Re: [cas-user] Service Registry without a RDBMS

2012-06-11 Thread Dmitriy Kopylenko 
Hi Eric,

You might want to try JSON-based service registry which reloads the changes 
into the in-memory representation when the JSON file definition changes. It's 
lightweight, human-readable, and would support the use cases that you have 
described. 
https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/serviceregistry/JsonServiceRegistryDao.groovy

Cheers,
Dmitriy.


Sent from my iPhone

On Jun 11, 2012, at 9:18, Eric Pierce  wrote:

> I'm going through our CAS configuration in preparation of updating 3.5 and 
> trying to simplify everything as much as possible as I go.  I'm currently 
> using JpaServiceRegistryDaoImpl and running MySQL on each of our two CAS 
> servers with a cronjob that dumps the configuration and copies it to our DR 
> site when it changes.  Is all that extra infrastructure really necessary?  
> Since the ServiceRegistry database is only used every couple of minutes, it 
> seems like a waste of resources to have MySQL and all of the replication 
> overhead running all the time.  If the serviceregistry configuration was 
> stored in a flat file, I could replicate to all the CAS servers and the DR 
> site with a simple shell script and rsync.  As a bonus, I could also keep the 
> configuration in SVN to track changes.  
> I tried using InMemoryServiceRegistryDaoImpl and including the configuration 
> for serviceRegistryDao in an external XML file. Unfortunately, the in-memory 
> implementation only reads the configuration on startup, so any changes to the 
> config file while CAS is running are ignored.  Before I go down the path of 
> making a custom ServiceRegistry that does what I want, is this a good idea?  
> Can anyone think of issues with using a file-based setup instead of a RDBMS?  
> The only downside I can think of is that the service management GUI would 
> have to be read-only because any changes would be overwritten by the next 
> file reload.
> 
> THanks,
> -Eric
> 
> -- 
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- epie...@usf.edu
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Peoplesoft 9

2012-06-21 Thread Dmitriy Kopylenko 
Folks,

any experiences out there integrating CAS with Peoplesoft 9?

Thanks,
Dmitriy.

Sent from my iPhone

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Peoplesoft 9

2012-06-21 Thread Dmitriy Kopylenko 
Unfortunately there are no many details. It's an estimate task. All I know is 
that PS 9 needs to by CASyfied :-)

Cheers,
Dmitriy.

Sent from my iPhone

On Jun 21, 2012, at 14:20, Eric Pierce  wrote:

> Would you mind giving an overview of your setup?  This one of the last 
> enterprise apps we have that isn't using CAS and I'd like to fix that.
> 
> Thanks,
> -Eric 
> 
> On Thu, Jun 21, 2012 at 11:41 AM, Bryan E. Wooten  
> wrote:
> We are running PS 9 applications and 8.5x tools. Our portal is protected by 
> CAS. I'd be happy to answer any questions.
> 
> -Bryan
> 
> -Original Message-
> From: Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com]
> Sent: Thursday, June 21, 2012 4:56 AM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] Peoplesoft 9
> 
> Folks,
> 
> any experiences out there integrating CAS with Peoplesoft 9?
> 
> Thanks,
> Dmitriy.
> 
> Sent from my iPhone
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> bryan.woo...@utah.edu To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: epie...@usf.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> 
> 
> -- 
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- epie...@usf.edu
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 0.5

2012-06-25 Thread Dmitriy Kopylenko 
Folks,

the cas-addons project is released and is available in Maven central:


net.unicon.cas
cas-addons
0.5


The main point of this release is the beginning of adding 'strong'
authentication factors support and currently contains the implementation of
an AuthenticationHandler and supporting classes for time-based one-time
password factors (TOTP). You could find the changelog describing the
features of this release here:
https://github.com/Unicon/cas-addons/blob/master/changelog.md

Enjoy,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] JSON validation response

2012-07-09 Thread Dmitriy Kopylenko 
Folks,

this is just an informational message about the lightweight JSON validation
response for service tickets is available in cas-addons. The successful
validation response contains a set of exposed principal attributes and
basically looks like this:

{"user":"u1",
 "authenticationTime":1341844049419,
 "attributes":
 {"eduPersonAffiliation":"alumni",
  "lastName":"One",
  "firstName":"User"}
}

Of course there is a SAML validation response already baked in, but over
the years I've noticed a pattern where folks wanted a lightweight response
with attributes and resorted to 'hack' success view JSP to do that. With
this view, there is no need to do that (should one choose to use it).
Simply declare a Maven dependency on 'cas-addons' in the local overlay's
pom, and
configure the view on the /serviceValidate endpoint controller or create a
totally separate validation endpoint, say /jsonValidate, etc:





Of course there is no corresponding support in Java CAS client for this
validation payload, but hey, if someone finds this useful, that could be
added too.

The code is here:
https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/response/ServiceValidateSuccessJsonView.java

and it should be available in Maven central as cas-addons-0.6 in the few
days.

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 0.6

2012-07-14 Thread Dmitriy Kopylenko 
Folks,

cas-addons 0.6 is released and should be available in Maven central under
these coordinates:


net.unicon.cas
cas-addons
0.6


The changelog for this release can be found here:

https://github.com/Unicon/cas-addons/blob/master/changelog.md

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 3.5 EhCache ticket registry + clearPass conflict

2012-07-20 Thread Dmitriy Kopylenko 
It has to do with the new monitor framework - ehcache ticket registry is not 
supported at the moment. Just comment out the ticket registry monitor bean at 
the end of deployerConfigContext.xml

Cheers,
Dmitriy.

Sent from my iPhone

On Jul 20, 2012, at 8:24, "Andres"  wrote:

> Hi all,
> 
> I'm trying to deploy a new CAS 3.5 installation. I need ticket replication in 
> a 2 node cluster, and I chose EhCache for that because it doesn't need any 
> external server to work.
> 
> I managed to get it working following the documentation, so my ticket 
> registry looks like this:
> 
>  class="org.jasig.cas.ticket.registry.EhCacheTicketRegistry">
>   />
>  
> 
> 
> I also need clearPass, so my next step was to follow the documentation again 
> to implement it. In the end, the previous code looks like this:
> 
>  class="org.jasig.cas.ticket.registry.EhCacheTicketRegistry">
> ref="ticketGrantingTicketsCache" />
>
> 
> 
> And the ticketRegistry bean placed at clearpass-configuration.xml is:
>  class="org.jasig.cas.extension.clearpass.TicketRegistryDecorator">
>  
>  
> 
> 
> However the two things doesn't work well together. The error I get is:
> 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'ticketRegistry' defined in ServletContext resource 
> [/WEB-INF/spring-configuration/clearpass-configuration.xml]: Instantiation of 
> bean failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Could not instantiate 
> bean class [org.jasig.cas.extension.clearpass.TicketRegistryDecorator]: 
> Constructor threw exception; nested exception is 
> java.lang.ClassCastException: 
> org.jasig.cas.ticket.registry.EhCacheTicketRegistry cannot be cast to 
> org.jasig.cas.monitor.TicketRegistryState
> 
> Any idea?
> 
> Thanks in advance.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 0.7

2012-07-20 Thread Dmitriy Kopylenko 
Folks,

cas-addons 0.7 should be available in Maven central.

This release has 2 useful components:

1) JSON-based extension of person directory's ComplexStubPersonAttributeDao
for ease of definition of complex user attribues during development cycle
and without the need to restart CAS web app when modifying these
attributes. Supports instantaneous real-time reloading. So instead of
something like this:

















employee
student_current










nb_employee
alumni
student_current








it would look like this in the external config file:

{

"u1":{

 "firstName":"Json1",

 "lastName":"One",

 "eduPersonAffiliation":["alumni"]

 },

 "u2":{

 "firstName":"Json2",

 "lastName":"Two",

 "eduPersonAffiliation":["employee", "student"]

   },

  "u3":{

  "firstName":"Json3",

  "lastName":"Three",

  "eduPersonAffiliation":["alumni", "student", "employee"]

}

}

2) Generic "resource watcher" useful for monitoring external resources e.g.
files for changes and pass along Spring Application Events when changes
detected. The above JSON person attribute DAO builds on it to support
real-time reloading.

https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/persondir/JsonBackedComplexStubPersonAttributeDao.java

https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/support/ResourceChangeDetectingEventNotifier.java


Cheers,

Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 3.5 EhCache ticket registry + clearPass conflict

2012-07-20 Thread Dmitriy Kopylenko 
It's actually been captured and discussed recently:
https://issues.jasig.org/browse/CAS-1139

Cheers,
D.

On Fri, Jul 20, 2012 at 11:19 AM, Misagh Moayyed wrote:

> Captured the issue here:
>
> https://issues.jasig.org/browse/CAS-1148
>
> ** **
>
> *-*Misagh*
>
> *
>
> ** **
>
> *From:* epie...@mail.usf.edu [mailto:epie...@mail.usf.edu] *On Behalf Of *Eric
> Pierce
> *Sent:* Friday, July 20, 2012 5:59 AM
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] CAS 3.5 EhCache ticket registry + clearPass
> conflict
>
> ** **
>
> I haven't tested this, but from the error, I think the issue is with the
> "healthCheckMonitor" bean, not the ticketRegistry configuration itself.  It
> looks like the EhCacheTicketRegistry doesn't support the new monitoring
> infrastructure yet.  Try commenting out the tiketRegistry health check.***
> *
>
> ** **
>
> -Eric 
>
> On Fri, Jul 20, 2012 at 8:24 AM, Andres  wrote:
>
> Hi all,
>
> I'm trying to deploy a new CAS 3.5 installation. I need ticket replication
> in a 2 node cluster, and I chose EhCache for that because it doesn't need
> any external server to work.
>
> I managed to get it working following the documentation, so my ticket
> registry looks like this:
>
>  class="org.jasig.cas.ticket.registry.EhCacheTicketRegistry">
>ref="ticketGrantingTicketsCache" />
>   
> 
>
> I also need clearPass, so my next step was to follow the documentation
> again to implement it. In the end, the previous code looks like this:
>
>  class="org.jasig.cas.ticket.registry.EhCacheTicketRegistry">
>  ref="ticketGrantingTicketsCache" />
> 
> 
>
> And the ticketRegistry bean placed at clearpass-configuration.xml is:
>  class="org.jasig.cas.extension.clearpass.TicketRegistryDecorator">
>   
>   
> 
>
> However the two things doesn't work well together. The error I get is:
>
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'ticketRegistry' defined in ServletContext resource
> [/WEB-INF/spring-configuration/clearpass-configuration.xml]: Instantiation
> of bean failed; nested exception is
> org.springframework.beans.BeanInstantiationException: Could not instantiate
> bean class [org.jasig.cas.extension.clearpass.TicketRegistryDecorator]:
> Constructor threw exception; nested exception is
> java.lang.ClassCastException:
> org.jasig.cas.ticket.registry.EhCacheTicketRegistry cannot be cast to
> org.jasig.cas.monitor.TicketRegistryState
>
> Any idea?
>
> Thanks in advance.
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> epie...@usf.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
>
> 
>
> ** **
>
> --
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- epie...@usf.edu
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
>
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons site

2012-07-22 Thread Dmitriy Kopylenko 
Folks,

cas-addons project's site now lives here:
http://unicon.github.com/cas-addons/project-info.html

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] cas-addons site

2012-07-23 Thread Dmitriy Kopylenko 
Works fine here.

On Mon, Jul 23, 2012 at 8:51 AM, Scott Battaglia
wrote:

> It just worked for me.
>
>
> On Mon, Jul 23, 2012 at 5:34 AM, Marvin Addison 
> wrote:
>
>> > http://unicon.github.com/cas-addons/project-info.html
>>
>> I wanted to refer someone to the URL above this morning, but the
>> request is timing out as of this writing.  Can you take a look?
>>
>> M
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> scott.battag...@gmail.com
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] cas-json-tool

2012-08-05 Thread Dmitriy Kopylenko 
Wonderful! Eric, any objections making it part of cas-addons?

Dmitriy.

Sent from my iPad

On Aug 5, 2012, at 10:15 PM, Eric Pierce  wrote:

> If there's anyone else out there that's using JsonServiceRegistryDao from 
> Unicon's cas-addons repository (https://github.com/Unicon/cas-addons),  I've 
> been working on a tool you may be interested in.  cas-json-tool 
> (https://github.com/epierce/cas-json-tool) is a command-line app for creating 
> and modifying JSON service registry files.  It's been working really well for 
> us so far, so I thought others may find it useful.
> 
> -Eric
> 
> -- 
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- epie...@usf.edu
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] cas-json-tool

2012-08-06 Thread Dmitriy Kopylenko 
Sure thing. No problem at all. 

Cheers,
Dmitriy.

Sent from my iPhone

On Aug 6, 2012, at 12:23, Eric Pierce  wrote:

> I'd rather keep it in my Github account, but how about including a link to it 
> in the cas-addons repo?
> 
> -Eric
> 
> On Sun, Aug 5, 2012 at 10:54 PM, Dmitriy Kopylenko 
>  wrote:
> Wonderful! Eric, any objections making it part of cas-addons?
> 
> Dmitriy.
> 
> Sent from my iPad
> 
> On Aug 5, 2012, at 10:15 PM, Eric Pierce  wrote:
> 
>> If there's anyone else out there that's using JsonServiceRegistryDao from 
>> Unicon's cas-addons repository (https://github.com/Unicon/cas-addons),  I've 
>> been working on a tool you may be interested in.  cas-json-tool 
>> (https://github.com/epierce/cas-json-tool) is a command-line app for 
>> creating and modifying JSON service registry files.  It's been working 
>> really well for us so far, so I thought others may find it useful.
>> 
>> -Eric
>> 
>> -- 
>> Eric Pierce
>> Identity Management Architect
>> Information Technology
>> University of South Florida
>> (813) 974-8868 -- epie...@usf.edu
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dmitriy.kopyle...@gmail.com
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  -- 
> You are currently subscribed to cas-user@lists.jasig.org as: epie...@usf.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> 
> -- 
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- epie...@usf.edu
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 0.9

2012-08-11 Thread Dmitriy Kopylenko 
Folks,

cas-addons 0.9 is now available. This release's addition is
GrouperPersonAttributeDao that could be used to pull authenticated
principal's attributes from Grouper's back end.

https://github.com/Unicon/cas-addons/blob/master/changelog.md

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] JsonServiceRegistryDao Configuration

2012-08-16 Thread Dmitriy Kopylenko 
Robert,

I will create a wiki entry how to set it up. 

Cheers,
Dmitriy.

Sent from my iPhone

On Aug 16, 2012, at 13:36, Robert Beer  wrote:

> Could someone provide an example of a deployerConfigContext.xml utilizing the 
> new JsonServiceRegistryDao?  Any pointer to some documentation how to 
> configure this feature would be greatly appreciated.
> 
> I have added:
> 
> 
>net.unicon.cas
>cas-addons
>0.9
> 
> 
> to the pom.xml file and am using the maven overlay method.
> --
> Bob Beer 
> Ohio Northern University, Information Technology, Ada, OH  45810
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] JsonServiceRegistryDao Configuration

2012-08-16 Thread Dmitriy Kopylenko 
Here's the the wiki page:
https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Services-Registry

Cheers,
Dmitriy.

On Thu, Aug 16, 2012 at 1:53 PM, Dmitriy Kopylenko <
dmitriy.kopyle...@gmail.com> wrote:

> Robert,
>
> I will create a wiki entry how to set it up.
>
> Cheers,
> Dmitriy.
>
> Sent from my iPhone
>
> On Aug 16, 2012, at 13:36, Robert Beer  wrote:
>
> > Could someone provide an example of a deployerConfigContext.xml
> utilizing the new JsonServiceRegistryDao?  Any pointer to some
> documentation how to configure this feature would be greatly appreciated.
> >
> > I have added:
> >
> > 
> >net.unicon.cas
> >cas-addons
> >0.9
> > 
> >
> > to the pom.xml file and am using the maven overlay method.
> > --
> > Bob Beer 
> > Ohio Northern University, Information Technology, Ada, OH  45810
> >
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> dmitriy.kopyle...@gmail.com
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 0.9.5

2012-08-29 Thread Dmitriy Kopylenko 
Folks,

the version 0.9.5 of cas-addons should be available under the following
maven coordinates:


net.unicon.cas
cas-addons
0.9.5


The changelog for this release could be found here:
https://github.com/Unicon/cas-addons/blob/master/changelog.md

The next target version is 1.0-M1.

Here's your opportunity to express requests, desires, etc. on what would
you like to see in this core CAS' complementary library in this upcoming
release :-)

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] 3.5.0 release of cas-server-integration-berkeleydb?

2012-08-31 Thread Dmitriy Kopylenko 
This might be helpful:
https://groups.google.com/forum/#!searchin/jasig-cas-user/berkeleydb/jasig-cas-user/bV7BPCIl3SY/VEXdWXev-68J

Cheers,
Dmitriy.

On Fri, Aug 31, 2012 at 10:53 AM, Morley Howell  wrote:

> We’re using the berkeleydb ticket registry under 3.4.7, but we’re looking
> at upgrading to 3.5.0. The latest version of the 
> cas-server-integration-berkeleydb
> module in maven central is 3.5.0-RC2. Will this version work with CAS
> 3.5.0? Any idea when a 3.5.0 version of the berkeleydb integration might be
> available?
>
> ** **
>
> Thanks,
>
> ** **
>
> *Morley Howell*
>
> This e-mail message is confidential, may be privileged and is intended for
> the exclusive use of the addressee. Any other person is strictly prohibited
> from disclosing, distributing or reproducing it. If the addressee cannot be
> reached or is unknown to you, please inform us immediately and delete this
> e-mail message and destroy all copies. Thank you.**
>  <#1397d2e5a0e76c13_>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] 3.5.0 release of cas-server-integration-berkeleydb?

