[cas-user] Re: Finally Finish My College

[Misagh Moayyed]

You are very welcome. Congratulations! 

On Friday, May 21, 2021 at 8:43:40 AM UTC+4 Andy Ng wrote:

> Hi Irvan, Congrats on your achievement! Glad we helped :)  Cheers! -Andy
>
> On Wednesday, 19 May 2021 at 02:11:45 UTC+8 irvans...@gmail.com wrote:
>
>> Hi Guys,
>>
>> On April 20, 2021. I finally finished my final project. The image below 
>> is of me holding a monitor that says "Terimakasih". In Indonesian 
>> "Terimakasih" means "Thank you". And I want to thank all of you who have 
>> helped me in solving the problems I have found, to Mr. Misagh Moayed, Andy 
>> Ng, Ray Bon, and anyone else that I can't mention.
>>
>> Cheers,
>> Irvan :)
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e06ca91a-d73f-4ad7-b406-6004688b06a2n%40apereo.org.

Re: [cas-user] OAuth2 server with AccountPasswordMustChangeException

[Ken Hopkins]

Thanks for the quick response Ray.

I did try including and enabling the password-management module, but didn't 
try much configuration beyond that.

In our case, the UI is a javascript application that just interacts with 
CAS through an API.  We wouldn't plan to enable the oauth2 password grant 
type for clients that weren't trusted.  Accordingly, we were hoping to 
trust the client to manage resetting the password if it's expired.

At first glance, the password-management module seems to be focused on CAS 
providing a password reset UI, which isn't our preferred experience.

I did see this bit in the link you provided:
> The password management features of CAS are rather modest, and 
alternatively should the functionality provide inadequate for your policy, 
you may always redirect CAS to use a > separate and standalone application 
that is fully in charge of managing the account password and associated 
flows.

That sounds interesting, but really, instead of redirecting to another 
application, we're just looking for CAS to indicate that the password is 
expired in the response.


On Tuesday, May 25, 2021 at 4:25:38 PM UTC-4 Ray Bon wrote:

> Ken,
>
> The authentication provider should _not_ return reasons for failed login 
> to clients. Log in and any items associated with it, such as password 
> management, should be managed entirely by the auth provider. This is to 
> prevent abuse by client applications as well as separation of concerns (who 
> wants to add password management to every client app?).
>
> I have not used the password management module. It can handle expired 
> passwords, 
> https://apereo.github.io/cas/6.3.x/password_management/Password-Management.html
> .
>
> Have you included the dependency?
>
> Ray
>
> On Tue, 2021-05-25 at 12:42 -0700, Ken Hopkins wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> I am using CAS as an OAuth2 server with REST Authentication.  My client is 
> a javascript application using the oauth2 password grant type.
>
> When trying to authenticate a user whose password is expired, my REST 
> authentication endpoint is returning a 428 response as expected.  I see a 
> log message that indicates as much:
> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <[RestAuthenticationHandler] exception details: [Account password must 
> change for a...@def.com].>
>
> However, my client application just receives a generic 401 response from 
> CAS indicating the authentication failed, without any indication that the 
> password was expired.
>
> Is this the expected behavior?  Am I missing any configuration that would 
> allow CAS to return a different response or header or response code to an 
> OAuth2 Password Grant Type request?  I'd like to be able to relay to the 
> client that authentication failed because the password is expired.
>
> I've tried returning both the X-CAS-Warning and 
> X-CAS-PasswordExpirationDate response headers from my REST Authentication 
> endpoint, but they do not get propagated to the response to my Oauth client 
> from CAS.
>
> I also enabled the password management module, but that didn't seem to 
> help either.
> cas.authn.pm.core.enabled=true
> cas.authn.pm.webflow.enabled=true
> cas.authn.pm.enabled=true
>
> I'm currently using CAS version 6.2.5.
>
> Thanks,
> Ken
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec36f533-1b68-4268-8b5f-4c579935c0f3n%40apereo.org.

Re: [cas-user] OAuth2 server with AccountPasswordMustChangeException

[Ray Bon]

Ken,

The authentication provider should _not_ return reasons for failed login to 
clients. Log in and any items associated with it, such as password management, 
should be managed entirely by the auth provider. This is to prevent abuse by 
client applications as well as separation of concerns (who wants to add 
password management to every client app?).

I have not used the password management module. It can handle expired 
passwords, 
https://apereo.github.io/cas/6.3.x/password_management/Password-Management.html.

Have you included the dependency?

Ray

On Tue, 2021-05-25 at 12:42 -0700, Ken Hopkins wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

I am using CAS as an OAuth2 server with REST Authentication.  My client is a 
javascript application using the oauth2 password grant type.

