In CAS 7.x multifactor authentication with Google Authenticator over REST
protocal is broken.
To reproduce the problem, create an overlay-project with
cas-server-support-generic, cas-server-support-rest,
cas-server-support-gauth and cas-server-webapp-starter-tomcat. Use
browser-login to register a google-authenticator device and then try to
authenticate using REST protocol (POST username=xxx&password=xxx&gauthotp).
Here are the relevant logs:
2025-02-13 08:48:37,251 DEBUG
[org.apereo.cas.gauth.rest.GoogleAuthenticatorRestHttpRequestCredentialFactory]
- <Google authenticator token [111111] in the request body via account
[null]>
...
simple file based authentication
...
2025-02-13 08:48:37,396 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePssswordAuthenticationHandler]
- <Credential [Remember
MeUsernamePasswordCredential(super=UsernamePasswordCredential(username=xxxxxx,
source=null, customFields={}), rememberMe=false)] eligibility is [Static
Credentials] for authentication handler [true]>
2025-02-13 08:48:37,396 DEBUG
[org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy]
- <Authentication policy is
satisfied having found at least one authentication transactions>
2025-02-13 08:48:37,396 DEBUG
[org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting
to authenticate credential
[GoogleAuthenticatorTokenCredential(super=OneTimeTokenCredential(token=****************),
accountId=null)]>
2025-02-13 08:48:37,396 DEBUG
[org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting
authentication of [111111] using [GoogleA
uthenticatorAuthenticationHandler]>
2025-02-13 08:48:37,397 ERROR
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports
[GoogleAuthenticatorTokenCredential(super=OneTimeTokenCredential(token=****************),
accountId=null)] of type [GoogleAuthenticatorTokenCredential]. Examine the
configuration to ensure a method of authentication is defined and analyze
CAS logs at DEBUG level to trace the authentication event.>
2025-02-13 08:48:37,397 ERROR
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[GoogleAuthenticatorAuthenticationHandler]: [Cannot invoke
"org.apereo.cas.authentication.Authentication.getPrincipal()" because
"authentication" is null]>
The "authentication is null" comes from
GoogleAuthenticatorAuthenticationHandler.java:
val authentication = WebUtils.getInProgressAuthentication();
Can anyone help me to understand, why
WebUtils.getInProgressAuthentication() does not return a valid
authentication object?
Thank you
Klaus-Dieter Krannich
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0ed09b2f-bf9f-4527-ab89-c9182855395en%40apereo.org.