2012-08-31 Thread Dmitriy Kopylenko 
Why "durability" of the TicketRegistry is required? Is that something
that's being utilized by some other external components? If the
"durability" is really just a "phantom requirement", I'd recommend taking a
look at the EhCache TicketRegistry - which is lightweight, embedded, and
natively has a clustering functionality baked in, should one choose to use
it later on. An it is part of CAS core in 3.5

Otherwise, there is also a memcached option, but that would require setting
up an external memcached process.

Cheers,
Dmitriy.

On Fri, Aug 31, 2012 at 1:44 PM, Morley Howell
wrote:

> ** **
>
> Thanks Dmitriy & Carlos.
>
> ** **
>
> Is there a recommended/preferred persistent ticket registry implementation
> that works in both 3.4.7 and 3.5.0? Currently we need something as simple
> as possible, e.g. no need for clustering support, minimal/no runtime setup
> or maintenance, etc.
>
> ** **
>
> Morley
>
> ** **
>
> *From:* Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com]
> *Sent:* August-31-12 11:35 AM
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] 3.5.0 release of
> cas-server-integration-berkeleydb?
>
> ** **
>
> This might be helpful:
> https://groups.google.com/forum/#!searchin/jasig-cas-user/berkeleydb/jasig-cas-user/bV7BPCIl3SY/VEXdWXev-68J
> 
>
> ** **
>
> Cheers,
>
> Dmitriy.
>
> On Fri, Aug 31, 2012 at 10:53 AM, Morley Howell <
> morleyhow...@intellimec.com> wrote:
>
> We’re using the berkeleydb ticket registry under 3.4.7, but we’re looking
> at upgrading to 3.5.0. The latest version of the 
> cas-server-integration-berkeleydb
> module in maven central is 3.5.0-RC2. Will this version work with CAS
> 3.5.0? Any idea when a 3.5.0 version of the berkeleydb integration might be
> available?
>
>  
>
> Thanks,
>
>  
>
> *Morley Howell*
>
> This e-mail message is confidential, may be privileged and is intended for
> the exclusive use of the addressee. Any other person is strictly prohibited
> from disclosing, distributing or reproducing it. If the addressee cannot be
> reached or is unknown to you, please inform us immediately and delete this
> e-mail message and destroy all copies. Thank you.
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
>
> 
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> ** **
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mhow...@intellimec.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> This e-mail message is confidential, may be privileged and is intended for
> the exclusive use of the addressee. Any other person is strictly prohibited
> from disclosing, distributing or reproducing it. If the addressee cannot be
> reached or is unknown to you, please inform us immediately and delete this
> e-mail message and destroy all copies. Thank you.**
>  <#1397dc9073318a9f_>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Stormpath AuthenticationHandler

2012-09-02 Thread Dmitriy Kopylenko 


Folks, the Stormpath Authentication Handler has landed in cas-addons. It
should be available in a week or so in maven central as cas-addons-1.0-M1

https://github.com/Unicon/cas-addons/wiki/Configuring-Stormpath-Authentication-Handler



Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 1.0-M1

2012-09-16 Thread Dmitriy Kopylenko 
Folks,

cas-addons 1.0-M1 has been released and is available in maven central. The
changelog is here:
https://github.com/Unicon/cas-addons/blob/master/changelog.md

Next version is 1.0-RC1.

Do not hesitate to request features that you would like to see in CAS, but
are much more difficult to add to CAS core (for various
reasons), whereas they could be made available in CAS much easily via
cas-addons. File your requests here:
https://github.com/Unicon/cas-addons/issues

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] distinguish requestors, multiple authn sources?

2012-09-29 Thread Dmitriy Kopylenko 
One could also use a composite AuthenticationHandler to exercise a "Chain of 
Responsibility" pattern based on specific credential types with a list of 
concretely implemented handlers, without introducing a custom 
AuthenticationManager. 

Cheers,
Dmitriy.

Sent from my iPhone

On Sep 29, 2012, at 3:20, "jleleu"  wrote:

> Hi,
> 
> Yes, the AuthenticationHandler is used to authenticate credentials and the 
> AuthenticationManager is in charge of trying authentication handlers against 
> credentials. With a custom authentication manager, you can choose which 
> authentication handlers to use according to the credentials, the service...
> Best regards,
> Jérôme
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 1.0

2012-10-07 Thread Dmitriy Kopylenko 
Folks,

the cas-addons version 1.0 has been released and is available in Maven
central under the following coordinates:


net.unicon.cas
cas-addons
1.0


The source code for the project can be found here:
https://github.com/Unicon/cas-addons

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Can yo manually set CASTGC cookie manually (httpservletrsponse) to a different domain

2012-10-19 Thread Dmitriy Kopylenko 



> Is there any way to config cas not to throw away ST. Instead make is valid 
> for a period of time?
> 
>  
> 
Yes, that is possible by configuring serviceTicketExpirationPolicy:

https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml

Cheers,
Dmitriy.


>  
> 
> From: Andrew Petro [mailto:ape...@unicon.net] 
> Sent: Friday, October 19, 2012 2:15 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Can yo manually set CASTGC cookie manually 
> (httpservletrsponse) to a different domain
> 
>  
> 
> Richard,
> 
>  
> 
> By design, only CAS can set and read the CAS ticket granting cookie.  This is 
> important to the security of using CAS, since if your CAS TGC was readable 
> more widely (by, say, your application on a different domain), then 
> applications able to read the cookie could read it and use it to craft their 
> own requests to get service tickets in the name of the user.  That is, this 
> would enable illicit delegation.
> 
>  
> 
> So.  What are you trying to do?  The RESTful API is more intended for your 
> application to authenticate as itself to get a TGT to obtain STs 
> authenticating itself to other services.  If you want to be authenticating 
> end users, then the intent of the CAS design is for your application to send 
> those users to CAS to log in to CAS directly, obtain a ST to log in to your 
> application, and then your application can obtain a PGT from that if you need 
> to be getting PTs to authenticate to other applications on the user's behalf.
> 
>  
> 
> Hope this helps,
> 
>  
> 
> Andrew
> 
>  
> 
> On Fri, Oct 19, 2012 at 2:46 PM, Richard Yang  wrote:
> 
> I am calling cas Restful API to generate a TGT. I would like to store this as 
> the valie in the
> 
> CASTGC. But the domain of my application is different from that of the cas 
> server. So can I foul the cas server to make it think this is a valid cookie?
> 
>  
> 
> Otherwise, I had to generate a ST for each service request programmatically 
> using Restful api. This approach has its drawback as it involves application 
> code to manage the ST.
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: ape...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> richard.y...@pearson.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] JsonServiceRegistryDao configuration

2012-10-23 Thread Dmitriy Kopylenko 
Eric,

the init method is "loadServices" now, and you'd need to add the change 
detecting notification config, as described here: 

https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service-Registry

Cheers,
Dmitriy

On Oct 23, 2012, at 16:28, Eric Pierce  wrote:

> Has the configuration changed for the JSON service registry with the addition 
> of the real-time reloading in the newer version cas-addons?  Here's what I 
> have in deployerConfigContext.xml:
> 
>  class="net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao" 
> init-method="load" >
>  value="${cas.serviceRegistry.servicesConfigFile}"/>
> 
> 
> cas.serviceRegistry.servicesConfigFile is a property in an external config 
> file.  And here's the JSON file:
> {
> "services": [
> {
> "enabled": true,
> "ignoreAttributes": false,
> "theme": "impersonate",
> "id": 1,
> "extraAttributes": {
> "createdDate": "2012-08-23"
> },
> "allowedToProxy": false,
> "serviceId": "https://dev.it.usf.edu/**";,
> "description": "Dev server",
> "name": "DEV",
> "ssoEnabled": true,
> "anonymousAccess": false,
> "evaluationOrder": 100,
> "allowedAttributes": [
> "USFeduUnumber"
> ]
> }
> ]
> }
> 
> This works fine with any version of cas-addons before 0.9.5, but when I try 
> any version that includes real-time file reloading, it isn't read at all and 
> CAS reverts to default behavior: release all attributes to everyone.  I get 
> log messages from ReloadableServicesManagerSuppressionAspect, but the 
> loadServices method never runs at all.  Is there something I need to change 
> in my config to get the reloading to work?  Does the JSON file need to be in 
> the WEB-INF directory?
> 
> Thanks,
> -Eric
> 
> -- 
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- epie...@usf.edu
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Exception during 'watchedResource' after modifying JSON service registry file

2012-11-01 Thread Dmitriy Kopylenko 
Hi Carlos,

would you mind attaching your servicesRegistry.conf file?

Thanks,
Dmitriy.

Sent from my iPhone

On Oct 31, 2012, at 16:53, Carlos Fernandez  wrote:

> Good afternoon,
>  
> I’m testing CAS 3.5.1 with CAS Addons 1.0 and JSON service registry and so 
> far it’s working except where I try to modify the registry file, which after 
> saving it results in the exception quoted below, and an unchanged service 
> registry when viewed through /services/manage.html:
>  
> 2012-10-31 16:32:10,824 ERROR 
> [net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier] -  exception is caught during 'watchedResource' access>
> java.lang.NullPointerException
> at 
> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:144)
> at 
> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:1)
> at 
> org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
> at 
> org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:324)
> at 
> net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier.notifyOfTheResourceChangeEventIfNecessary(ResourceChangeDetectingEventNotifier.java:92)
> at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at 
> org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:64)
>at 
> org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:53)
> at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at 
> java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:351)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:178)
> at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at 
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:722)
>  
> The corresponding configuration in deployerConfigContext.xml is:
>  
>  class="net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao"
> init-method="loadServices">
>  value="file:/var/lib/tomcat6/servicesRegistry.conf"/>
> 
>  
>  class="net.unicon.cas.addons.serviceregistry.ReloadableServicesManagerSuppressionAspect"
> factory-method="aspectOf"/>
>  
>  class="net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier"
> c:watchedResource="file:/var/lib/tomcat6/servicesRegistry.conf"/>
>  
> 
>  
> 
>  method="notifyOfTheResourceChangeEventIfNecessary" fixed-delay="5000"/>
> 
>  
> Any suggestions on what I might be missing here?
>  
> Best regards,
> --
> Carlos M. Fernández
> Sr. Enterprise Systems Administrator
> Saint Joseph’s University
> Philadelphia PA 19131
> T: +1 610 660 1501
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Exception during 'watchedResource' after modifying JSON service registry file

2012-11-04 Thread Dmitriy Kopylenko 
Carlos,

I have tried the reloading behavior with the attached configuration file
using "template overlay": https://github.com/Unicon/unicon-cas-overlay and
everything works as expected. Can you be more specific on what config
changes you have made (so I could try to reproduce the NPE you have
indicated)?

Thanks,
Dmitriy.

On Thu, Nov 1, 2012 at 9:39 AM, Carlos Fernandez  wrote:

> Dmitriy,
>
> ** **
>
> ** **
>
> The file is attached.
>
> ** **
>
> Best regards,
>
> --****
>
> Carlos.
>
> ** **
>
> *From:* Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com]
> *Sent:* Thursday, 01 November, 2012 08:20
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] Exception during 'watchedResource' after
> modifying JSON service registry file
>
> ** **
>
> Hi Carlos,
>
> ** **
>
> would you mind attaching your servicesRegistry.conf file?
>
> ** **
>
> Thanks,
>
> Dmitriy.
>
> Sent from my iPhone
>
>
> On Oct 31, 2012, at 16:53, Carlos Fernandez  wrote:
>
> Good afternoon,
>
>  
>
> I’m testing CAS 3.5.1 with CAS Addons 1.0 and JSON service registry and so
> far it’s working except where I try to modify the registry file, which
> after saving it results in the exception quoted below, and an unchanged
> service registry when viewed through /services/manage.html:
>
>  
>
> 2012-10-31 16:32:10,824 ERROR
> [net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier] -  exception is caught during 'watchedResource' access>
>
> java.lang.NullPointerException
>
> at
> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:144)
> 
>
> at
> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:1)
> 
>
> at
> org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
> 
>
> at
> org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:324)
> 
>
> at
> net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier.notifyOfTheResourceChangeEventIfNecessary(ResourceChangeDetectingEventNotifier.java:92)
> 
>
> at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)***
> *
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 
>
> at java.lang.reflect.Method.invoke(Method.java:601)
>
> at
> org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:64)
> 
>
>at
> org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:53)
> 
>
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)***
> *
>
> at
> java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:351)
> 
>
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:178)
> 
>
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> 
>
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> 
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> 
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> 
>
> at java.lang.Thread.run(Thread.java:722)
>
>  
>
> The corresponding configuration in deployerConfigContext.xml is:
>
>  
>
>  class="net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao"
>
> init-method="loadServices">
>
>  value="file:/var/lib/tomcat6/servicesRegistry.conf"/>
>
> 
>
>  
>
>  class="net.unicon.cas.addons.serviceregistry.ReloadableServicesManagerSuppressionAspect"
> 
>
> factory-method="aspectOf"/>
>
>  
>
> 
>
> class="net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier"
> 
>
> c:watchedResource="file:/var/lib/tomcat6/servicesRegistry.conf"/>
>
>  
>
> 
>
>  
>
> 
>
>  method="notifyOfTheResourceChangeEventIfNecessary" fixed-delay="5000&qu

Re: [cas-user] Exception during 'watchedResource' after modifying JSON service registry file

2012-11-05 Thread Dmitriy Kopylenko 
Carlos, in trying to reproduce the problem you mentioned, would you please
provide more info on what exactly you are trying to modify in
servicesRegistry.conf that causes the aforementioned NPE?

Cheers,
Dmitriy.

On Mon, Nov 5, 2012 at 11:21 AM, Carlos Fernandez  wrote:

> Dmitriy,
>
> ** **
>
> My setup doesn’t stray much from what’s published in the CAS user manual,
> if at all. I’m only configuring the JSON service registry, EhCache ticket
> registry, LDAP support using FastBindLdapAuthenticationHandler, and Google
> SAML. The relevant files from my overlay are in the attached zip file.
>
> ** **
>
> Best regards,
>
> --****
>
> Carlos.
>
> ** **
>
> *From:* Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com]
> *Sent:* Sunday, 04 November, 2012 17:30
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] Exception during 'watchedResource' after
> modifying JSON service registry file
>
> ** **
>
> Carlos,
>
> ** **
>
> I have tried the reloading behavior with the attached configuration file
> using "template overlay": https://github.com/Unicon/unicon-cas-overlayand 
> everything works as expected. Can you be more specific on what config
> changes you have made (so I could try to reproduce the NPE you have
> indicated)?
>
> ** **
>
> Thanks,
>
> Dmitriy.
>
> On Thu, Nov 1, 2012 at 9:39 AM, Carlos Fernandez  wrote:
> 
>
> Dmitriy,
>
>  
>
>  
>
> The file is attached.
>
>  
>
> Best regards,
>
> --
>
> Carlos.
>
>  
>
> *From:* Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com]
> *Sent:* Thursday, 01 November, 2012 08:20
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] Exception during 'watchedResource' after
> modifying JSON service registry file
>
>  
>
> Hi Carlos,
>
>  
>
> would you mind attaching your servicesRegistry.conf file?
>
>  
>
> Thanks,
>
> Dmitriy.
>
> Sent from my iPhone
>
>
> On Oct 31, 2012, at 16:53, Carlos Fernandez  wrote:
>
> Good afternoon,
>
>  
>
> I’m testing CAS 3.5.1 with CAS Addons 1.0 and JSON service registry and so
> far it’s working except where I try to modify the registry file, which
> after saving it results in the exception quoted below, and an unchanged
> service registry when viewed through /services/manage.html:
>
>  
>
> 2012-10-31 16:32:10,824 ERROR
> [net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier] -  exception is caught during 'watchedResource' access>
>
> java.lang.NullPointerException
>
> at
> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:144)
> 
>
> at
> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:1)
> 
>
> at
> org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
> 
>
> at
> org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:324)
> 
>
> at
> net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier.notifyOfTheResourceChangeEventIfNecessary(ResourceChangeDetectingEventNotifier.java:92)
> 
>
> at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)***
> *
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 
>
> at java.lang.reflect.Method.invoke(Method.java:601)
>
> at
> org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:64)
> 
>
>at
> org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:53)
> 
>
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)***
> *
>
> at
> java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:351)
> 
>
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:178)
> 
>
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> 
>
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> 
>
> at
> java.util.concurrent.Th

Re: [cas-user] Exception during 'watchedResource' after modifying JSON service registry file

2012-11-05 Thread Dmitriy Kopylenko 
OK, I know where the trouble is. You are missing a piece of this config:






as outlined here:
https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service-Registry

I personally have this entire config in a separate context file (just to
reduce the 'noise' level in deployerConfigContext.xml), in something like
spring-configuration/resourceChangeWatcherContext.xml

Cheers,
Dmitriy.

