There are possibly other errors or warnings on startup before that line.
Seriously, you need to approach this as a re-implementation as though
you are starting from scratch. Review the documents that way.
https://apereo.github.io/cas/7.1.x/integration/Delegate-Authentication.html
I've never done delegation. Maybe?
https://apereo.github.io/cas/7.1.x/integration/Delegate-Authentication-Provider-Registration.html
On 3/24/25 12:07, Phil Hale wrote:
All,
I switched the log to debug mode and got the following information on
the failure:
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,248 INFO [org.apereo.inspektr.audit.AuditTrailManager] -
<Audit trail record BEGIN
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]:
=============================================================
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: WHEN:
2025-03-24T17:04:37.243024734
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: WHO:
audit:unknown
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: WHAT:
{result=Service Access Granted,
service=https://idm-cas-mgr-test.tamucc.edu/cas-management/callback?client_name=CasClient,
requiredAttributes={}}
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: ACTION:
SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: CLIENT_IP:
192.168.155.189
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: SERVER_IP:
0:0:0:0:0:0:0:1
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]:
=============================================================
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: >
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,256 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerMapping] -
<Mapped to [FlowHandlerMapping.DefaultFlowHandler@577337d8]>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,259 DEBUG [org.apereo.cas.web.flow.CasFlowHandlerAdapter] -
<Configuring CAS webflow execution plan...>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,315 DEBUG
[org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer] -
<[OidcWebflowConfigurer] could not find flow definition [account].
Available flow definition ids are [[clientredirect, login]]>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,438 WARN [jakarta.persistence.spi] -
<jakarta.persistence.spi::No valid providers found.>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,494 DEBUG
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path
for cookies for warn cookie generator to: [/cas/]>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,494 DEBUG
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path
for cookies for TGC cookie generator to: [/cas/]>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,496 DEBUG
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing
service in context scope:
[https://idm-cas-mgr-test.tamucc.edu/cas-management/callback?client_name=CasClient]>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,498 DEBUG
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Placing
registered service [https\:\/\/idm\-cas\-mgr\-test\.tamucc\.edu\/.*]
with id [1617150001173] in context scope>
Mar 24 12:04:37 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:37,502 DEBUG
[org.apereo.cas.web.flow.authentication.RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy]
- <Evaluating authentication policy
[DefaultRegisteredServiceAuthenticationPolicy(requiredAuthenticationHandlers=[],
excludedAuthenticationHandlers=[], criteria=null)] for
[CAS_Management_Test]>
Mar 24 12:04:39 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:39,720 DEBUG
[org.apereo.cas.support.saml.DefaultOpenSamlConfigBean] - <Initialized
OpenSaml successfully.>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,012 DEBUG
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Using
pre-defined signing key to use for
[cas.authn.oauth.session-replication.cookie.crypto.signing.key]>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,012 DEBUG
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Using
pre-defined encryption key to use for
[cas.authn.oauth.session-replication.cookie.crypto.encryption.key]>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,087 DEBUG [org.apereo.cas.logout.DefaultLogoutExecutionPlan]
- <Registering logout handler
[DelegatedAuthenticationEventExecutionPlanConfiguration$DelegatedAuthenticationEventExecutionPlanLogoutConfiguration$$Lambda/0x00007fabc531f1c8]>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,087 DEBUG [org.apereo.cas.logout.DefaultLogoutExecutionPlan]
- <Registering logout handler
[CasOAuth20Configuration$CasOAuth20LogoutConfiguration$$Lambda/0x00007fabc531f428]>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,249 DEBUG
[org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationAction]
- <Setting path for cookies for distributed session cookie generator
to: [/cas/]>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,259 DEBUG
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver]
- <Resolved single event [success] via
[org.apereo.cas.web.flow.resolver.impl.RankedMultifactorAuthenticationProviderWebflowEventResolver]
for this context>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,262 INFO [org.apereo.inspektr.audit.AuditTrailManager] -
<Audit trail record BEGIN
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]:
=============================================================
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: WHEN:
2025-03-24T17:04:40.261826275
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: WHO:
audit:unknown
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: WHAT:
{source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success,
url=https://login-test.tamucc.edu/cas/login?service=https%3A%2F%2Fidm-cas-mgr-test.tamucc.edu%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient,
timestamp=2025-03-24T17:04:40.259}
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: ACTION:
AUTHENTICATION_EVENT_TRIGGERED
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: CLIENT_IP:
192.168.155.189
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: SERVER_IP:
0:0:0:0:0:0:0:1
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]:
=============================================================
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: >
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,309 DEBUG
[org.apereo.cas.oidc.web.flow.OidcRegisteredServiceUIAction] - <Found
registered service [https\:\/\/idm\-cas\-mgr\-test\.tamucc\.edu\/.*]
from the context>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,548 DEBUG
[org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
- <Initialized context with request parameters
[{service=[https://idm-cas-mgr-test.tamucc.edu/cas-management/callback?client_name=CasClient]}]>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,548 DEBUG
[org.apereo.cas.support.pac4j.authentication.clients.BaseDelegatedIdentityProviderFactory]
- <Builder [DelegatedClientOidcBuilder] provides [0] clients>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,549 DEBUG
[org.apereo.cas.support.pac4j.authentication.clients.RefreshableDelegatedIdentityProviders]
- <The following clients are built: [[]]>
Mar 24 12:04:40 idm-cas2-test.tamucc.edu cas.war[111646]: 2025-03-24
12:04:40,550 WARN
[org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
- <No delegated authentication providers could be determined based on
the provided configuration. Either no identity providers are
configured, or the current access strategy rules prohibit CAS from
using authentication providers>
I'm not seeing much in the logs to help me determine the issue, but
it's the same error as before.
