jar:10.1.15]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)
~[tomcat-coyote.jar:10.1.15]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)
~[tomcat-coyote.jar:10.1.15]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
~[tomcat-coyote.jar:10.1.15]
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
~[tomcat-util.jar:10.1.15]
at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
~[tomcat-util.jar:10.1.15]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:10.1.15]
at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]
2025-02-13 12:13:01,249 DEBUG
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
- <Authentication request failed with [401], resulting in event
[authenticationFailure]>
2025-02-13 12:13:01,249 DEBUG
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] -
<Resolved single event [authenticationFailure] via
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
for this context>
2025-02-13 12:13:01,338 DEBUG
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
<Located current event [authenticationFailure]>
2025-02-13 12:13:01,338 DEBUG
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
<Located error attribute [class
org.apereo.cas.authentication.AuthenticationException] with message [1
errors, 0 successes] from the current event>
2025-02-13 12:13:01,341 DEBUG
[org.apereo.cas.web.flow.actions.AuthenticationExceptionHandlerAction] -
<Final event id resolved from the error is
[SurrogateAuthenticationException]>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/29821e69-1719-4b20-8492-b3eadbcb3d4cn%40apereo.org.