On Mon, Nov 5, 2012 at 11:55 AM, Dmitriy Kopylenko <
dmitriy.kopyle...@gmail.com> wrote:

> Carlos, in trying to reproduce the problem you mentioned, would you please
> provide more info on what exactly you are trying to modify in
> servicesRegistry.conf that causes the aforementioned NPE?
>
> Cheers,
> Dmitriy.
>
>
> On Mon, Nov 5, 2012 at 11:21 AM, Carlos Fernandez wrote:
>
>> Dmitriy,
>>
>> ** **
>>
>> My setup doesn’t stray much from what’s published in the CAS user manual,
>> if at all. I’m only configuring the JSON service registry, EhCache ticket
>> registry, LDAP support using FastBindLdapAuthenticationHandler, and Google
>> SAML. The relevant files from my overlay are in the attached zip file.***
>> *
>>
>> ** **
>>
>> Best regards,
>>
>> --
>>
>> Carlos.
>>
>> ** **
>>
>> *From:* Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com]
>> *Sent:* Sunday, 04 November, 2012 17:30
>> *To:* cas-user@lists.jasig.org
>> *Subject:* Re: [cas-user] Exception during 'watchedResource' after
>> modifying JSON service registry file
>>
>> ** **
>>
>> Carlos,
>>
>> ** **
>>
>> I have tried the reloading behavior with the attached configuration file
>> using "template overlay": https://github.com/Unicon/unicon-cas-overlayand 
>> everything works as expected. Can you be more specific on what config
>> changes you have made (so I could try to reproduce the NPE you have
>> indicated)?
>>
>> ** **
>>
>> Thanks,
>>
>> Dmitriy.
>>
>> On Thu, Nov 1, 2012 at 9:39 AM, Carlos Fernandez 
>> wrote:
>>
>> Dmitriy,
>>
>>  
>>
>>  
>>
>> The file is attached.
>>
>>  
>>
>> Best regards,
>>
>> --
>>
>> Carlos.
>>
>>  
>>
>> *From:* Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com]
>> *Sent:* Thursday, 01 November, 2012 08:20
>> *To:* cas-user@lists.jasig.org
>> *Subject:* Re: [cas-user] Exception during 'watchedResource' after
>> modifying JSON service registry file
>>
>>  
>>
>> Hi Carlos,
>>
>>  
>>
>> would you mind attaching your servicesRegistry.conf file?
>>
>>  
>>
>> Thanks,
>>
>> Dmitriy.
>>
>> Sent from my iPhone
>>
>>
>> On Oct 31, 2012, at 16:53, Carlos Fernandez  wrote:
>>
>> Good afternoon,
>>
>>  
>>
>> I’m testing CAS 3.5.1 with CAS Addons 1.0 and JSON service registry and
>> so far it’s working except where I try to modify the registry file, which
>> after saving it results in the exception quoted below, and an unchanged
>> service registry when viewed through /services/manage.html:
>>
>>  
>>
>> 2012-10-31 16:32:10,824 ERROR
>> [net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier] - > exception is caught during 'watchedResource' access>
>>
>> java.lang.NullPointerException
>>
>> at
>> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:144)
>> 
>>
>> at
>> net.unicon.cas.addons.serviceregistry.JsonServiceRegistryDao.onApplicationEvent(JsonServiceRegistryDao.java:1)
>> 
>>
>> at
>> org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
>> 
>>
>> at
>> org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:324)
>> 
>>
>> at
>> net.unicon.cas.addons.support.ResourceChangeDetectingEventNotifier.notifyOfTheResourceChangeEventIfNecessary(ResourceChangeDetectingEventNotifier.java:92)
>> 
>>
>> at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)**
>> **
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho

[cas-user] cas-addons 1.0.2

2012-11-05 Thread Dmitriy Kopylenko 
Folks,

cas-addons 1.0.2 has been released and is available in Maven central. Two

features of this release are:

* Salted PasswordEncoder support:

https://github.com/Unicon/cas-addons/wiki/Configuring-ShiroHashServicePasswordEncoder

* Custom external redirect URL option for unauthorized services:

https://github.com/Unicon/cas-addons/wiki/Configuring-custom-redirect-URLs-for-unauthorized-services

Cheers,

Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Registered services API

2012-11-08 Thread Dmitriy Kopylenko 
Currently there is no such a remote resource/API

Dmitriy.

Sent from my iPhone

On Nov 8, 2012, at 14:07, Nemanja Guzina  wrote:

> Hi,
> 
> Does CAS server has an API for getting a registered services via WebService?
> I have an application that manages users for all applications that are 
> connected to CAS, and i need a list of all applications that are registered 
> to CAS.
> 
> Thanks, 
> 
> Nemanja Guzina
> 
> translations.com
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Update JsonServiceRegistryDao configuration

2012-11-10 Thread Dmitriy Kopylenko 
The JSON services registry does not support persistence via services management 
web app. 

Dmitriy.

Sent from my iPhone

On Nov 10, 2012, at 5:00, Nguyen Cao Dat  wrote:

> Hi everyone,
> 
> I have deployed CAS 3.5.1 with JsonServiceRegistryDao. When I create a
> new service through Service Management GUI of CAS, I have seen it. But
> when I reload CAS, the new service have disappeared. I have seen source
> code of JsonServiceRegistryDao of Unicon Addon and understand it don't
> save the new service on the config (servicesRegistry.conf), it save it
> in memory.
> 
> How to save the config when I create a new service through GUI. Thanks.
> 
> NCDAT
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 1.0.3

2012-11-11 Thread Dmitriy Kopylenko 
Folks,

cas-addons 1.0.3 has been released and is available in Maven central. Two
new features of this release are:

* TicketSupport convenience API:
https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/ticket/TicketSupport.java

* Active SSO Sessions Report:
https://github.com/Unicon/cas-addons/wiki/Active-SSO-Sessions-Report

Cheers,
Dmitriy.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] issue with aspectj while importing to eclipse

2012-11-12 Thread Dmitriy Kopylenko 
I'd go with InteliJ IDEA :-)

Cheers,
Dmitriy.


On Mon, Nov 12, 2012 at 11:41 AM, Misagh Moayyed wrote:

> If you’re referring to the warning that says “the plugin does not support
> the default lifecycle”, you can safely ignore it. 
>
> ** **
>
> …or you could also install this the “fix” from the following update site:*
> ***
>
> http://dist.springsource.org/release/AJDT/configurator 
>
> ** **
>
> …or use IntelliJ.
>
> ** **
>
> *-*Misagh*
>
> *
>
> ** **
>
> *From:* Kaushik Chowdhury [mailto:kaushik.chowdh...@valuelabs.com]
> *Sent:* Monday, November 12, 2012 4:58 AM
> *To:* cas-user@lists.jasig.org
> *Subject:* [cas-user] issue with aspectj while importing to eclipse
>
> ** **
>
> Hi,
>
> ** **
>
> How do I configure cas 4 source code in eclipse? When I try to import the
> entire project it throws up error with aspect-maven-plugin:compile.
>  Mentions that the plugin is not found in market place.
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] username/user object on the casGenericSuccess.jsp

2012-11-26 Thread Dmitriy Kopylenko 
To simplify this tgtId -> principal "extraction dance", there is a convenience 
API (with the default implementation) in cas-addons that could be used: 
https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java

Cheers,
Dmitriy.


On Nov 26, 2012, at 1:30 PM, Sandip Paul  wrote:

> Hi CAS Gurus,
> 
> I need to retrieve the username/user object on the casGenericSuccess.jsp?
> After a short google search I found a solution mentioned in the below:
> http://bb10.com/java-jasig-cas-user/2010-10/msg00102.html
> 
> But I am finding difficulties implementing this as I am just a beginner in 
> spring web-flow. Can someone share the code snippet so that I can get some 
> help.
> 
> Highly appreciate your valuable comment on this.
> 
> Regards,
> Sandip
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Extending CAS to know which users are logged in?

2012-11-27 Thread Dmitriy Kopylenko 
Hi. 

Check out "Active SSO sessions report" which might satisfy some of your needs: 
https://github.com/Unicon/cas-addons/wiki/Active-SSO-Sessions-Report

Also, using Apache Camel to generate and send real time login/logout events to 
external systems might just do the job implementing your use cases. (add Camel 
to CAS overlay, configure its route(s) there, etc. - Camel is embeddable and 
very lightweight)

Cheers,
Dmitriy.

Sent from my iPhone

On Nov 27, 2012, at 2:19, sol myr  wrote:

> Hi,
> 
> I have CAS, plus some Java webapps (running on a separate Tomcats).
> Some webapps needs to know which users are logged in (similar to Google Chat, 
> that shows which of your friends are online).
> I need this info through both:
> 
> - Query ("select connected users that answer some criteria") 
> 
> - Event ("user has logged in / out").
> 
> 
> I suspect CAS doesn't support it "out of the box":
> http://comments.gmane.org/gmane.comp.java.jasig.cas.user/16230
> But I was hoping to extend CAS code to achieve this.
> 
> I just need to know whenever a user logs in / logs out / times out, and then 
> I can notify my applications, and also update some custom datastructure for 
> my queries.
> 
> 
> Being a newbie, I'd be grateful to anyone who could hint which CAS classes to 
> extend/use...
> Should I override the TicketRegistry?
> Or add Actions to "spring flow" of Login (but I can't seem to find a "log 
> Out" flow)?
> 
> Or can I get some Events from spring security?
> 
> 
> Thanks very much
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Extending CAS to know which users are logged in?

2012-11-27 Thread Dmitriy Kopylenko 
That's what I have started working on today in cas-addons :-) (expect to see it 
in 1.1 some time in December): namely CAS events publishing framework - 
basically to intercept useful API calls on CentralAuthenticationService and 
then package and publish relevant data as Spring ApplicationEvents. Then on the 
CAS overlay side, just develop Spring ApplicationEventListeners for the events 
of interest and then you could use your imagination what to do with them :-)

Camel is not a requirement, that was more of an example of what could be 
possible to integrate CAS with external systems. For example in CAS overlay, 
configure a route [from(event:cas-event)->any number of processors -> 
to(some-camel-component-for-external-system] etc. Of course, one could simply 
use more tightly coupled point-to-point integration code, without any 
integration broker - it's  just a matter of taste :-)

The important part here is to be able to capture these useful CAS events. Stay 
tuned as I develop it in cas-addons...

Dmitriy.

Sent from my iPhone

On Nov 27, 2012, at 16:36, sol myr  wrote:

> Hi Dmitriy,
> Thanks very much, cas-addons look very promising.
> But could you kindly elaborate about your "Camel" note: Camel would be 
> perfect (we used it before), but how do we hook it into CAS, so that Camel is 
> triggered whenever a user logs in / logs out? 
> Of course I wouldn't expect anyone to type full detailed code, just - where 
> in the CAS API is there a hook, that would trigger my custom code on each 
> login/logout (in my case, the custom code would be publishing through Camel).
> 
> Thanks again
> 
> 
> 
> - Original Message -
> From: Dmitriy Kopylenko 
> To: cas-user@lists.jasig.org
> Cc: 
> Sent: Tuesday, November 27, 2012 2:00 PM
> Subject: Re: [cas-user] Extending CAS to know which users are logged in?
> 
> Hi. 
> 
> Check out "Active SSO sessions report" which might satisfy some of your 
> needs: https://github.com/Unicon/cas-addons/wiki/Active-SSO-Sessions-Report
> 
> Also, using Apache Camel to generate and send real time login/logout events 
> to external systems might just do the job implementing your use cases. (add 
> Camel to CAS overlay, configure its route(s) there, etc. - Camel is 
> embeddable and very lightweight)
> 
> Cheers,
> Dmitriy.
> 
> Sent from my iPhone
> 
> On Nov 27, 2012, at 2:19, sol myr  wrote:
> 
>> Hi,
>> 
>> I have CAS, plus some Java webapps (running on a separate Tomcats).
>> Some webapps needs to know which users are logged in (similar to Google 
>> Chat, that shows which of your friends are online).
>> I need this info through both:
>> 
>> - Query ("select connected users that answer some criteria") 
>> 
>> - Event ("user has logged in / out").
>> 
>> 
>> I suspect CAS doesn't support it "out of the box":
>> http://comments.gmane.org/gmane.comp.java.jasig.cas.user/16230
>> But I was hoping to extend CAS code to achieve this.
>> 
>> I just need to know whenever a user logs in / logs out / times out, and then 
>> I can notify my applications, and also update some custom datastructure for 
>> my queries.
>> 
>> 
>> Being a newbie, I'd be grateful to anyone who could hint which CAS classes 
>> to extend/use...
>> Should I override the TicketRegistry?
>> Or add Actions to "spring flow" of Login (but I can't seem to find a "log 
>> Out" flow)?
>> 
>> Or can I get some Events from spring security?
>> 
>> 
>> Thanks very much
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dkopyle...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> solmy...@yahoo.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Extending CAS to know which users are logged in?

2012-12-07 Thread Dmitriy Kopylenko 
Here's a follow up (should be available in 1.1 coming soon): 
https://github.com/Unicon/cas-addons/wiki/CAS-server-events

Cheers,
Dmitriy.

On Nov 27, 2012, at 6:08 PM, Dmitriy Kopylenko  wrote:

> That's what I have started working on today in cas-addons :-) (expect to see 
> it in 1.1 some time in December): namely CAS events publishing framework - 
> basically to intercept useful API calls on CentralAuthenticationService and 
> then package and publish relevant data as Spring ApplicationEvents. Then on 
> the CAS overlay side, just develop Spring ApplicationEventListeners for the 
> events of interest and then you could use your imagination what to do with 
> them :-)
> 
> Camel is not a requirement, that was more of an example of what could be 
> possible to integrate CAS with external systems. For example in CAS overlay, 
> configure a route [from(event:cas-event)->any number of processors -> 
> to(some-camel-component-for-external-system] etc. Of course, one could simply 
> use more tightly coupled point-to-point integration code, without any 
> integration broker - it's  just a matter of taste :-)
> 
> The important part here is to be able to capture these useful CAS events. 
> Stay tuned as I develop it in cas-addons...
> 
> Dmitriy.
> 
> Sent from my iPhone
> 
> On Nov 27, 2012, at 16:36, sol myr  wrote:
> 
>> Hi Dmitriy,
>> Thanks very much, cas-addons look very promising.
>> But could you kindly elaborate about your "Camel" note: Camel would be 
>> perfect (we used it before), but how do we hook it into CAS, so that Camel 
>> is triggered whenever a user logs in / logs out? 
>> Of course I wouldn't expect anyone to type full detailed code, just - where 
>> in the CAS API is there a hook, that would trigger my custom code on each 
>> login/logout (in my case, the custom code would be publishing through Camel).
>> 
>> Thanks again
>> 
>> 
>> 
>> - Original Message -
>> From: Dmitriy Kopylenko 
>> To: cas-user@lists.jasig.org
>> Cc: 
>> Sent: Tuesday, November 27, 2012 2:00 PM
>> Subject: Re: [cas-user] Extending CAS to know which users are logged in?
>> 
>> Hi. 
>> 
>> Check out "Active SSO sessions report" which might satisfy some of your 
>> needs: https://github.com/Unicon/cas-addons/wiki/Active-SSO-Sessions-Report
>> 
>> Also, using Apache Camel to generate and send real time login/logout events 
>> to external systems might just do the job implementing your use cases. (add 
>> Camel to CAS overlay, configure its route(s) there, etc. - Camel is 
>> embeddable and very lightweight)
>> 
>> Cheers,
>> Dmitriy.
>> 
>> Sent from my iPhone
>> 
>> On Nov 27, 2012, at 2:19, sol myr  wrote:
>> 
>>> Hi,
>>> 
>>> I have CAS, plus some Java webapps (running on a separate Tomcats).
>>> Some webapps needs to know which users are logged in (similar to Google 
>>> Chat, that shows which of your friends are online).
>>> I need this info through both:
>>> 
>>> - Query ("select connected users that answer some criteria") 
>>> 
>>> - Event ("user has logged in / out").
>>> 
>>> 
>>> I suspect CAS doesn't support it "out of the box":
>>> http://comments.gmane.org/gmane.comp.java.jasig.cas.user/16230
>>> But I was hoping to extend CAS code to achieve this.
>>> 
>>> I just need to know whenever a user logs in / logs out / times out, and 
>>> then I can notify my applications, and also update some custom 
>>> datastructure for my queries.
>>> 
>>> 
>>> Being a newbie, I'd be grateful to anyone who could hint which CAS classes 
>>> to extend/use...
>>> Should I override the TicketRegistry?
>>> Or add Actions to "spring flow" of Login (but I can't seem to find a "log 
>>> Out" flow)?
>>> 
>>> Or can I get some Events from spring security?
>>> 
>>> 
>>> Thanks very much
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> dkopyle...@unicon.net
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> solmy...@yahoo.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dkopyle...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Getting exception.message in the CAS login page with Http GET parameter "?execution".

2012-12-26 Thread Dmitriy Kopylenko 
You should not manually pass the 'execution' param. Just access login page as 
/login. 

Cheers,
Dmitriy.

