I have the same problem. After successfully registering security key the following error is thrown when CasFeatureModule.AccountManagement.enabled=true
Caused by: java.lang.IllegalArgumentException: Cannot find state with id 'saveRegistration' in flow 'account' -- Known state ids are 'array<String>['myAccountProfile', 'updateSecurityQuestions', 'passwordChangeRequest', 'redirectToPasswordReset', 'ticketGrantingTicketCheck', 'redirectToLogin', 'removeSingleSignOnSession', 'casBrowserStorageReadView', 'oidcRevokeAccessToken', 'deleteMfaDevice', 'deleteMultifactorTrustedDevice', 'viewRegistrationWebAuthn']' I have tested it on 7.2.3 and 7.3.0-RC2. Also there is this problem with registering webauthn when gauth is enabled. However I have given up on gauth and I'm going to use credentials login + mfa-simple combined with webauthn login without user credentials. On Thursday, April 10, 2025 at 4:21:38 PM UTC+2 Frédéric Dussurget wrote: > Hi, > Your fix seems to have been included ion the latest 7.2, I can now > register webauthn devices through the account profile management BUT, I > still cannot register webauthn devices if I have multiples MFA providers > (in my cas webauthn and gauth) > Regards, > > here are my logs when I try to register a webauthn device with both MFA > poviders : > > browser's console : > Request : > > > > *_csrf: "pPOlLr91F7EsX5z[... blahblahblah ...]w_XI-nzfe9type: > "webauthn"_eventId_register: "Register"execution: > 537c7786-8f9b-4a65[...blahblahblah...]pZWlhOVUyOFo2TjVn* > > server logs : > > > > > *2025-04-10 14:37:51,113 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested > original ticket id [TGT-3-****************x0K3OY0-mycasserver] to > [404b8927b61268... blahblahblah ...88ae3265ccee]>2025-04-10 14:37:51,114 > DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Ticket > passed is not an encoded ticket: [TicketGrantingTicketImpl], no decoding is > necessary.>2025-04-10 14:37:51,116 DEBUG > [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to > [FlowHandlerMapping.DefaultFlowHandler@61f603b6]>2025-04-10 14:37:51,130 > DEBUG > [org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] - > <Registration key URI is > [otpauth://totp/Gauth:frederic.dussurget?secret=****************]>2025-04-10 > 14:37:51,422 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] > - <Digested original ticket id [TGT-1-****************Bi4ogU4- mycasserver > ] to [837caa4f9326 ... blahblahblblah ... 3e9314859c5af98bc4721]>* > > ... and when I'm trying to do the same thing with only the webauth MFA > provider (flushed gauth from everywhere : build.gradle, services, cas.yml): > > > > > *2025-04-10 15:02:06,834 DEBUG > [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Digested > original ticket id [TGT-5-****************1a-b1g4- mycasserver ] to > [f8ee5dd65ddda53fc60d50acf8 ... blajblahblah ... e47a09b39c1c38]>2025-04-10 > 15:02:06,835 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] > - <Ticket passed is not an encoded ticket: [TicketGrantingTicketImpl], no > decoding is necessary.>2025-04-10 15:02:06,838 DEBUG > [org.apereo.cas.web.flow.CasFlowHandlerMapping] - <Mapped to > [FlowHandlerMapping.DefaultFlowHandler@5c09bcba]>2025-04-10 15:02:06,861 > DEBUG [org.apereo.cas.webauthn.web.flow.WebAuthnStartRegistrationAction] - > <Starting registration sequence for [SimplePrincipal(id=frederic.dussurget, > attributes=* > > > Le jeudi 5 décembre 2024 à 15:49:23 UTC+1, Frédéric Dussurget a écrit : > >> Thanks a lot for that ! I hope someone will fix it with your fix. >> Until now, I had to register my webauthn devices for testing by accessing >> directly to a service protected by webauthn >> Regards, >> >> Le jeudi 5 décembre 2024 à 15:19:01 UTC+1, P Assenger a écrit : >> >>> Two PRs should correct the issue with webauthn device registration. I >>> do not know if the crossover with mfa-gauth is also corrected, as I >>> wanted to get webauthn registration working for POC purpose, only. >>> >>> Note that, for now, the two PRs are rejected as there is no test >>> associated to them: >>> >>> - PR ( 7.1.x) https://github.com/apereo/cas/pull/6252 >>> - PR (master) : https://github.com/apereo/cas/pull/6254 >>> >>> >>> Modification is trivial so the patch should be easy to apply for other >>> revisions. >>> >>> Regards, >>> >>> P. >>> Le jeudi 28 novembre 2024 à 02:59:25 UTC+1, P Assenger a écrit : >>> >>>> Hi, >>>> We encounter the same issue under v7.1.2, with only the web-authn >>>> dependencies : while the new device is registered, an error occurs at the >>>> interface. >>>> >>>> In CAS logs, the error is as you described it : *Exception thrown in >>>> state 'viewRegistrationWebAuthn' of flow 'account'.* Albeit with this >>>> added message : *no ''saveRegistration' state in flow 'account'.* >>>> >>>> The culprit code seems to be in " >>>> *support/cas-server-support-webauthn-core-webflow/src/main/java/org/apereo/cas/webauthn/web/flow/account/WebAuthnMultifactorAccountProfileWebflowConfigurer.java*'. >>>> >>>> BTW, this class does not seem to have a TestCase. >>>> >>>> Harsh to be blocked on such a problem :(. >>>> >>>> P. >>>> >>>> Le mercredi 11 septembre 2024 à 16:21:46 UTC+2, Frédéric Dussurget a >>>> écrit : >>>> >>>>> Hi, >>>>> >>>>> Context : version=7.2.0-SNAPSHOT >>>>> >>>>> Extract of build.gradle : >>>>> //MFA TOTP >>>>> implementation "org.apereo.cas:cas-server-support-gauth" >>>>> implementation "org.apereo.cas:cas-server-support-gauth-redis" >>>>> >>>>> // MFA FIDO2 WEBAUTHN >>>>> implementation "org.apereo.cas:cas-server-support-webauthn" >>>>> implementation "org.apereo.cas:cas-server-support-webauthn-redis" >>>>> >>>>> //MFA TRUSTED DEVICE >>>>> implementation "org.apereo.cas:cas-server-support-trusted-mfa" >>>>> implementation >>>>> "org.apereo.cas:cas-server-support-trusted-mfa-redis" >>>>> >>>>> My issue : >>>>> I have an issue with Account Profile Management (/cas/login page), but >>>>> only with webauthn devices (mfa-gauth devices work fine) : >>>>> >>>>> - with build.gradle containing only web-authn dependencies, I'm able >>>>> to register a webauthn device thru account profile management, but I get >>>>> an >>>>> 500 error message at the very end of the ceremony : >>>>> Error: jakarta.servlet.ServletException: Request processing failed: >>>>> org.springframework.webflow.execution.FlowExecutionException: Exception >>>>> thrown in state 'viewRegistrationWebAuthn' of flow 'account' >>>>> >>>>> BUT, the webauthn device is registered and fully functionnal. >>>>> >>>>> - with build.gradle containing web-authn AND mfa-gauth dependencies, I >>>>> cannot get the webauthn device registering ceremony : every time I end up >>>>> on the mfa-gauth device registering ceremony. So, the only way to >>>>> register >>>>> mfa-webauthn devices is on the fly, accessing directly to a service. >>>>> >>>>> Regards, >>>>> >>>>> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c502c3b-248d-47ef-bb7d-8261e30db863n%40apereo.org.