Phil
On Friday, March 21, 2025 at 11:23:23 AM UTC-5 Richard Frovarp wrote:
You're going to have to read through the documentation for
Hazelcast to see what matches your needs. Most of the time in the
past, upgrades are reimplementations. It is unfortunately a lot of
work. OpenRewrite is supposed to help that from the best I know. I
don't know if it will work until you get to 7.1 though. I haven't
used it yet.
https://apereo.github.io/cas/7.1.x/installation/OpenRewrite-Upgrade-Recipes.html
On 3/20/25 13:47, Phil Hale wrote:
I added the missing dependency and restarted the services and I'm
still getting the same warning in the logs:
2025-03-20 13:15:27,445 WARN
[com.hazelcast.instance.impl.HazelcastInstanceFactory] -
<Hazelcast is starting in a Java modular environment (Java 9 and
newer) but without proper access to required Java packages. Use
additional Java arguments to provide Hazelcast access to Java
internal API. The internal API access is used to get the best
performance results. Arguments to be used:
Are their any additional cas.properties I need to add to make
this work again?
Phil
On Thursday, March 20, 2025 at 11:59:04 AM UTC-5 Pablo Vidaurri
wrote:
Using OIDC I assume?
Have you tried these dependencies:
implementation
"org.apereo.cas:cas-server-support-pac4j-oidc" <-- Looks
like just introduced in 7.1.0
implementation
"org.apereo.cas:cas-server-support-pac4j-webflow"
-psv
On Wednesday, March 19, 2025 at 10:00:52 PM UTC-5 Phil Hale
wrote:
Hello,
I'm attempting to upgrade from CAS 7.0 to CAS 7.1. I can
successfully build the war file and launch it without
issues. When I attempt to log in I get the following
error in the log file:
cas.war[331470]: 2025-03-19 15:38:17,967 WARN
[org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
- <No delegated authentication providers could be
determined based on the provided configuration. Either no
identity providers are configured, or the current access
strategy rules prohibit CAS from using authentication
providers>
and the following on the web browser:
Screenshot From 2025-03-19 15-40-11.png
We have each service file set up to call out to a default
identity provider with the following block in the service
json file:
accessStrategy:
{
@class:
org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
delegatedAuthenticationPolicy:
{
@class:
org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy
allowedProviders:
[
java.util.ArrayList
[
TAMUCC_AAD
]
]
permitUndefined: false
exclusive: true
}
}
This works as expected in 7.0 but does not work in 7.1.
In 7.0, we are automatically directed to the AAD login
and after successfully logging in, given access to the
app. I've compared the json service file formatting with
what is documented and can't find any issues.
Hopefully someone has some suggestions on what changes we
need to make to get this working again.
Thanks,
Phil
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+u...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb0853c1-ee51-4a69-804d-06580dffe90dn%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb0853c1-ee51-4a69-804d-06580dffe90dn%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/64ff6ef5-3bf3-45cb-9795-73974378817en%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/64ff6ef5-3bf3-45cb-9795-73974378817en%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/50ec3c48-4e1d-4bc2-ba3f-90cb3e1f2fbc%40ndsu.edu.