When trying to authenticate a user whose password is expired, my REST 
authentication endpoint is returning a 428 response as expected.  I see a log 
message that indicates as much:
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[RestAuthenticationHandler] exception details: [Account password must change 
for a...@def.com].>

However, my client application just receives a generic 401 response from CAS 
indicating the authentication failed, without any indication that the password 
was expired.

Is this the expected behavior?  Am I missing any configuration that would allow 
CAS to return a different response or header or response code to an OAuth2 
Password Grant Type request?  I'd like to be able to relay to the client that 
authentication failed because the password is expired.

I've tried returning both the X-CAS-Warning and X-CAS-PasswordExpirationDate 
response headers from my REST Authentication endpoint, but they do not get 
propagated to the response to my Oauth client from CAS.

I also enabled the password management module, but that didn't seem to help 
either.
cas.authn.pm.core.enabled=true
cas.authn.pm.webflow.enabled=true
cas.authn.pm.enabled=true

I'm currently using CAS version 6.2.5.

Thanks,
Ken

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c0c4bab368d703f598b0120d77c7c0c88693b4c.camel%40uvic.ca.

[cas-user] OAuth2 server with AccountPasswordMustChangeException

[Ken Hopkins]

I am using CAS as an OAuth2 server with REST Authentication.  My client is 
a javascript application using the oauth2 password grant type.

When trying to authenticate a user whose password is expired, my REST 
authentication endpoint is returning a 428 response as expected.  I see a 
log message that indicates as much:
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[RestAuthenticationHandler] exception details: [Account password must 
change for a...@def.com].>

However, my client application just receives a generic 401 response from 
CAS indicating the authentication failed, without any indication that the 
password was expired.

Is this the expected behavior?  Am I missing any configuration that would 
allow CAS to return a different response or header or response code to an 
OAuth2 Password Grant Type request?  I'd like to be able to relay to the 
client that authentication failed because the password is expired.

I've tried returning both the X-CAS-Warning and X-CAS-PasswordExpirationDate 
response headers from my REST Authentication endpoint, but they do not get 
propagated to the response to my Oauth client from CAS.

I also enabled the password management module, but that didn't seem to help 
either.
cas.authn.pm.core.enabled=true
cas.authn.pm.webflow.enabled=true
cas.authn.pm.enabled=true

I'm currently using CAS version 6.2.5.

Thanks,
Ken

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e7099de8-36db-401a-bad4-95abf7beacbfn%40apereo.org.

[cas-user] Strange default Rolling + Delete setup for Log4j

[Petr Bodnár]

Hi,

I'm a bit confused about the current contents of the default log4j2.xml 
.
 
So before making a pull request, I will rather ask here...

In rfeea2ae7cad65 
,
 
the DefaultRolloverStrategy with a nested Delete element was added to every 
file appender. So far so good. But what I don't quite understand, resp. 
what doesn't work for me:

1) Purpose of `compressionLevel`. According to Log4j documentation 
, this only 
applies when "zip" format compression is activated, so this attribute seems 
useless.

2) Pattern for Delete is set to "*/*.log.gz", but filePattern doesn't seem 
to enforce any kind of compression, it always ends just with ".log". So 
when there is no compression happening, no files can be actually deleted?

3) (Subjective) The default time-range for rolling is set to hours (`HH`) - 
is this really practical for most deployments? Wouldn't it suffice to use 
just days (`DD`)?

4) Lastly, there is also an example log4j2.xml 

 
in the officially recommended overlay template. I wonder which of these 2 
xml files should be updated then? There doesn't seem to be an ongoing 
synchronization of these files in the recent years...

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3c0af9f1-948d-48f9-b126-6a5e36219f1fn%40apereo.org.

Re: [cas-user] CAS Management - Configuration classes for tests must be marked with @TestConfiguration Error

[Ray Bon]

Chris,

Are you trying to build the cas application for the purpose of development, 
https://github.com/apereo/cas, or do you want to deploy cas as an 
authentication source, https://github.com/apereo/cas-overlay-template?
For deployment, use the overlay. 
https://apereo.github.io/cas/6.3.x/planning/Getting-Started.html

Ray

On Tue, 2021-05-25 at 08:03 -0700, Chris Kell wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

I am new to CAS, my entire team is, and we are trying to build 6.3.4 and we are 
g etting "Configuration classes for tests must be marked with 
@TestConfiguration Error " in casconfiguration.java, which obviously is not a 
test config file.
I've tried disabling tests, but we keep getting the error during the build.
Is there something fundamental about this we're missing?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b271e0d5542a8d6f87acb2972bcd4dc663e9419c.camel%40uvic.ca.