Sent from my iPhone

On Dec 26, 2012, at 5:11, "y-suz...@sec.co.jp"  wrote:

> Hello, all.
> 
> I have a problem using jasig CAS 3.5.1.
> When I access the CAS login page with a Http GET parameter 
> "?execution", I get a exception.message. 
> 
> The procedure is as follows.
> 1) Build the quick demo page of CAS according to quick installation guide 
> (INSTALL.txt).
> 2) Access the CAS login page with a Http GET parameter "?execution".
>   for example:  
> http://hostname:8080/cas-server-webapp-3.5.1/login?execution
> 3) Contrary to my expectation that the CAS login page will be displayed, an 
> exception.message is displayed.
>   here's the exception.message displayed at web browser.
> --
> {"exception.message":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException:
>  Badly formatted flow execution key '', the expected format is 'The 
> string-encoded flow execution key is 
> required'","exception.stacktrace":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException:
>  Badly formatted flow execution key '', the expected format is 'The 
> string-encoded flow execution key is required'\n\tat 
> org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseFlowExecutionKey(AbstractFlowExecutionRepository.java:115)\n\tat
>  
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:164)\n\tat
>  
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)\n\tat
>  
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)\n\tat
>  
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)\n\tat
>  
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)\n\tat
>  
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)\n\tat
>  javax.servlet.http.HttpServlet.service(HttpServlet.java:621)\n\tat 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:722)\n\tat 
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)\n\tat
>  
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)\n\tat
>  
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)\n\tat
>  
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)\n\tat
>  
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)\n\tat
>  
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)\n\tat
>  
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)\n\tat
>  
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)\n\tat
>  
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)\n\tat
>  
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)\n\tat
>  
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)\n\tat
>  
> com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)\n\tat
>  
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)\n\tat
>  
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)\n\tat
>  
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)\n\tat
>  
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)\n\tat
>  
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)\n\tat
>  
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)\n\tat
>  
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)\n\tat
>  
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)\n\tat
>  
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)\n\tat
>  
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)\n\tat
>  org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)\n\tat 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)\n\tat
>  
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)\n\tat
>  
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)\n\tat
>  
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)\n\tat
>  java.lang.Thread.run(Thread.java:722)\n","failure":"true"}
>

Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out

2012-12-28 Thread Dmitriy Kopylenko 
When logging out, it would be a responsibility of a client application to 
destroy its Session store (created by CAS client library) which caches 
authenticated Principals in it.

Dmitriy.

Sent from my iPhone

On Dec 27, 2012, at 17:45, Farzan Qureshi  wrote:

> Hi Eric,
> 
> I confirm that I am also facing the same issue. It looks like that when we 
> log out it does not destroy the cookie/session under the browser though it is 
> destroyed on CAS. I can access the resource without authenticating again on 
> the same browser window.  Or in case I close the browser and access again 
> only then I am asked to provide credentials.
> 
> I am sorry I have no solution to offer but it is happening with us too.
> 
> Kind regards,
> 
> Farzan
> 
> On 28/12/2012 11:31 AM, "Stein, Eric"  wrote:
>> Thanks for helping, Gil!
>> 
>>  
>> 
>> Okay, I switched to SAML. I needed to do that anyway, so I'm glad to get 
>> that out of the way. Unfortunately, I'm still seeing the issue. I'm using 
>> Firefox 17.0.1. I log in to my hello-world webapp successfully. I included 
>> this link in index.jsp:
>> 
>>  
>> 
>> Log 
>> out 
>> 
>>  
>> 
>> When I click on the link, it takes me to the cas logoff screen and says I 
>> have been logged out. However, when I return to /hello-world, I see the JSP 
>> without needing to reauthenticate. I've attached the most recent version of 
>> my web.xml file. If anybody has any thoughts, I'd really appreciate it.
>> 
>>  
>> 
>> Thanks,
>> 
>> Eric Stein
>> 
>>  
>> 
>> From: Gil Victor Teixeira Pinto [mailto:gilc...@gmail.com] 
>> Sent: Thursday, December 27, 2012 2:04 PM
>> To: jasig-cas-u...@googlegroups.com
>> Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; Stein, Eric
>> Subject: Re: [cas-user] CAS 3.5.1: Having trouble with Sign-Out
>> 
>>  
>> 
>> Hi, 
>> 
>> The only difference that i have in my web.xml is the SAML:
>> 
>> 
>> 
>> CAS Single Sign Out Filter
>> 
>> org.jasig.cas.client.session.SingleSignOutFilter
>> 
>> artifactParameterName
>> SAMLart
>> 
>> 
>> 
>> 
>> I've also SAML at:
>> 
>> 
>> 
>> 
>> CAS Authentication Filter
>> 
>> org.jasig.cas.client.authentication.Saml11AuthenticationFilter
>> 
>> 
>> casServerLoginUrl
>> https://server:8443/cas/login
>> 
>> 
>> serverName
>> http://server:8080
>> 
>> 
>> 
>> 
>> CAS Validation Filter
>> 
>> org.jasig.cas.client.validation.Saml11TicketValidationFilter
>> 
>> 
>> casServerUrlPrefix
>> https://server:8443/cas
>> 
>> 
>> serverName
>> http://server:8080
>> 
>> 
>> redirectAfterValidation
>> true
>> 
>> 
>> useSession
>> true
>> 
>> 
>> 
>> 
>> 
>> On Wednesday, December 26, 2012 8:24:41 PM UTC-2, Stein, Eric wrote:
>> 
>> I've got Tomcat 7.0.25 running with CAS 3.5.1 and a trivial java webapp 
>> with one JSP. I added a link from the page to /cas/logout. When I follow 
>> the link, CAS tells me I've logged out successfully, but I can navigate 
>> back to the page without needing to authenticate again. It looks like 
>> tickets are still being granted. I'm also seeing this line in my client 
>> webapp: 
>> 
>> 17:10:01.946 [http-bio-8080-exec-12] TRACE 
>> o.j.c.c.session.SingleSignOutFilter - Ignoring URI /hello-world/ 
>> 
>> Does anyone have any thoughts on what I might be doing wrong? Is there 
>> any documentation on sign out/single sign out that I'm missing? 
>> 
>> Thanks, 
>> Eric Stein 
>> 
>> -- 
>> You are currently subscribed to cas-...@lists.jasig.org as: 
>> jasig-cas-user...@googlegroups.com 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> fqure...@rosmini.school.nz
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. If 
> you have received this email in error please notify the system manager 
> (ad...@rosmini.school.nz). Please note that any views or opinions presented 
> in this email are solely those of the author and do not necessarily represent 
> those of the company. Finally, the recipient should check this email and any 
> attachments for the presence of viruses. Rosmini College accepts no liability 
> for any damage caused by any virus transmitted by this email.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
Yo

Re: [cas-user] Combine LDAP with SQL for validation

2012-12-31 Thread Dmitriy Kopylenko 
Sure is possible. One strategy to do this would be:

1) Create a simple "strategy" interface/impl that takes a principal id and does 
an additional validation (checking the status against a DB2 data source in this 
case)
2) Add an additional action state to the CAS' login flow to execute this check 
and based on the outcome either transition to a regular ticket generation state 
or a friendly end state halting the login process.

This should be easily accomplished in the standard Maven war overlay over CAS 
server war.

Happy New Year.

Dmitriy.

On Dec 31, 2012, at 2:02 PM, "Ken Maruyama"  wrote:

> Hi I currently have this configured and it is working fine.
> 
> 1. User log's in with profile_name/pass.
> 2. Validate that profile_name/pass against LDAP.
> 3. If success use CredentialsToLDAPAttributePrincipalResolver to get a 
> different attribute from LDAP to use it as an ID to use for the client.
> 4. Ticket is generated successfully and user is logged into the server using 
> the ID (Not profile_name).
> 
> I want to add the following step before 4.
> 
> - Based on the ID obtained from LDAP, go to database (DB2) and make sure this 
> user has a valid status.
> 
> How would I approach this kind of situation where I have to use two separate 
> source to do validation?
> 
> Thank you in advance.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas-addons 1.1

2013-01-02 Thread Dmitriy Kopylenko 
Folks, Happy New Year!

The cas-addons 1.1 is now released and is available in Maven central.

The main features of this release:

* Updated pom dependencies to the latest version (where available)
* Convenience "Assertions" utility class: 
https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/support/Assertions.java
* CAS events publishing framework: 
https://github.com/Unicon/cas-addons/wiki/CAS-server-events
* Removal of the CAS clients related code and moving it to the new project 
called 'cas-java-clients-addons': 
https://github.com/Unicon/cas-java-clients-addons

Cheers,
Dmitriy.
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Combine LDAP with SQL for validation

2013-01-07 Thread Dmitriy Kopylenko 


Sent from my iPhone

On Jan 7, 2013, at 16:49, "Ken Maruyama"  wrote:

> Hi Dmitriy,
> 
> I'm trying to follow your suggestion, but have some questions.
> 
> First, when you say I should create a interface/impl, do you mean to create a 
> implementation of AuthenticationHandler?

No. I mean a separate API/Impl from core CAS API. In other words a custom API 
which should plug into the CAS login webflow. 


> 
> 
> Second, does adding additional action means adding a  property in the 
> authenticationHandlers section of the deployerConfigContext.xml?

It would be a custom state definition in login-webflow.xml as well as any 
custom beans in WEB-INF/spring-configuration. 

> uthenticationManagerImpl">
>
>  
> class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
>  
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>  />
>  
>  
>value="XX" />
>  
>  
>  
>
>  
>
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
> 
>ref="attributeRepository" />
>
> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
>  />
>  
>
>
>  
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>p:httpClient-ref="httpClient" />
>p:filter="uid=%u" p:searchBase="o=X,c=XXX"
>p:contextSource-ref="contextSource" />
>  
>
>  
>  
>authorities="ROLE_ADMIN" />
>  
>class="org.jasig.services.persondir.support.StubPersonAttributeDao">
> 
>
>  
>
>value="eduPersonAffiliation" />
>
>  
>
>  
>class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
>
>  
>
> 
>  
>  
>value="Allows HTTP(S) and IMAP(S) protocols" />
>value="^(https?|imaps?)://.*" />
>  
>
>  
>
>  
>class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
>class="org.jasig.cas.monitor.HealthCheckMonitor">
>
>  
>p:freeMemoryWarnThreshold="10" />
>p:ticketRegistry-ref="ticketRegistry"
>p:serviceTicketCountWarnThreshold="5000"
>p:sessionCountWarnThreshold="10" />
>  
>
>  
>class="org.springframework.ldap.core.support.LdapContextSource">
>
>
>
>  
>value="3000" />
>
>value="simple" />
>  
>
>  
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Combine LDAP with SQL for validation

2013-01-08 Thread Dmitriy Kopylenko 
After a successful CAS authentication, TGT ID (String representation of a 
ticket granting ticket id) should be available in the flow scope. You could 
then use a little helper API from cas-addons to get an authenticated principal 
by this TGT ID:

https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java
 (getAuthenticatedPrincipalFrom(String) method) or you could roll your own.

Cheers,
Dmitriy.

On Jan 8, 2013, at 3:01 PM, kmaruy...@fidm.com wrote:

> Thank you again for the info.
> I was able to add an action to login-webflow.xmland create a flow that I 
> needed.
> 
> I created a simple POJO with a method that takes String as a parameter.
> The goal is to pass the resolved principle id and pass it to this method. 
> Then this method will do the validation against DB2.
> 
> I am currently trying to figure out how to obtain the resolved principle id 
> and use it in the method I created.
> For test purpose I used flowScope.credentials.username as a parameter like 
> this:
> 
> 
> 
> but this gives me the login id which is what the user entered on the form, 
> not the resolved ID that the program needs.
> 
> I use CredentialsToLDAPAttributePrincipalResolverto get a different ID from 
> LDAP.
> 
> I will continue to do research, but if you can point me on where the resolved 
> ID gets stored and how to access that in login-webflow.xml, that will be 
> great.
> 
> Thank you,
> 
> Ken Maruyama
> Technical Architect
> Fashion Institute of Design & Merchandising
> 1-213-624-1201 Ex.4525
> kmaruy...@fidm.edu
> 
> 
> 
> From:Dmitriy Kopylenko 
> To:
> Date:01/07/2013 04:21 PM
> Subject:Re: [cas-user] Combine LDAP with SQL for validation
> 
> 
> 
> 
> 
> Sent from my iPhone
> 
> On Jan 7, 2013, at 16:49, "Ken Maruyama"  wrote:
> 
> > Hi Dmitriy,
> > 
> > I'm trying to follow your suggestion, but have some questions.
> > 
> > First, when you say I should create a interface/impl, do you mean to create 
> > a implementation of AuthenticationHandler?
> 
> No. I mean a separate API/Impl from core CAS API. In other words a custom API 
> which should plug into the CAS login webflow. 
> 
> 
> > 
> > 
> > Second, does adding additional action means adding a  property in the 
> > authenticationHandlers section of the deployerConfigContext.xml?
> 
> It would be a custom state definition in login-webflow.xml as well as any 
> custom beans in WEB-INF/spring-configuration. 
> 
> > uthenticationManagerImpl">
> >
> >  
> > > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
> >  
> > > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> >  />
> >  
> >  
> >   >  value="XX" />
> >  
> >  
> >  
> >
> >  
> >
> > > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
> > 
> >   >  ref="attributeRepository" />
> >
> > > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> >  />
> >  
> >
> >
> >  
> > > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> >p:httpClient-ref="httpClient" />
> > > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
> >p:filter="uid=%u" p:searchBase="o=X,c=XXX"
> >p:contextSource-ref="contextSource" />
> >  
> >
> >  
> >  
> > >authorities="ROLE_ADMIN" />
> >  
> >   >  class="org.jasig.services.persondir.support.StubPersonAttributeDao">
> > 
> >
> >  
> >
> > >value="eduPersonAffiliation" />
> >
> >  
> >
> >  
> >   >  class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
> >
> >  
> >
> > 
> >  
> >  
> >   >  value="Allows HTTP(S) and IMAP(S) protocols" />
> >   >

Re: [cas-user] Combine LDAP with SQL for validation

2013-01-08 Thread Dmitriy Kopylenko 
A little note:

if you choose to use AuthenticationSupport API, here's how you would wire up 
the default implementation (it needs instance of TicketRegistry):

http://www.springframework.org/schema/beans";
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
   xmlns:c="http://www.springframework.org/schema/c";
   xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd"/>   

   



Note that it uses Spring 3.1 'c' pseudo namespace for constructor args, so 
needs a proper xmlns declaration in the beans element header as to avoid any 
pain debugging if it fails. Of course this is just an example and you could 
choose not to use the 'c' namespace.

Hope this helps.

Dmitriy.

On Jan 8, 2013, at 3:23 PM, Dmitriy Kopylenko  wrote:

> After a successful CAS authentication, TGT ID (String representation of a 
> ticket granting ticket id) should be available in the flow scope. You could 
> then use a little helper API from cas-addons to get an authenticated 
> principal by this TGT ID:
> 
> https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java
>  (getAuthenticatedPrincipalFrom(String) method) or you could roll your own.
> 
> Cheers,
> Dmitriy.
> 
> On Jan 8, 2013, at 3:01 PM, kmaruy...@fidm.com wrote:
> 
>> Thank you again for the info.
>> I was able to add an action to login-webflow.xmland create a flow that I 
>> needed.
>> 
>> I created a simple POJO with a method that takes String as a parameter.
>> The goal is to pass the resolved principle id and pass it to this method. 
>> Then this method will do the validation against DB2.
>> 
>> I am currently trying to figure out how to obtain the resolved principle id 
>> and use it in the method I created.
>> For test purpose I used flowScope.credentials.username as a parameter like 
>> this:
>> 
>> 
>> 
>> but this gives me the login id which is what the user entered on the form, 
>> not the resolved ID that the program needs.
>> 
>> I use CredentialsToLDAPAttributePrincipalResolverto get a different ID from 
>> LDAP.
>> 
>> I will continue to do research, but if you can point me on where the 
>> resolved ID gets stored and how to access that in login-webflow.xml, that 
>> will be great.
>> 
>> Thank you,
>> 
>> Ken Maruyama
>> Technical Architect
>> Fashion Institute of Design & Merchandising
>> 1-213-624-1201 Ex.4525
>> kmaruy...@fidm.edu
>> 
>> 
>> 
>> From:Dmitriy Kopylenko 
>> To:
>> Date:01/07/2013 04:21 PM
>> Subject:Re: [cas-user] Combine LDAP with SQL for validation
>> 
>> 
>> 
>> 
>> 
>> Sent from my iPhone
>> 
>> On Jan 7, 2013, at 16:49, "Ken Maruyama"  wrote:
>> 
>> > Hi Dmitriy,
>> > 
>> > I'm trying to follow your suggestion, but have some questions.
>> > 
>> > First, when you say I should create a interface/impl, do you mean to 
>> > create a implementation of AuthenticationHandler?
>> 
>> No. I mean a separate API/Impl from core CAS API. In other words a custom 
>> API which should plug into the CAS login webflow. 
>> 
>> 
>> > 
>> > 
>> > Second, does adding additional action means adding a  property in 
>> > the authenticationHandlers section of the deployerConfigContext.xml?
>> 
>> It would be a custom state definition in login-webflow.xml as well as any 
>> custom beans in WEB-INF/spring-configuration. 
>> 
>> > uthenticationManagerImpl">
>> >
>> >  
>> >> > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
>> >  
>> >> > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>> >  />
>> >  
>> >  
>> >  > >  value="XX" />
>> >  
>> >  
>> >  
>> >
>> >  
>> >
>> >> > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
>> > 
>> >  > >  ref="attributeRepository" />
>> >
>> >> > class="org.jasig.ca

Re: [cas-user] Combine LDAP with SQL for validation

2013-01-09 Thread Dmitriy Kopylenko 
Glad it worked out!

Cheers,
Dmitriy.

Sent from my iPhone

On Jan 9, 2013, at 20:08, "Ken Maruyama"  wrote:

> Dmitriy,
> 
> Thank you very much for your help.
> I was able to achieve what I wanted to do.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS and IDP solution

2013-01-11 Thread Dmitriy Kopylenko 
Usually CAS client's useSession=true is the culprit here. 

Dmitriy.

Sent from my iPhone

On Jan 11, 2013, at 19:45, Andrew Morgan  wrote:

> On Wed, 9 Jan 2013, Andrew Petro wrote:
> 
>> Hi Farzan,
>> 
>> Shibboleth can be complex, yes, with much to learn about it and many
>> opportunities to configure.
>> 
>> The CAS-Shibboleth bridging piece isn't too bad.  Here's my favorite
>> solution:
>> 
>> https://github.com/Unicon/shib-cas-authenticator
>> 
>> I thought this presentation was pretty good:
>> 
>> https://wiki.jasig.org/x/AxMoAw
>> 
>> Hope that helps,
>> 
>> Andrew
> 
> I watched this presentation and read about the shib-cas-authenticator. Neat 
> stuff!
> 
> I have already configured Shibboleth IdP v2.3.8 to use CAS authentication as 
> described here:
> 
>  https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration
> 
> (Install the CAS Client for Java, configure IdP to use the RemoteUser 
> LoginHandler).
> 
> After seeing your presentation, I commented out the PreviousSession 
> LoginHandler in handler.xml, thinking that all requests to the IdP would go 
> back to CAS.  My goal was to have just a single SSO session rather than CAS + 
> Shibboleth SSO sessions.
> 
> However, it appears that the CAS Client for Java in the IdP is keeping the 
> session "alive".  Even if I logout of CAS, I am not redirected to CAS for a 
> new ST the next time use the IdP.  I assume the CAS Client for Java is 
> storing my authenticated state in the Jsession.
> 
> Any thoughts on this?  Would setting useSession=false on the CAS Validation 
> Filter work?  Can the CAS and Shibboleth sessions be bridged without using 
> the shib-cas-authenticator?
> 
> Thanks,
>Andy
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] login-webflow.xml confusion

2013-01-23 Thread Dmitriy Kopylenko 
Eric,

the authenticated principal is not available in the flow scope after a 
successful authentication and SSO session establishment. TGT id String is. So 
to get to the authenticated principal id, you'd need to do this dance: 

* TickerRegistry#getTicket(String)

* TicketGrantingTicket#getAuthentication

* Authentication#getPrincipal

* Principal#getId

On the other hand, flowScope.credentials object contains an id that was 
presented by a user when challenged for authentication by CAS, but id does not 
represent a successfully authenticated principal.

Dmitriy.

On Jan 23, 2013, at 3:16 PM, "Stein, Eric"  wrote:

> Jérôme,
>  After a successful authentication, I want to route the user one of serveral 
> ways based on a flag in the database. Making them confirm the EULA is one 
> option. I may also want to force them to change a password, or otherwise push 
> them around before they get to the application they originally requested. Is 
> your suggestion viable given that there are probably 5 or 6 paths they could 
> go down? I'd like to avoid a chain of tests, where checkEULA passes them to 
> changePassword which passes them to doOtherThing etc.
> 
>  I guess I could have an action between realSubmit and 
> sentTicketGrantingTicket which looks up that flag and returns some value 
> which then points you to the right view. Is there a way to figure out the 
> user's login ID? Is it in flowScope.credentials, maybe?
> 
> Thanks,
> Eric
> 
> -Original Message-
> From: jleleu [mailto:lel...@gmail.com] 
> Sent: Wednesday, January 23, 2013 2:35 PM
> To: cas-user@lists.jasig.org
> Subject: RE:[cas-user] login-webflow.xml confusion
> 
> Hi,
> 
> You're right, throwing an exception during authentication prevents the 
> granting ticket to be saved in your registry and triggers a TicketException. 
> This causes your problem.
> 
> Just to be sure that I clearly understand you need : after a successfull 
> authentication, you want to display a confirmation page for some (all ?) 
> users. Am I right ?
> 
> A solution could be to add an intermediate action "checkEULA" :
> 
> expression="authenticationViaFormAction.submit(flowRequestContext, 
> flowScope.credentials, messageContext)" />
> ...
> 
> 
>  
>  
>   
> 
> This "chekEULA" would transition to "sendTicketGrantingTicket" if no 
> confirmation page should be displayed or to the confirmation view if it's 
> necessary...
> 
> Best regards,
> Jérôme
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> ste...@locustec.com To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Ticket validation failed when IP changed ?

2013-01-24 Thread Dmitriy Kopylenko 
>From the log entries, it seems that the ST in question has expired, therefore 
>it is considered invalid.

Dmitriy.

Sent from my iPhone

On Jan 24, 2013, at 4:45, Hendrik Coetzee  wrote:

> Good day,
>  
> We have an intermitted error that appears on ticket expiry,
> here is what we can see in the logs  from the catalina.out file:
> 
> 2013-01-23 14:54:05,556 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] 
> -  [ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za] for service 
> [https://vula.uct.ac.za:443/sakai-login-tool/container] for user []>
> 2013-01-23 14:54:05,557 INFO 
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: 
> WHAT: ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za for 
> https://vula.uct.ac.za:443/sakai-login-tool/container
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Jan 23 14:54:05 SAST 2013
> CLIENT IP ADDRESS: 93.186.23.81
> SERVER IP ADDRESS: 137.158.154.74
> =
> 2013-01-23 14:54:25,982 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] 
> -  expired.>
> 2013-01-23 14:54:25,982 INFO 
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za
> ACTION: SERVICE_TICKET_VALIDATE_FAILED
> APPLICATION: CAS
> WHEN: Wed Jan 23 14:54:25 SAST 2013
> CLIENT IP ADDRESS: 137.158.155.16
> SERVER IP ADDRESS: 137.158.154.74
> =
>  
> On the Apache side the following can be detected:
>  
> [23/Jan/2013:14:54:25 +0200] 93.186.31.83 TLSv1 DHE-RSA-AES128-SHA "GET 
> /sakai-login-tool/container?ticket=ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za
>  HTTP/1.1" 749 
> "https://login.uct.ac.za/cas/login?service=https%3A%2F%2Fvula.uct.ac.za%3A443%2Fsakai-login-tool%2Fcontainer";
>  "Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en-GB) AppleWebKit/534.11+ 
> (KHTML, like Gecko) Version/7.1.0.342 Mobile Safari/534.11+" 13467 13364 500
>  
> Sakai tomcat app server logs:
>  
> 2013-01-23 14:54:25,987 WARN ajp-bio-8009-exec-723 
> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter - 
> org.jasig.cas.client.validation.TicketValidationException:
> ticket 'ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za' 
> not recognized
>  
> org.jasig.cas.client.validation.TicketValidationException:
> ticket 'ST-13215-bAqdKgJd2dOR6xObAnYn-srvslscas001.uct.ac.za' 
> not recognized
>  
> at 
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:86)
> at 
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217)
> at 
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:165)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at 
> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at 
> org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:695)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at 
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
> at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)
> at 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
> at 
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.

Re: [cas-user] login-webflow.xml confusion

2013-01-25 Thread Dmitriy Kopylenko 
Eric,

the TGT ID should be available in the request scope, so you could pass it to 
your action state impl using SWF expression lang.  provided that you model your 
action method to take the TGT ID e.g. 

…



…

BTW, instead of doing the "dance" yourself, you could opt to let the 
convenience API in cas-addons do it for you :-)

https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java

Example of configuring and using that API in SWF to retrieve an Authenticated 
principal: 
https://github.com/Unicon/cas-addons/wiki/Authenticated-Principal-in-Generic-Success-Login-View

Cheers,
Dmitriy.

On Jan 25, 2013, at 3:29 PM, "Stein, Eric"  wrote:

> Dmitriy,
>   Thank you for the dance! I have it coded and I'm trying to test it. I'm not 
> sure how to get the original ticket into my action, though.
>  
> login-webflow.xml calls to a bean defined in cas-servlet as:
>class="com.locustec.authentication.LookupAccountStatusAction">
> 
> 
>   
>  
> Presumably the ticket would be passed in as a parameter, something like this:
>class="com.locustec.authentication.LookupAccountStatusAction">
> p:ticket=""
> 
> 
>   
>  
> but I'm not sure how to get a handle to the ticket.
>  
> Thanks for any ideas,
> Eric
>  
>  
> -Original Message-
> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
> Sent: Wednesday, January 23, 2013 4:12 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] login-webflow.xml confusion
>  
> Eric,
>  
> the authenticated principal is not available in the flow scope after a 
> successful authentication and SSO session establishment. TGT id String is. So 
> to get to the authenticated principal id, you'd need to do this dance:
>  
> * TickerRegistry#getTicket(String)
>  
> * TicketGrantingTicket#getAuthentication
>  
> * Authentication#getPrincipal
>  
> * Principal#getId
>  
> On the other hand, flowScope.credentials object contains an id that was 
> presented by a user when challenged for authentication by CAS, but id does 
> not represent a successfully authenticated principal.
>  
> Dmitriy.
>  
> On Jan 23, 2013, at 3:16 PM, "Stein, Eric"  wrote:
>  
> > Jérôme,
> >  After a successful authentication, I want to route the user one of 
> > serveral ways based on a flag in the database. Making them confirm the EULA 
> > is one option. I may also want to force them to change a password, or 
> > otherwise push them around before they get to the application they 
> > originally requested. Is your suggestion viable given that there are 
> > probably 5 or 6 paths they could go down? I'd like to avoid a chain of 
> > tests, where checkEULA passes them to changePassword which passes them to 
> > doOtherThing etc.
> >
> >  I guess I could have an action between realSubmit and 
> > sentTicketGrantingTicket which looks up that flag and returns some value 
> > which then points you to the right view. Is there a way to figure out the 
> > user's login ID? Is it in flowScope.credentials, maybe?
> >
> > Thanks,
> > Eric
> >
> > -Original Message-
> > From: jleleu [mailto:lel...@gmail.com]
> > Sent: Wednesday, January 23, 2013 2:35 PM
> > To: cas-user@lists.jasig.org
> > Subject: RE:[cas-user] login-webflow.xml confusion
> >
> > Hi,
> >
> > You're right, throwing an exception during authentication prevents the 
> > granting ticket to be saved in your registry and triggers a 
> > TicketException. This causes your problem.
> >
> > Just to be sure that I clearly understand you need : after a successfull 
> > authentication, you want to display a confirmation page for some (all ?) 
> > users. Am I right ?
> >
> > A solution could be to add an intermediate action "checkEULA" :
> > 
> > > expression="authenticationViaFormAction.submit(flowRequestContext, 
> > flowScope.credentials, messageContext)" />   
> > ...
> >
> > 
> > > to="sendTicketGrantingTicket" />   > to="confirmEULAView" /> 
> >
> > This "chekEULA" would transition to "sendTicketGrantingTicket" if no 
> > confirmation page should be displayed or to the confirmation view if it's 
> > necessary...
> >
> > Best regards,
> > Jérôme
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> > ste...@locustec.com To unsubscribe, change settings

Re: [cas-user] Assistance needed adding JSON presistance to cas

2013-02-25 Thread Dmitriy Kopylenko 
Hi Rick.

Can you please send the pom.xml of your CAS overlay?

Thanks,
Dmitriy.

On Feb 25, 2013, at 10:23 AM, Richard Versace  wrote:

> Misagh,
> 
> Thanks for the hint, but as I said, I'm sort of coming in in the middle of 
> the movie and that doesn't mean much to me right now.
> 
> Could you give me another hint or point me to some documentation somewhere 
> that could help me out?
> 
> Thanks,
> 
> Rick.
> 
> 
> 
> On Mon, Feb 25, 2013 at 9:50 AM, Misagh Moayyed  wrote:
> Seems like the ‘c’ namespace is part of Spring 3.1. You could try the 
> alternative syntax that is: 
> 
>  
> 
> -Misagh
> 
> 
>  
> 
> From: Richard Versace [mailto:rivers...@vassar.edu] 
> Sent: Saturday, February 23, 2013 3:03 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Assistance needed adding JSON presistance to cas
> 
>  
> 
> Based on this...
> 
> 
> >locate spring|grep tomcat|grep WEB-INF|grep -i release|grep jar|sort -u
> 
> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-aop-3.0.5.RELEASE.jar
> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-asm-3.0.5.RELEASE.jar
> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-beans-3.0.5.RELEASE.jar
> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-binding-2.2.1.RELEASE.jar
> 
> I'd say 3.0.5.  But it's just a guess
> 
>  
> 
> On Sat, Feb 23, 2013 at 5:09 AM, Misagh Moayyed  wrote:
> 
> Rick, could you explain what Spring version you’re using in your Maven 
> overlay?
> 
>  
> 
> -Misagh
> 
>  
> 
> From: Richard Versace [mailto:rivers...@vassar.edu] 
> Sent: Thursday, February 21, 2013 9:53 AM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] Assistance needed adding JSON presistance to cas
> 
>  
> 
> Firstly, I'm new to the wild and wonderful world of server side java apps and 
> alI of the configuration and other magic that goes along with it.
> 
>  
> 
> Secondly, I have a cas setup that consists of 2 load balanced nodes that keep 
> ticket info current using ehcache.
> 
>  
> 
> Thirdly, I'm trying to add persistence to the services registry using the 
> JSON method found here...  
> https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service-Registry
> 
>  
> 
>  
> 
> I've muddled my way through most of the setup but now I'm stuck, I'm sure not 
> for the last time.
> 
>  
> 
> this line in deployerConfigContext.xml is giving me trouble...
> 
>  
> 
> xmlns:c="http://www.springframework.org/schema/c";
> 
>  
> 
> This assumption is based on this line in the catalina.out file at startup...
> 
>  
> 
> 2013-02-21 11:01:49,880 ERROR [org.springframework.web.context.ContextLoader] 
> - 
> 
> org.springframework.beans.factory.parsing.BeanDefinitionParsingException: 
> Configuration problem: Unable to locate Spring NamespaceHandler for XML 
> schema namespace [http://www.springframework.org/schema/c]
> 
> Offending resource: ServletContext resource 
> [/WEB-INF/deployerConfigContext.xml]
> 
>  
> 
> Based on the blind research I've done I'm thinking I don't have the proper 
> version of Spring.  I haven't a clue on how to fix that.
> 
>  
> 
> I am using maven 2.? to package the war file.  
> 
>  
> 
> Don't know what other info anyone may need because, like I said, I'm new to 
> this magic.
> 
>  
> 
> Any help would be appreciated.
> 
>  
> 
> Thanks,
> 
>  
> 
> Rick Versace.
> 
>  
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> rivers...@vassar.edu
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> rivers...@vassar.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Assistance needed adding JSON presistance to cas

2013-02-25 Thread Dmitriy Kopylenko 
Rick,

your overlay currently builds on top of CAS 3.4.12. The minimum supported
version of CAS for cas-addons 1.0 and up is 3.5.1, as stated here:
https://github.com/Unicon/cas-addons/blob/master/README.md

So, I'm afraid that an upgrade would be in order here (which is a good
thing in of itself).

As for upgrade guidelines, I am not sure that there are any written ones
(someone could correct me). The biggest thing to watch for during the
upgrade would be that any custom components re-defined in CAS configuration
files e.g. login-webflow.xml, cas-servlet.xml, deployerConfigContext.xml
get properly ported into the newest configuration files from the CAS
version in question.

Cheers,
Dmitriy.