Re: [cas-user] CAS Overlay 6.3.x Dokerized - Password Reset - Active Directory

[Ray Bon]

Artur,

See this doc on password management, 
https://apereo.github.io/cas/6.3.x/password_management/Password-Management.html

Ray

On Tue, 2021-05-25 at 01:18 -0700, artur miś wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hello,
 Can i ask you about same  what i need to add to bulild.grade to make possible 
for users  pasword reset or remiand and  aditionaly i ask you about part of  
sample cas.config which make posible such action.
I'm able to set cas work with cas but changeing password  is still kind of 
magic.

AM

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/128ba78d5fa1b0539fc60c9809dc951361b5ffa7.camel%40uvic.ca.

Re: [cas-user] Azure authentication + LDAP attributes.

[Ray Bon]

Bartek,

You can resolve attributes on authentication and after authentication, 
https://apereo.github.io/cas/6.3.x/integration/Attribute-Resolution.html. There 
are a number of links on that page for options around attribute retrieval and 
release. You may have to perform mapping between the Azure identifier and LDAP 
identifier (I have not tried this).

Ray

On Mon, 2021-05-24 at 00:52 -0700, Bartosz Nitkiewicz wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi,

Some time ago, I setup CAS to delegate authentication to AZURE. It's working 
fine.
Is there an option to release LDAP attributes after successful AZURE auth, just 
like normal CAS LDAP authentication?

Thanks in advance.
Bartek

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9898f1fb8da9f7d044683ae9755162cc82faa9d4.camel%40uvic.ca.

[cas-user] CAS Management - Configuration classes for tests must be marked with @TestConfiguration Error

[Chris Kell]

I am new to CAS, my entire team is, and we are trying to build 6.3.4 and we 
are g etting "Configuration classes for tests must be marked with 
@TestConfiguration Error " in casconfiguration.java, which obviously is not 
a test config file.
I've tried disabling tests, but we keep getting the error during the build.
Is there something fundamental about this we're missing?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4830a42b-0b15-4fa2-8c63-cecb791b4b22n%40apereo.org.

Re: [cas-user] service access strategies and required attributes

[Petr Bodnár]

Hi there, I've just run into the very same issue.

After a thorough investigation, I believe this is a *BUG introduced in CAS 
6.1.0 and above*, namely by this commit: r48e753d05d55 
 
"Fix issue with surrogate auth detection; and ensured policy is consulted on 
validation". 
Before this commit, the access checking method 
*ensurePrincipalAccessIsAllowedForService()* was called just when creating 
a service ticket, which could be probably enough. Because why to check 
user's access once at ticket creation and then at ticket validation again?

Anyway, even when we decide to do the check also within ticket validation 
for whatever reason (?), I think it should be at least consistent with the 
check done at ticket creation. But as one can see, the main method 
*DefaultCentralAuthenticationService.validateServiceTicket() 
*now *firstly filters user's attributes by a configured release policy, 
before passing them to the checking method*. This is why we get this 
validation error: the default release policy is 
*ReturnAllowedAttributeReleasePolicy 
*with an empty set of attributes to be released by default!

=> So the current *workaround *seems to be either to use another policy for 
a service (like *ReturnAllAttributeReleasePolicy*), or to explicitly name 
the attributes that we need to check also in the release policy. I guess 
this has actually helped the OP (and not the attributes caching).

In short, the current CAS behavior goes against what Ray Bon writes above: 
"Two different steps, two different configurations. Attributes for access 
may be different from attributes the service needs/wants.".

Anyone willing to check this?

CC: Misagh Moayyed .

On Friday, 4 December 2020 at 21:52:49 UTC+1 ro...@mun.ca wrote:

> On a hunch, I tried turning on the attribute caching in the service entry 
> and it fixed the immediate issue.
>
>  
>
> This still leaves me a little puzzled.  The documentation implies that the 
> principal should have been cached with the length of the default SSO 
> session.
>
>  
>
> Time to keep digging.
>
>  
>
>  
>
> *From:* cas-...@apereo.org  *On Behalf Of *Ray Bon
> *Sent:* Friday, December 4, 2020 4:51 PM
> *To:* cas-...@apereo.org
> *Subject:* [EXTERNAL SENDER] Re: [cas-user] service access strategies and 
> required attributes
>
>  
>
> Robert,
>
>  
>
> Two different steps, two different configurations. Attributes for access 
> may be different from attributes the service needs/wants.
>
> See, https://apereo.github.io/cas/6.2.x/integration/Attribute-Release.html, 
> in particular, attribute release policy.
>
>  
>
> Ray
>
>  
>
>  
>
> On Fri, 2020-12-04 at 18:07 +, King, Robert wrote:
>
> *Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. *
>
>  
>
> CAS 6.1 server
>
> LDAP authentication + built in principal resolution
>
>  
>
> I am running into what I think is an inexperience issue with service 
> access strategies.  I am attempting to use principal attributes to grant 
> access to a service.
>
>  
>
> Service entry:
>
>  
>
> {
>
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
>   "serviceId" : "^https://webappsqa.fqdn/castester/.*;,
>
>   "name" : "cas test",
>
>   "id" : 1,
>
>   "accessStrategy" : {
>
> "@class" : 
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>
> "enabled" : true,
>
> "ssoEnabled" : true,
>
> "requireAllAtrributes" : true,
>
> "requiredAttributes" :
>
> {
>
>   "@class": "java.util.HashMap",
>
>   "memberOf" : [ "java.util.HashSet", [ 
> "cn=cas_admin,ou=groups,dc=***,dc=***"] ],
>
> },
>
> "rejectedAttributes" :
>
> {
>
>"@class": "java.util.LinkedHashMap"
>
> },
>
> "caseInsensitive": false
>
>   },
>
> }
>
>  
>
> When authenticating against the service I see the proper authentication 
> and service access enforcement.  
>
>  
>
> =
>
> WHO: robk
>
> WHAT: Supplied credentials: [UsernamePasswordCredential(username=robk, 
> source=null, customFields={})]
>
> ACTION: AUTHENTICATION_SUCCESS
>
> APPLICATION: CAS
>
> WHEN: Fri Dec 04 13:12:51 NST 2020
>
> CLIENT IP ADDRESS: ***.***.***.***
>
> SERVER IP ADDRESS: ***.***.***.***
>
> =
>
> =
>
> WHO: robk
>
> WHAT: [result=Service Access Granted,service=
> https://webappsqa.fqdn/castester/...,principal=SimplePrincipal(id=robk, 
> attributes={memberOf=[ 
> cn=cas_admin,ou=groups,dc=***,dc=***]}),requiredAttributes={memberOf=[cn=cas_admin,ou=groups,dc=***,dc=***]}]
>
> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
>
> APPLICATION: CAS
>
> WHEN: Fri Dec 04 13:12:51 NST 2020
>
> CLIENT IP ADDRESS: ***.***.***.***
>
> SERVER IP 

[cas-user] Re: Casifying-PeopleSoft - Error 500--Internal Server Error

[Mohammad Sioufi]

Hello 
Have you been able to solve this issue?
I have a very similar issue but with Banner SSB and CAS 6

Regards

On Thursday, July 28, 2016 at 4:06:21 PM UTC+3 dabo@gmail.com wrote:

> Hi,
>
> We are trying to integrate CAS with PeopleSoft for a SSO. We have followed 
> all the recommended settings. However after several attempts we are 
> not  able to get the SSO working.
> After authenticated to the CAS login screen, a ticket is obtained and the 
> user is automatically redirected to the following url with the "*Error 
> ---Internal Server Error*" .
> The PeopleSoft logs does not show enough information and it looks like 
> that the PeopleCode Signon has not be triggered.
>
>
> https:///psp/pscsdv3/EMPLOYEE/HRMS/h/?tab=DEFAULT=ST-21-d0EyAtsm2ik3UTqQ5Wun-cas-dev.concordia.ca
>
>
>
> *Error 500--Internal Server Error From RFC 2068 Hypertext Transfer 
> Protocol -- HTTP/1.1:10.5.1 500 Internal Server ErrorThe server encountered 
> an unexpected condition which prevented it from fulfilling the request.*
>
>
> Could someone kindly help use with this issue?
>
> Best Regards
> Mbassa
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c6f1575-17dc-4081-8500-a323502966dcn%40apereo.org.

[cas-user] CAS Overlay 6.3.x Dockized - Active Directory - Password Change

[artur miś]

Hello,

 Can i ask you what i need to add to bulild.grade config  to make possible 
for users  pasword reset or remaind  ( password reseted and remianding  
from cas  i would like  to send via emial (adress recived  from AD  metada 
data stored in CAS account) and  aditionally  my question 2 i would like 
ask you  is about part of  sample cas.config which make posible such 
action.I'm able to set cas work with cas but changeing password  is still 
kind of magic.

AM
 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1cc50f49-7b18-4d51-b96b-6cede6c5daadn%40apereo.org.

[cas-user] CAS Overlay 6.3.x Dokerized - Password Reset - Active Directory

[artur miś]

Hello,
 Can i ask you about same  what i need to add to bulild.grade to make 
possible for users  pasword reset or remiand and  aditionaly i ask you 
about part of  sample cas.config which make posible such action.
I'm able to set cas work with cas but changeing password  is still kind of 
magic.

AM
 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42e09be6-b89d-40eb-ab79-774ce09abd8bn%40apereo.org.