On Mon, Feb 25, 2013 at 10:59 AM, Richard Versace wrote:

> Here you go.
>
>
> On Mon, Feb 25, 2013 at 10:33 AM, Dmitriy Kopylenko  > wrote:
>
>> Hi Rick.
>>
>> Can you please send the pom.xml of your CAS overlay?
>>
>> Thanks,
>> Dmitriy.
>>
>> On Feb 25, 2013, at 10:23 AM, Richard Versace 
>> wrote:
>>
>> Misagh,
>>
>> Thanks for the hint, but as I said, I'm sort of coming in in the middle
>> of the movie and that doesn't mean much to me right now.
>>
>> Could you give me another hint or point me to some documentation
>> somewhere that could help me out?
>>
>> Thanks,
>>
>> Rick.
>>
>>
>>
>> On Mon, Feb 25, 2013 at 9:50 AM, Misagh Moayyed wrote:
>>
>>> Seems like the ‘c’ namespace is part of Spring 3.1. You could try the
>>> alternative syntax that is: 
>>>
>>> ** **
>>>
>>> *-*Misagh*
>>>
>>> *
>>>
>>> ** **
>>>
>>> *From:* Richard Versace [mailto:rivers...@vassar.edu]
>>> *Sent:* Saturday, February 23, 2013 3:03 PM
>>> *To:* cas-user@lists.jasig.org
>>> *Subject:* Re: [cas-user] Assistance needed adding JSON presistance to
>>> cas
>>>
>>> ** **
>>>
>>> Based on this...
>>>
>>>
>>> >locate spring|grep tomcat|grep WEB-INF|grep -i release|grep jar|sort -u
>>>
>>>
>>> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-aop-3.0.5.RELEASE.jar
>>>
>>> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-asm-3.0.5.RELEASE.jar
>>>
>>> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-beans-3.0.5.RELEASE.jar
>>>
>>> /opt/tomcat6/apache-tomcat-6.0.35/webapps/cas/WEB-INF/lib/spring-binding-2.2.1.RELEASE.jar
>>> 
>>>
>>> I'd say 3.0.5.  But it's just a guess
>>>
>>> ** **
>>>
>>> On Sat, Feb 23, 2013 at 5:09 AM, Misagh Moayyed 
>>> wrote:
>>>
>>> Rick, could you explain what Spring version you’re using in your Maven
>>> overlay? 
>>>
>>>  
>>>
>>> *-*Misagh
>>>
>>>  
>>>
>>> *From:* Richard Versace [mailto:rivers...@vassar.edu]
>>> *Sent:* Thursday, February 21, 2013 9:53 AM
>>> *To:* cas-user@lists.jasig.org
>>> *Subject:* [cas-user] Assistance needed adding JSON presistance to cas**
>>> **
>>>
>>>  
>>>
>>> Firstly, I'm new to the wild and wonderful world of server side java
>>> apps and alI of the configuration and other magic that goes along with it.
>>> 
>>>
>>>  
>>>
>>> Secondly, I have a cas setup that consists of 2 load balanced nodes that
>>> keep ticket info current using ehcache.
>>>
>>>  
>>>
>>> Thirdly, I'm trying to add persistence to the services registry using
>>> the JSON method found here...
>>> https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service-Registry
>>> 
>>>
>>>  
>>>
>>>  
>>>
>>> I've muddled my way through most of the setup but now I'm stuck, I'm
>>> sure not for the last time.
>>>
>>>  
>>>
>>> this line in deployerConfigContext.xml is giving me trouble...
>>>
>>>  
>>>
>>> xmlns:c="http://www.springframework.org/schema/c"
>>>
>>>  
>>>
>>> This assumption is based on this line in the catalina.out file at
>>> startup...
>>>
>>>  
>>>
>>> 2013-02-21 11:01:49,880 ERROR
>>> [org.springframework.web.context.ContextLoader] - >> fa

Re: [cas-user] Assistance needed adding JSON presistance to cas

2013-02-25 Thread Dmitriy Kopylenko 
Rick,

extraAttributes has nothing to do with attributes release by CAS server. It is 
a facility added by cas-addons to simplify adding custom features to local CAS 
based on flexible, "untyped" configuration option added to RegisteredServices

Dmitriy.

Sent from my iPhone

On Feb 25, 2013, at 15:30, Richard Versace  wrote:

> Thanks for all of the useful information.  I have a much better understanding 
> of the "magic" than I did this morning.
> 
> I have it working for the most part.  I'm still struggling with the 
> extraAttributes piece.  I am making the assumption that his has to do with 
> attribute release.  If this is true then I can't get it to work.
> 
> Based on the logfile all seems to be loading ok but it doesn't seem to be 
> releasing anything.
> 
> But this can wait until tomorrow.
> 
> Thanks again for all of the assistance.
> 
> 
> On Mon, Feb 25, 2013 at 2:15 PM, Andrew Petro  wrote:
>> Rick,
>> 
>> It can be that easy.
>> 
>> It can be more difficult.
>> 
>> Besides nudging the metadata in your pom.xml, it's also a matter of looking 
>> at every file in your local overlay and comparing it with the latest in CAS 
>> and considering the differences in the vanilla CAS 3.4.12 and vanilla CAS 
>> 3.5.1 versions.  As in, if the vanilla file changed, you might want to apply 
>> something like that change locally, or you might want to delete your local 
>> file, pull down the copy from CAS 3.5.1, and edit it anew.  In some cases 
>> "might want" becomes "you must do this or it won't work" -- things are 
>> allowed to change between a 3.4 and a 3.5 version.
>> 
>> But in general, yes, the Maven overlay practice is supposed to make upgrades 
>> easier by minimizing your local source files down to just the ones that are 
>> unique and special to your environment and making the version of the product 
>> you're overlaying upon a matter of declarative configuration in pom.xml.
>> 
>> Hope this helps,
>> 
>> Andrew
>> 
>> 
>> 
>> 
>> On Mon, Feb 25, 2013 at 2:04 PM, Richard Versace  
>> wrote:
>>> So it was as easy as changing...
>>> 
>>> 
>>> 3.4.12
>>> 1.5.6
>>> 2.5.0
>>> 1.0
>>> 
>>> 
>>> 
>>> to...
>>> 
>>> 
>>> 3.5.1
>>> 1.5.6
>>> 2.5.0
>>> 1.2
>>> 
>>> 
>>> in the pom.xml file and it all works like magic???
>>> 
>>> Or did I miss something?
>>> 
>>> 
>>> On Mon, Feb 25, 2013 at 11:59 AM, Richard Versace  
>>> wrote:
>>>> Dmitriy,
>>>> 
>>>> Thanks for all of that.  Now I need to figure out what to do with it.  :o)
>>>> 
>>>> If anyone can post anything that points to tips, tricks, posts about doing 
>>>> upgrades I would appreciate it.
>>>> 
>>>> I guess the first time is always the hardest.
>>>> 
>>>> Thanks again and in advance,
>>>> 
>>>> Rick.
>>>> 
>>>> 
>>>> 
>>>> On Mon, Feb 25, 2013 at 11:49 AM, Dmitriy Kopylenko 
>>>>  wrote:
>>>>> Rick,
>>>>> 
>>>>> your overlay currently builds on top of CAS 3.4.12. The minimum supported 
>>>>> version of CAS for cas-addons 1.0 and up is 3.5.1, as stated here: 
>>>>> https://github.com/Unicon/cas-addons/blob/master/README.md
>>>>> 
>>>>> So, I'm afraid that an upgrade would be in order here (which is a good 
>>>>> thing in of itself).
>>>>> 
>>>>> As for upgrade guidelines, I am not sure that there are any written ones 
>>>>> (someone could correct me). The biggest thing to watch for during the 
>>>>> upgrade would be that any custom components re-defined in CAS 
>>>>> configuration files e.g. login-webflow.xml, cas-servlet.xml, 
>>>>> deployerConfigContext.xml get properly ported into the newest 
>>>>> configuration files from the CAS version in question.
>>>>> 
>>>>> Cheers,
>>>>> Dmitriy.
>>>>> 
>>>>> 
>>>>> 
>>>>> On Mon, Feb 25, 2013 at 10:59 AM, Richard Versace  
>>>>> wrote:
>>>>>> Here you go.
>>>>>> 
>>>>>> 
>>>>>> On Mon, F

Re: [cas-user] Assistance needed adding JSON presistance to cas

2013-02-26 Thread Dmitriy Kopylenko 
Have you added change notification support as described here?

https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service-Registry

Cheers,
D.

On Feb 26, 2013, at 1:16 PM, Richard Versace  wrote:

> Ok, one last time...
> 
> I have the allowedAttributes working but it seems like they won't work until 
> I restart cas.  Is this expected behavior?
> 
> Thanks,
> 
> Rick.
> 
> 
> On Tue, Feb 26, 2013 at 10:25 AM, Richard Versace  
> wrote:
> Thanks to all for the assistance.  You've saved my sanity many times over.
> 
> 
> On Mon, Feb 25, 2013 at 8:46 PM,  wrote:
> On Feb 25, 2013, at 19:38, Richard Versace  wrote:
> 
> > Ahh.  So is there a way of adding attribute release via the JSON 
> > methodology?
> 
> Yes, through the allowedAttributes property. It takes an array of strings 
> with the names of the attributes to be released. E.g.:
> 
> "allowedAttributes":[ "uid", "mail" ]
> 
> Best regards,
> --
> Carlos M. Fernández
> Sr. Enterprise Systems Admin
> Saint Joseph's University
> W: 610-660-1501
> M: 215-316-1193
> E: cfern...@sju.edu
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> rivers...@vassar.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Assistance needed adding JSON presistance to cas

2013-02-27 Thread Dmitriy Kopylenko 
Not sure what the "release" means in this context and what this test program is 
doing, but just a wild guess - could be a client session interfering, etc. 
Might try to kill the session and re-login, perhaps?

Cheers,
D. 

Sent from my iPhone

On Feb 27, 2013, at 8:30, Richard Versace  wrote:

> Yes I have.  I can see the operation taking place in the log file when I add 
> the attributes to to file but I don't see them being released in the test 
> program someone wrote until after I restart cas.
> 
> 
> On Tue, Feb 26, 2013 at 3:10 PM, Dmitriy Kopylenko  
> wrote:
>> Have you added change notification support as described here?
>> 
>> https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service-Registry
>> 
>> Cheers,
>> D.
>> 
>> On Feb 26, 2013, at 1:16 PM, Richard Versace  wrote:
>> 
>>> Ok, one last time...
>>> 
>>> I have the allowedAttributes working but it seems like they won't work 
>>> until I restart cas.  Is this expected behavior?
>>> 
>>> Thanks,
>>> 
>>> Rick.
>>> 
>>> 
>>> On Tue, Feb 26, 2013 at 10:25 AM, Richard Versace  
>>> wrote:
>>>> Thanks to all for the assistance.  You've saved my sanity many times over.
>>>> 
>>>> 
>>>> On Mon, Feb 25, 2013 at 8:46 PM,  wrote:
>>>>> On Feb 25, 2013, at 19:38, Richard Versace  wrote:
>>>>> 
>>>>> > Ahh.  So is there a way of adding attribute release via the JSON 
>>>>> > methodology?
>>>>> 
>>>>> Yes, through the allowedAttributes property. It takes an array of strings 
>>>>> with the names of the attributes to be released. E.g.:
>>>>> 
>>>>> "allowedAttributes":[ "uid", "mail" ]
>>>>> 
>>>>> Best regards,
>>>>> --
>>>>> Carlos M. Fernández
>>>>> Sr. Enterprise Systems Admin
>>>>> Saint Joseph's University
>>>>> W: 610-660-1501
>>>>> M: 215-316-1193
>>>>> E: cfern...@sju.edu
>>>>> --
>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>> rivers...@vassar.edu
>>>>> To unsubscribe, change settings or access archives, see 
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> dkopyle...@unicon.net
>>> 
>>> 
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> rivers...@vassar.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS client in C

2013-03-12 Thread Dmitriy Kopylenko 
Hi Jonathan,

see if this code will be of any help: https://github.com/forsetti/libcas

Cheers,
Dmitriy.

On Mar 12, 2013, at 3:58 PM, Jonathan  wrote:

> Hi,
> Is there a CAS client in C without using mod_auth_cas?
> I need to validate the CAS service ticket in my C server. No apache on this 
> server. 
> 
> Thanks
> Jonathan
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Attributes via CAS 2.0 protocol

2013-03-27 Thread Dmitriy Kopylenko 
There is one other option that would eliminate the need to "hack" 
casServiceValidationSuccess.jsp: 
https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response

Cheers,
Dmitriy.

On Mar 27, 2013, at 12:23 PM, Robert Oschwald  
wrote:

> See 
> https://wiki.jasig.org/display/CASUM/Attributes#Attributes-AccessingattributesusingtheCASclientforjava
>  how to release attributes to the client.
> If you use the SAML ticket validator, it works out of the box.
> 
> If you want to release the attributes using the /serviceValidate url, you 
> must add attributes to the casServiceValidationSuccess.jsp.
> 
> Robert
> 
> Am 27.03.2013 um 16:50 schrieb Stephen More :
> 
>> According to the Client Feature Matrix (
>> https://wiki.jasig.org/display/CASC/Client+Feature+Matrix ) Attributes
>> are available by using either protocol SAML1.1 or CAS 2.0 support via
>> known server sided extension point.
>> 
>> I see the SAML1.1 example here:
>> https://wiki.jasig.org/display/CASC/Saml11TicketValidationFilter+Example
>> 
>> What is the CAS 2.0 server side extension that supports attributes and
>> is there an example ?
>> 
>> 
>> -Stephen More
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> robertoschw...@googlemail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Custom XML config schema

2013-04-01 Thread Dmitriy Kopylenko 
Folks,

just FYI, there is a new custom 'cas' namespace config support in cas-addons 
which will be available in version 1.3: 
https://github.com/Unicon/cas-addons/wiki/Custom-CAS-configuration-XML-namespace

Cheers,
Dmitriy.
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] EhCache Compilation Error

2013-04-03 Thread Dmitriy Kopylenko 
No need to copy EhcacheTicketRegistry.java from the wiki into overlay as the 
latest CAS includes that class. Probably the wiki needs to be updated.

Cheers,
Dmitriy.

On Apr 3, 2013, at 2:28 PM, Derek Lofstrom  wrote:

> Trying to follow the instructions for implementing EhCacheTicketReg at:
> https://wiki.jasig.org/display/CASUM/EhcacheTicketRegistry
> 
> They don't sound terribly confusing, but I can't for the life of me get 
> things to work. Using overlay to build the project. Essentially, my steps are:
> 
> 1) Include the ehcache-core and cas-server-integration-ehcache dependencies 
> to my custom pom.xml
> 2) Replace ticketRegistry.xml with the file included in the wiki
> 3) Copy EhcacheTicketRegistry.java and ehcache-replicated.xml from the wiki 
> to their respective locations
> 4) Build via maven.
> 
> When I do these steps exactly, I get the following compilation error:
> 
> Failed to execute goal 
> org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile 
> (default-compile) on project cas-server-nesl: Compilation failure
> [ERROR] 
> /opt/jasig-cas/cas-server-nesl-ehcache/src/main/java/org/jasig/cas/ticket/registry/EhcacheTicketRegistry.java:[36,7]
>  org.jasig.cas.ticket.registry.EhcacheTicketRegistry is not abstract and does 
> not override abstract method needsCallback() in 
> org.jasig.cas.ticket.registry.AbstractDistributedTicketRegistry
> 
> I feel like I'm missing something terribly obvious here, but can't for the 
> life of me understand what (I'm not much of a developer). Of course, I Google 
> the error and get nothing, so I'm looking here for help :)
> 
> -Derek
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Attributes via CAS 2.0 protocol

2013-04-10 Thread Dmitriy Kopylenko 
Hi Stephen,

as mentioned here: https://github.com/Unicon/cas-addons/blob/master/README.md 
the minimum supported version of CAS for cas-addons 1.0+ is 3.5.1

Dmitriy.

On Apr 10, 2013, at 10:01 AM, Stephen More  wrote:

> I am trying to get the unicon addon to work..the first thing I am struggling 
> with is version compatibility. What version of the addon is compatible with 
> what version of cas ?
> 
>  I am currently running 3.4.12. I added cas-addons 1.2 now I have conflicting 
> jars in my lib dir:
> spring-security-core-3.0.5.RELEASE.jar
> spring-security-core-3.1.0.RELEASE.jar
> person-directory-api-1.5.0-RC6.jar
> person-directory-api-1.5.1.jar
> 
> -Thanks
> Stephen More
> 
> 
> 
> 
> On Wed, Mar 27, 2013 at 12:44 PM, Dmitriy Kopylenko  
> wrote:
> There is one other option that would eliminate the need to "hack" 
> casServiceValidationSuccess.jsp: 
> https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response
> 
> Cheers,
> Dmitriy.
> 
> On Mar 27, 2013, at 12:23 PM, Robert Oschwald  
> wrote:
> 
>> See 
>> https://wiki.jasig.org/display/CASUM/Attributes#Attributes-AccessingattributesusingtheCASclientforjava
>>  how to release attributes to the client.
>> If you use the SAML ticket validator, it works out of the box.
>> 
>> If you want to release the attributes using the /serviceValidate url, you 
>> must add attributes to the casServiceValidationSuccess.jsp.
>> 
>> Robert
>> 
>> Am 27.03.2013 um 16:50 schrieb Stephen More :
>> 
>>> According to the Client Feature Matrix (
>>> https://wiki.jasig.org/display/CASC/Client+Feature+Matrix ) Attributes
>>> are available by using either protocol SAML1.1 or CAS 2.0 support via
>>> known server sided extension point.
>>> 
>>> I see the SAML1.1 example here:
>>> https://wiki.jasig.org/display/CASC/Saml11TicketValidationFilter+Example
>>> 
>>> What is the CAS 2.0 server side extension that supports attributes and
>>> is there an example ?
>>> 
>>> 
>>> -Stephen More
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> robertoschw...@googlemail.com
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dkopyle...@unicon.net
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> stephen.m...@gmail.com
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Attributes via CAS 2.0 protocol

2013-04-10 Thread Dmitriy Kopylenko 
Stephen,

can you explain a little bit more - are you trying to build 
cas-java-clients-addons from source against the latest 3.3 (cas java client) 
snapshot? Is there a particular reason for that? Can you just use the current 
version of java-cas-clients-addons which depends on 3.2.1?

But in any case, it looks like CAS java client makes some breaking changes to 
its public API e.g. marking number of methods final, etc. which definitely 
breaks cas-java-clients-addons

Dmitriy.

On Apr 10, 2013, at 3:56 PM, Stephen More  wrote:

> Ok, I have a testing version of 3.5.2 server. Now I am working on the client 
> side
> 
> cas-java-clients-addons: I need to build against cas.client 3.3-SNAPSHOT not 
> 3.2.1.
> 
> I can easily update log to logger, but how should the following get addressed 
> ?
> 
> /home/smore/wip/git/unicon/cas-java-clients-addons/src/main/java/net/unicon/casclients/addons/jasig/validation/Cas20ServiceTicketJsonValidator.java:[40,21]
>  validate(java.lang.String,java.lang.String) in 
> net.unicon.casclients.addons.jasig.validation.Cas20ServiceTicketJsonValidator 
> cannot override validate(java.lang.String,java.lang.String) in 
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator; overridden 
> method is final
> 
> /home/smore/wip/git/unicon/cas-java-clients-addons/src/main/java/net/unicon/casclients/addons/jasig/validation/ClearPassProxyTicketValidator.java:[29,14]
>  setAcceptAnyProxy(boolean) in 
> net.unicon.casclients.addons.jasig.validation.ClearPassProxyTicketValidator 
> cannot override setAcceptAnyProxy(boolean) in 
> org.jasig.cas.client.validation.Cas20ProxyTicketValidator; overridden method 
> is final
> 
>  
> -Stephen More
> 
> 
> 
> On Wed, Apr 10, 2013 at 11:53 AM, Misagh Moayyed  wrote:
> The minimum supported version is 3.5.1:
> 
> https://github.com/Unicon/cas-addons/blob/master/README.md
> 
>  
> 
> From: Stephen More [mailto:stephen.m...@gmail.com] 
> Sent: Wednesday, April 10, 2013 7:01 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Attributes via CAS 2.0 protocol
> 
>  
> 
> I am trying to get the unicon addon to work..the first thing I am struggling 
> with is version compatibility. What version of the addon is compatible with 
> what version of cas ?
> 
>  I am currently running 3.4.12. I added cas-addons 1.2 now I have conflicting 
> jars in my lib dir:
> spring-security-core-3.0.5.RELEASE.jar
> spring-security-core-3.1.0.RELEASE.jar
> person-directory-api-1.5.0-RC6.jar
> person-directory-api-1.5.1.jar
> 
> -Thanks
> 
> Stephen More
> 
>  
> 
>  
> 
> On Wed, Mar 27, 2013 at 12:44 PM, Dmitriy Kopylenko  
> wrote:
> 
> There is one other option that would eliminate the need to "hack" 
> casServiceValidationSuccess.jsp: 
> https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response
> 
>  
> 
> Cheers,
> 
> Dmitriy.
> 
>  
> 
> On Mar 27, 2013, at 12:23 PM, Robert Oschwald  
> wrote:
> 
>  
> 
> See 
> https://wiki.jasig.org/display/CASUM/Attributes#Attributes-AccessingattributesusingtheCASclientforjava
>  how to release attributes to the client.
> If you use the SAML ticket validator, it works out of the box.
> 
> If you want to release the attributes using the /serviceValidate url, you 
> must add attributes to the casServiceValidationSuccess.jsp.
> 
> Robert
> 
> Am 27.03.2013 um 16:50 schrieb Stephen More :
> 
> 
> 
> According to the Client Feature Matrix (
> https://wiki.jasig.org/display/CASC/Client+Feature+Matrix ) Attributes
> are available by using either protocol SAML1.1 or CAS 2.0 support via
> known server sided extension point.
> 
> I see the SAML1.1 example here:
> https://wiki.jasig.org/display/CASC/Saml11TicketValidationFilter+Example
> 
> What is the CAS 2.0 server side extension that supports attributes and
> is there an example ?
> 
> 
> -Stephen More
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> 
> --
> 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
>  
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> stephen.m...@gmail.com
> 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as:

Re: [cas-user] Attributes via CAS 2.0 protocol

2013-04-10 Thread Dmitriy Kopylenko 
In this case, the current source for cas-java-clients-addons would need to be 
refactored to work well with the latest cas java client. I will take a look at 
it (when time permits).

D.

On Apr 10, 2013, at 5:20 PM, Stephen More  wrote:

> Yes, I am trying to build cas-java-clients-addons from source against the 
> latest 3.3 (cas java client) snapshot.
> 
> Yes, the snapshot has multiple new features in it that I am currently using. 
> No I can not use 3.2.1.
> 
> 
> On Wed, Apr 10, 2013 at 4:23 PM, Dmitriy Kopylenko  
> wrote:
> Stephen,
> 
> can you explain a little bit more - are you trying to build 
> cas-java-clients-addons from source against the latest 3.3 (cas java client) 
> snapshot? Is there a particular reason for that? Can you just use the current 
> version of java-cas-clients-addons which depends on 3.2.1?
> 
> But in any case, it looks like CAS java client makes some breaking changes to 
> its public API e.g. marking number of methods final, etc. which definitely 
> breaks cas-java-clients-addons
> 
> Dmitriy.
> 
> On Apr 10, 2013, at 3:56 PM, Stephen More  wrote:
> 
>> Ok, I have a testing version of 3.5.2 server. Now I am working on the client 
>> side
>> 
>> cas-java-clients-addons: I need to build against cas.client 3.3-SNAPSHOT not 
>> 3.2.1.
>> 
>> I can easily update log to logger, but how should the following get 
>> addressed ?
>> 
>> /home/smore/wip/git/unicon/cas-java-clients-addons/src/main/java/net/unicon/casclients/addons/jasig/validation/Cas20ServiceTicketJsonValidator.java:[40,21]
>>  validate(java.lang.String,java.lang.String) in 
>> net.unicon.casclients.addons.jasig.validation.Cas20ServiceTicketJsonValidator
>>  cannot override validate(java.lang.String,java.lang.String) in 
>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator; overridden 
>> method is final
>> 
>> /home/smore/wip/git/unicon/cas-java-clients-addons/src/main/java/net/unicon/casclients/addons/jasig/validation/ClearPassProxyTicketValidator.java:[29,14]
>>  setAcceptAnyProxy(boolean) in 
>> net.unicon.casclients.addons.jasig.validation.ClearPassProxyTicketValidator 
>> cannot override setAcceptAnyProxy(boolean) in 
>> org.jasig.cas.client.validation.Cas20ProxyTicketValidator; overridden method 
>> is final
>> 
>>  
>> -Stephen More
>> 
>> 
>> 
>> On Wed, Apr 10, 2013 at 11:53 AM, Misagh Moayyed  wrote:
>> The minimum supported version is 3.5.1:
>> 
>> https://github.com/Unicon/cas-addons/blob/master/README.md
>> 
>>  
>> 
>> From: Stephen More [mailto:stephen.m...@gmail.com] 
>> Sent: Wednesday, April 10, 2013 7:01 AM
>> To: cas-user@lists.jasig.org
>> Subject: Re: [cas-user] Attributes via CAS 2.0 protocol
>> 
>>  
>> 
>> I am trying to get the unicon addon to work..the first thing I am struggling 
>> with is version compatibility. What version of the addon is compatible with 
>> what version of cas ?
>> 
>>  I am currently running 3.4.12. I added cas-addons 1.2 now I have 
>> conflicting jars in my lib dir:
>> spring-security-core-3.0.5.RELEASE.jar
>> spring-security-core-3.1.0.RELEASE.jar
>> person-directory-api-1.5.0-RC6.jar
>> person-directory-api-1.5.1.jar
>> 
>> -Thanks
>> 
>> Stephen More
>> 
>>  
>> 
>>  
>> 
>> On Wed, Mar 27, 2013 at 12:44 PM, Dmitriy Kopylenko  
>> wrote:
>> 
>> There is one other option that would eliminate the need to "hack" 
>> casServiceValidationSuccess.jsp: 
>> https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response
>> 
>>  
>> 
>> Cheers,
>> 
>> Dmitriy.
>> 
>>  
>> 
>> On Mar 27, 2013, at 12:23 PM, Robert Oschwald 
>>  wrote:
>> 
>>  
>> 
>> See 
>> https://wiki.jasig.org/display/CASUM/Attributes#Attributes-AccessingattributesusingtheCASclientforjava
>>  how to release attributes to the client.
>> If you use the SAML ticket validator, it works out of the box.
>> 
>> If you want to release the attributes using the /serviceValidate url, you 
>> must add attributes to the casServiceValidationSuccess.jsp.
>> 
>> Robert
>> 
>> Am 27.03.2013 um 16:50 schrieb Stephen More :
>> 
>> 
>> 
>> According to the Client Feature Matrix (
>> https://wiki.jasig.org/display/CASC/Client+Feature+Matrix ) Attributes
>> are available by using either protocol SAML1.1 or CAS 2.0 support via
>> known server sided extension point.
>> 
>> I see the SAML1.1 example here:
>>

Re: [cas-user] Attributes via CAS 2.0 protocol

2013-04-13 Thread Dmitriy Kopylenko 
Stephen,

I've committed the initial refactoring to be built on top of CAS Java Client 
3.3. Try to build cas-java-clients-addons from source again.

Cheers,
Dmitriy.

On Apr 10, 2013, at 5:49 PM, Dmitriy Kopylenko  wrote:

> In this case, the current source for cas-java-clients-addons would need to be 
> refactored to work well with the latest cas java client. I will take a look 
> at it (when time permits).
> 
> D.
> 
> On Apr 10, 2013, at 5:20 PM, Stephen More  wrote:
> 
>> Yes, I am trying to build cas-java-clients-addons from source against the 
>> latest 3.3 (cas java client) snapshot.
>> 
>> Yes, the snapshot has multiple new features in it that I am currently using. 
>> No I can not use 3.2.1.
>> 
>> 
>> On Wed, Apr 10, 2013 at 4:23 PM, Dmitriy Kopylenko  
>> wrote:
>> Stephen,
>> 
>> can you explain a little bit more - are you trying to build 
>> cas-java-clients-addons from source against the latest 3.3 (cas java client) 
>> snapshot? Is there a particular reason for that? Can you just use the 
>> current version of java-cas-clients-addons which depends on 3.2.1?
>> 
>> But in any case, it looks like CAS java client makes some breaking changes 
>> to its public API e.g. marking number of methods final, etc. which 
>> definitely breaks cas-java-clients-addons
>> 
>> Dmitriy.
>> 
>> On Apr 10, 2013, at 3:56 PM, Stephen More  wrote:
>> 
>>> Ok, I have a testing version of 3.5.2 server. Now I am working on the 
>>> client side
>>> 
>>> cas-java-clients-addons: I need to build against cas.client 3.3-SNAPSHOT 
>>> not 3.2.1.
>>> 
>>> I can easily update log to logger, but how should the following get 
>>> addressed ?
>>> 
>>> /home/smore/wip/git/unicon/cas-java-clients-addons/src/main/java/net/unicon/casclients/addons/jasig/validation/Cas20ServiceTicketJsonValidator.java:[40,21]
>>>  validate(java.lang.String,java.lang.String) in 
>>> net.unicon.casclients.addons.jasig.validation.Cas20ServiceTicketJsonValidator
>>>  cannot override validate(java.lang.String,java.lang.String) in 
>>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator; overridden 
>>> method is final
>>> 
>>> /home/smore/wip/git/unicon/cas-java-clients-addons/src/main/java/net/unicon/casclients/addons/jasig/validation/ClearPassProxyTicketValidator.java:[29,14]
>>>  setAcceptAnyProxy(boolean) in 
>>> net.unicon.casclients.addons.jasig.validation.ClearPassProxyTicketValidator 
>>> cannot override setAcceptAnyProxy(boolean) in 
>>> org.jasig.cas.client.validation.Cas20ProxyTicketValidator; overridden 
>>> method is final
>>> 
>>>  
>>> -Stephen More
>>> 
>>> 
>>> 
>>> On Wed, Apr 10, 2013 at 11:53 AM, Misagh Moayyed  
>>> wrote:
>>> The minimum supported version is 3.5.1:
>>> 
>>> https://github.com/Unicon/cas-addons/blob/master/README.md
>>> 
>>>  
>>> 
>>> From: Stephen More [mailto:stephen.m...@gmail.com] 
>>> Sent: Wednesday, April 10, 2013 7:01 AM
>>> To: cas-user@lists.jasig.org
>>> Subject: Re: [cas-user] Attributes via CAS 2.0 protocol
>>> 
>>>  
>>> 
>>> I am trying to get the unicon addon to work..the first thing I am 
>>> struggling with is version compatibility. What version of the addon is 
>>> compatible with what version of cas ?
>>> 
>>>  I am currently running 3.4.12. I added cas-addons 1.2 now I have 
>>> conflicting jars in my lib dir:
>>> spring-security-core-3.0.5.RELEASE.jar
>>> spring-security-core-3.1.0.RELEASE.jar
>>> person-directory-api-1.5.0-RC6.jar
>>> person-directory-api-1.5.1.jar
>>> 
>>> -Thanks
>>> 
>>> Stephen More
>>> 
>>>  
>>> 
>>>  
>>> 
>>> On Wed, Mar 27, 2013 at 12:44 PM, Dmitriy Kopylenko  
>>> wrote:
>>> 
>>> There is one other option that would eliminate the need to "hack" 
>>> casServiceValidationSuccess.jsp: 
>>> https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response
>>> 
>>>  
>>> 
>>> Cheers,
>>> 
>>> Dmitriy.
>>> 
>>>  
>>> 
>>> On Mar 27, 2013, at 12:23 PM, Robert Oschwald 
>>>  wrote:
>>> 
>>>  
>>> 
>>> See 
>>> https://wiki.jasig.org/display/CASUM/Attributes#Attributes-AccessingattributesusingtheCASclientforjava
>>>

Re: [cas-user] Attributes via CAS 2.0 protocol

2013-04-17 Thread Dmitriy Kopylenko 
Duly noted. Thanks. Pushed the change to GitHub.

Cheers,
Dmitriy. 

On Apr 17, 2013, at 11:10 AM, Stephen More  wrote:

> The build is now compiling for me.
> 
> I had to update maven-surefire-plugin to 2.14 as version 2.12.1 was throwing 
> this error ( see also https://jira.codehaus.org/browse/SUREFIRE-896 ):
> 
> 
> [INFO] Surefire report directory: 
> /home/smore/wip/git/unicon/cas-java-clients-addons/target/surefire-reports
> [INFO] 
> 
> [ERROR] FATAL ERROR
> [INFO] 
> 
> [INFO] Unable to locate surefire-booter in the list of plugin artifacts
> [INFO] 
> 
> [INFO] Trace
> java.lang.RuntimeException: Unable to locate surefire-booter in the list of 
> plugin artifacts
> at 
> org.apache.maven.plugin.surefire.AbstractSurefireMojo.getForkConfiguration(AbstractSurefireMojo.java:1152)
> at 
> org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeProvider(AbstractSurefireMojo.java:655)
> at 
> org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeAllProviders(AbstractSurefireMojo.java:647)
> at 
> org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeAfterPreconditionsChecked(AbstractSurefireMojo.java:606)
> at 
> org.apache.maven.plugin.surefire.AbstractSurefireMojo.execute(AbstractSurefireMojo.java:569)
> at 
> org.apache.maven.plugin.DefaultPluginManager.executeMojo(DefaultPluginManager.java:490)
> at 
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:694)
> at 
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalWithLifecycle(DefaultLifecycleExecutor.java:556)
> at 
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleExecutor.java:535)
> at 
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(DefaultLifecycleExecutor.java:387)
> at 
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLifecycleExecutor.java:348)
> at 
> org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:180)
> at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:328)
> at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
> at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
> at 
> org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
> at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
> at 
> org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
> at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
> [INFO] 
> 
> [INFO] Total time: 28 seconds
> [INFO] Finished at: Wed Apr 17 11:05:28 EDT 2013
> [INFO] Final Memory: 54M/661M
> [INFO] 
> 
> 
> 
> On Sat, Apr 13, 2013 at 11:04 AM, Dmitriy Kopylenko  
> wrote:
> Stephen,
> 
> I've committed the initial refactoring to be built on top of CAS Java Client 
> 3.3. Try to build cas-java-clients-addons from source again.
> 
> Cheers,
> Dmitriy.
> 
> On Apr 10, 2013, at 5:49 PM, Dmitriy Kopylenko  wrote:
> 
>> In this case, the current source for cas-java-clients-addons would need to 
>> be refactored to work well with the latest cas java client. I will take a 
>> look at it (when time permits).
>> 
>> D.
>> 
>> On Apr 10, 2013, at 5:20 PM, Stephen More  wrote:
>> 
>>> Yes, I am trying to build cas-java-clients-addons from source against the 
>>> latest 3.3 (cas java client) snapshot.
>>> 
>>> Yes, the snapshot has multiple new features in it that I am currently 
>>> using. No I can not use 3.2.1.
>>> 
>>> 
>>> On Wed, Apr 10, 2013 at 4:23 PM, Dmitriy Kopylenko  
>>> wrote:
>>> Stephen,
>>> 
>>> can you explain a little bit more - are you trying to build 
>>> cas-java-clients-addons from sour

Re: [cas-user] Trying to do something that probably doesn't work the way I expect...

2013-04-17 Thread Dmitriy Kopylenko 
CAS logs on Tomcat would be a good start.

Dmitriy.

On Apr 17, 2013, at 1:24 PM, Richard Versace  wrote:

> I have a test cas server and a production cas server.  I assemble the war 
> file using mvn 2.
> 
> I modified the test server to use the JSON method of  persisting the 
> services, which works just fine.  It started with cas 3.4.12 and unicon 
> addons 0.3 and ended with cas 3.5.1 and addons 1.2
> 
> I'm experimenting with git on the test server.  I know the basics but not 
> really sure about how to use it productively.
> 
> Here is what I'm attempting to do...
> 
> I've taken the code tree from the production server (which is the before JSON 
> mods) and copied it to a directory on the test server and applied git to it.  
> From here I created an "upgrade" branch so I can upgrade 3.4 to 3.5 to see if 
> things work properly before I apply the JSON mods.
> 
> Using the upgrade branch, before upgrading cas,  I assembled the war file 
> using maven and moved it to tomcat.  Things seem to be working properly 
> except for the services management.  When I attempt to go there I get a 
> message that says that cas in unavailable.
> 
> I know I missed something somewhere, I just don't have a clue as to where to 
> start looking.
> 
> Any clues or pointers would be greatly appreciated.
> 
> Thanks,
> 
> Rick Versace.
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] How to get service parameter in custom AuthenticationHandler?

2013-04-24 Thread Dmitriy Kopylenko 
I've pushed new role-based authorization facility to cas-addons. Should be part 
of 1.5 release (some time in May):

https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization

Cheers,
Dmitriy.

On Apr 18, 2013, at 10:14 AM, Misagh Moayyed  wrote:

> Typically, you'd let the application itself handle authorization. By having 
> released the proper attributes back to the app, you can then independently 
> make decisions as for which attr value for the authenticated userid may 
> grant access to the app. If your app is Java-based, you can take advantage 
> of isUserInRole() function to make that decision [1].
> 
> That said, we have also managed to extend CAS to directly implement 
> attribute-based access control for apps. This webinar might be useful to 
> review [2].
> 
> [1] https://wiki.jasig.org/pages/viewpage.action?pageId=47874068
> [2] http://unicon.adobeconnect.com/p6lj8afl7h3/
> 
>> -Original Message-
>> From: Juan Zafrilla [mailto:jzafri...@selered.com]
>> Sent: Tuesday, April 16, 2013 5:30 AM
>> To: cas-user@lists.jasig.org
>> Subject: RE: [cas-user] How to get service parameter in custom
>> AuthenticationHandler?
>> 
>> Thanks Misagh,
>> 
>> I have configured multiple authenticationHandlers with diferent 
>> searchBase.
>> But, for example:
>> - A system with 4 Web Application (Represented by a Group in LDAP 
>> Structure)
>> - 3 Users:
>> 
>> User1 is memberOf Group1 and Group2.
>> User2 is memberOf Group3
>> User3 is memberOf Group3 and Group4
>> 
>> Using multiple AuthenticationHandlers with differents searchBase values, I
>> think this occurs:
>> User1 try to access WebApp3 (Group3), and, all authentication handlers 
>> are
>> executed (is that right??), and authenticationHandler 1
>> (searchBase=cn=Group1,ou=Groups,dc=example) allow the user go to WebApp3. 
>> Do
>> you know what I mean?
>> 
>> I need to protect the access on each webapplication/group.
>> 
>> Any ideas?
>> 
>> Thanks!!
>> 
>> -Mensaje original-
>> De: Misagh Moayyed [mailto:mmoay...@unicon.net] Enviado el: martes, 16 de
>> abril de 2013 14:00
>> Para: cas-user@lists.jasig.org
>> Asunto: RE: [cas-user] How to get service parameter in custom
>> AuthenticationHandler?
>> 
>> There might be "easier" ways to do this:
>> 
>> - use the existing ldap authentication handlers and configure each with 
>> the
>> appropriate search base
>> - use a single and existing ldap authentication handler, but expand your
>> search base to include every and all groups
>> 
>> Pros and cons to each approach of course. Otherwise, you are going to have
>> modify the service metadata to include the new setting.
>> 
>> That said, I think it's interesting to think about how the authentication
>> layer may have access to incoming services. I haven't yet evaluated this
>> thoroughly, but it would potentially prove useful for CAS-1270 [1]
>> 
>> Misagh
>> 
>> [1] https://issues.jasig.org/browse/CAS-1270
>> 
>>> -Original Message-
>>> From: Juan [mailto:jzafri...@selered.com]
>>> Sent: Tuesday, April 16, 2013 2:24 AM
>>> To: cas-user@lists.jasig.org
>>> Subject: [cas-user] How to get service parameter in custom
>>> AuthenticationHandler?
>>> 
>>> How to get service parameter Single Sign On (Jasig CAS) LDAP Hi All!!
>>> I want to create a custom AuthenticationHandler (Something like
>>> BindLdapAuthenticationHandler) to modifify searchBase Attribute for
>>> lookup LDAP, but, i haven't found the right way to get 'service'
>>> paramater and determine the searchBase property
>>> (ou=Group1,dc=example,dc=com when service is WebAppUrl1 and
>>> ou=Group2,dc=example,dc=com when service is WebAppUrl2).
>>> 
>>> Any ideas? Thanks in advance!
>>> 
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> mmoay...@unicon.net To unsubscribe, change settings or access
>>> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> jzafri...@selered.com To unsubscribe, change settings or access archives, 
>> see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> mmoay...@unicon.net To unsubscribe, change settings or access archives, 
>> see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS server Internal ticket mechanism

2013-04-26 Thread Dmitriy Kopylenko 
This might be helpful: https://wiki.jasig.org/display/CASUM/Technical+Overview

Cheers,
Dmitriy.

On Apr 26, 2013, at 11:18 AM, Rohit Kotecha  wrote:

> Hi All,
>  
> I am integration with CAS with our spring security web application.
>  
> I have some question on how CAS will generate Service ticket and on which 
> condition.
>  
> Scenario:
>  
> There are two application APP1 and APP2 which uses CAS.
> When user is access secure resoure of APP1, CAS login page is display to 
> user,user enter credential and
> submit form. on successful authentication CAS will be generate service ticket 
> say ST1 and store it on server side
> as well it will generate CASTGC on client side. Also ST1 will be appended to 
> url and send back to APP1.
>  
> So APP1 will send that ST to CAS server to validate it and it will get 
> validated by CAS server as ST is there on server side.
>  
> Now When same user visit APP2 in other tab in same browser, request will come 
> first to application server and
> as we have configured CAS client request will be delegated to CAS server.
>  
>  
> SO CAS server will generate service ticket say ST2 for this request.
>  
> So my question is base on which parameter/attribute CAS server will decide 
> whether to generate service ticket or to forward login page.
> and how CAS server come to know same user has requested resource APP2?
>  
> And for every subsequent secure resource new ST will be generated by CAS 
> Server for same application? or it just
> validate the previous ticket ST2 on each secure request.
>  
> Also share me link where i can find how CAS server internal ticket mechanism,
>  
>  
> Thanks and Regards,
> ROhit Kotecha
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -**Nihilent***
> " *** All information contained in this communication is confidential, 
> proprietary, privileged
> and is intended for the addressees only. If youhave received this E-mail in 
> error please notify
> mail administrator by telephone on +91-20-39846100 or E-mail the sender by 
> replying to
> this message, and then delete this E-mail and other copies of it from your 
> computer system.
> Any unauthorized dissemination,publication, transfer or use of the contents 
> of this communication,
> with or without modifications is punishable under the relevant law.
> 
> Nihilent has scanned this mail with current virus checking technologies. 
> However, Nihilent makes no 
> representations or warranties to the effect that this communication is 
> virus-free.
> 
> Nihilent reserves the right to monitor all E-mail communications through its 
> Corporate Network. *** "
> 
> *-


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] RBAC With Unicon cas-addons 1.5

2013-05-23 Thread Dmitriy Kopylenko 
Hi Jason,

can you please attach relevant configuration files?

Thanks,
Dmitriy.

Sent from my iPhone

On May 23, 2013, at 14:45, "Jason Schwanz"  wrote:

> I've got CAS 3.5.2 setup and working properly with Unicon's JSON service 
> registry, and now I'm trying to configure their Role Based Services 
> Authorization tool. Following the instructions I'm getting the following 
> error message when I deploy the WAR.
> 
> *** full error attached ***
> ERROR [org.springframework.web.context.ContextLoader] -  initialization failed>
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'serviceAuthorizationAction': Cannot resolve reference to bean 
> 'serviceManager' while setting constructor argument; nested exception is 
> org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean 
> named 'serviceManager' is defined
> 
> Any help is appreciated.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] RBAC With Unicon cas-addons 1.5

2013-05-23 Thread Dmitriy Kopylenko 
Thanks Jason. You have actually uncovered a bug. I will fix it and the fix 
should be available in cas-addons 1.5.2. I'll release the fix shortly.

Best regards,
Dmitriy.

On May 23, 2013, at 2:54 PM, Jason Schwanz  wrote:

> Files attached.
> 
> -
> Jason Schwanz  |  Systems Administrator
> George Fox University  |  Administrative Computing
> jschw...@georgefox.edu  |  503/554-2580
> 
> 
> On Thu, May 23, 2013 at 11:50 AM, Dmitriy Kopylenko 
>  wrote:
> Hi Jason,
> 
> can you please attach relevant configuration files?
> 
> Thanks,
> Dmitriy.
> 
> Sent from my iPhone
> 
> On May 23, 2013, at 14:45, "Jason Schwanz"  wrote:
> 
> > I've got CAS 3.5.2 setup and working properly with Unicon's JSON service 
> > registry, and now I'm trying to configure their Role Based Services 
> > Authorization tool. Following the instructions I'm getting the following 
> > error message when I deploy the WAR.
> >
> > *** full error attached ***
> > ERROR [org.springframework.web.context.ContextLoader] -  > initialization failed>
> > org.springframework.beans.factory.BeanCreationException: Error creating 
> > bean with name 'serviceAuthorizationAction': Cannot resolve reference to 
> > bean 'serviceManager' while setting constructor argument; nested exception 
> > is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean 
> > named 'serviceManager' is defined
> >
> > Any help is appreciated.
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as: 
> > dmitriy.kopyle...@gmail.com
> > To unsubscribe, change settings or access archives, see 
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
> > 
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jschw...@georgefox.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] RBAC With Unicon cas-addons 1.5

2013-05-24 Thread Dmitriy Kopylenko 
OK, this should be fixed now. The version 1.5.2 of cas-addons should be 
available in Maven central.

Cheers,
Dmitriy.

On May 23, 2013, at 3:23 PM, Dmitriy Kopylenko  wrote:

> Thanks Jason. You have actually uncovered a bug. I will fix it and the fix 
> should be available in cas-addons 1.5.2. I'll release the fix shortly.
> 
> Best regards,
> Dmitriy.
> 
> On May 23, 2013, at 2:54 PM, Jason Schwanz  wrote:
> 
>> Files attached.
>> 
>> -
>> Jason Schwanz  |  Systems Administrator
>> George Fox University  |  Administrative Computing
>> jschw...@georgefox.edu  |  503/554-2580
>> 
>> 
>> On Thu, May 23, 2013 at 11:50 AM, Dmitriy Kopylenko 
>>  wrote:
>> Hi Jason,
>> 
>> can you please attach relevant configuration files?
>> 
>> Thanks,
>> Dmitriy.
>> 
>> Sent from my iPhone
>> 
>> On May 23, 2013, at 14:45, "Jason Schwanz"  wrote:
>> 
>> > I've got CAS 3.5.2 setup and working properly with Unicon's JSON service 
>> > registry, and now I'm trying to configure their Role Based Services 
>> > Authorization tool. Following the instructions I'm getting the following 
>> > error message when I deploy the WAR.
>> >
>> > *** full error attached ***
>> > ERROR [org.springframework.web.context.ContextLoader] - > > initialization failed>
>> > org.springframework.beans.factory.BeanCreationException: Error creating 
>> > bean with name 'serviceAuthorizationAction': Cannot resolve reference to 
>> > bean 'serviceManager' while setting constructor argument; nested exception 
>> > is org.springframework.beans.factory.NoSuchBeanDefinitionException: No 
>> > bean named 'serviceManager' is defined
>> >
>> > Any help is appreciated.
>> > --
>> > You are currently subscribed to cas-user@lists.jasig.org as: 
>> > dmitriy.kopyle...@gmail.com
>> > To unsubscribe, change settings or access archives, see 
>> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>> > 
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> jschw...@georgefox.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dkopyle...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Access Governing

2013-06-12 Thread Dmitriy Kopylenko 
This facility has been implemented and released in cas-addons. Take a look to 
see if it would satisfy your needs: 
https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization

Best,
Dmitriy.

On Jun 12, 2013, at 3:21 PM, Marvin S. Addison  wrote:

>> One of our needs is access
>> governing, that is, CAS controls who can and who cannot SSO to any of
>> our apps based on the users' role (faculty, staff and student) in the
>> institution.
> 
> CAS does not support centralized authorization policy. The model it supports 
> out of the box is to release metadata about a user from the authentication 
> system of record, and it is the responsibility of the relying part (CAS 
> client) to enforce security policy based on that information. That said you 
> could implement centralized access control by extending the ServiceRegistry 
> component. Indeed, I believe such a system has been implemented by at least 
> one member of the CAS community. (I recall Unicon did something of this sort 
> for a school; maybe one of those folks can speak up with more info.)
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS login error

2013-06-13 Thread Dmitriy Kopylenko 
I assume that happens when there is no 'service' param and CAS tries to render 
a successful generic login page. Correct? If so, that is a side effect that is 
caused by 'terminateWebSessionListener' bean defined in cas-servlet.xml. You 
could a) disable one b) set the 'timeToDieInSeconds' property to a higher value 
to remedy this annoyance, like so:



Cheers,
Dmitriy.

On Jun 13, 2013, at 9:59 AM, dsm...@jeffco.edu wrote:

> I have CAS 3.5.2 deployed on Tomcat 6. 
> 
> When I login I get an error. If I refresh/resubmit the information it goes 
> through and operates normally. Any advice would be greatly appreciated.
> 
> The error is below:
> 
> type Exception report
> 
> message
> 
> description The server encountered an internal error () that prevented it 
> from fulfilling this request.
> 
> exception
> 
> org.springframework.web.util.NestedServletException: Request processing 
> failed; nested exception is java.lang.IllegalStateException: Cannot create a 
> session after the response has been committed
>   
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:894)
>   
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
>   javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>   
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)
>   
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)
>   
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
>   
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
>   
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>   
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>   
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>   
> com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
> 
> root cause
> 
> java.lang.IllegalStateException: Cannot create a session after the response 
> has been committed
>   org.apache.catalina.connector.Request.doGetSession(Request.java:2400)
>   org.apache.catalina.connector.Request.getSession(Request.java:2120)
>   
> org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:833)
>   
> org.springframework.webflow.context.servlet.HttpSessionMap.getMutex(HttpSessionMap.java:98)
>   
> org.springframework.webflow.core.collection.LocalSharedAttributeMap.getMutex(LocalSharedAttributeMap.java:39)
>   
> org.springframework.webflow.conversation.impl.ContainedConversation.unlock(ContainedConversation.java:108)
>   
> org.springframework.webflow.execution.repository.support.ConversationBackedFlowExecutionLock.unlock(ConversationBackedFlowExecutionLock.java:55)
>   
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:178)
>   
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
>   
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
>   
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
>   
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
>   
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
>   javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>   
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)
>   
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)
>   
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
>   
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
>   
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>   
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>   
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
>   
> com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
> 
> 
> Dan
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-arch

Re: [cas-user] Read Write JSON Registry in Unicon cas-addons 1.6

2013-08-06 Thread Dmitriy Kopylenko 
Hi Matt. The cas-addons issues on GH would be the best place for this 
discussion: https://github.com/Unicon/cas-addons/issues

Thank you.

Dmitriy.

On Aug 6, 2013, at 5:33 PM, Matt Elson  
wrote:

> Apologies if this is the wrong list for this or if I missed some
> documentation, but I'm having a couple of problems with the read/write
> version of the JSON registry provided in Unicon's cas-addons version 1.6
> against CAS version 3.5.2.  I'm using the suggested Maven overlay with a
> few exclusions for libraries I don't believe I need.
> 
> Specifically, I'm running into two problems:
> 
> 1) Anything *new* added via the CAS-provided Services Manager 
> (CASserver/services) gets added to the json file with an id of "-1". 
> Subsequent services added also receive a -1 for the id.  The services do
> seem to validate/allow authentication okay, but it causes a display
> issue in the Services Manager where you can only see one of them.  
> 2) If you modify an existing service, you wind up with two copies of the
> service (the old one and the new one).
> 
> Using the non read-write version of the registry does not show this
> behavior (granted, it doesn't actually write anything out, but the id of
> subsequent added services increment themselves and modifying existing
> services doesn't appear to result in duplicates).
> 
> I'm not much of a programmer, but I poked around the code a bit and the
> attached patch clears it up in my test environment well enough (though I
> suspect it can be improved or I'm doing something horribly
> inappropriate).  I'm just not sure if this is an actual bug, expected
> behavior, some quirk of my environment, or me misunderstanding the
> configuration/use-case.
> 
> If there's a better place to send this query let me know and thanks in
> advance for any help you can give!
> 
> Matt 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Re-authentication for higher security pages

2013-09-05 Thread Dmitriy Kopylenko 
Or, one could simply use the "AuthenticationSupport" API of cas-addons like 
this: authenticationSupport.getAuthenticatedPrincipalFrom(tgtId).getId() (Note 
that there is no need to directly inject TicketRegistry as it is already 
encapsulated in the DefaultAuthenticationSupport implementation).

https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java#L37

To create this bean, simply declare it using cas-addons custom XML namespace: 
 and it would be available for injection 
under 'authenticationSupport' bean id.

Please note that using cas-addons for what you need to do IS NOT REQUIRED. This 
is just a friendly "awareness note" about the convenient facilities available 
out there, should one decide it is worth using them :-)

Cheers,
Dmitriy.

On Sep 5, 2013, at 11:29 AM, Jérôme LELEU  wrote:

> Hi,
> 
> The TGTID is in the webflow so you can access it using WebUtils. But the 
> username is stored in the Authentication object of the TGT itself so you will 
> access it by querying the TGT in the tickets registry : something like 
> ticketRegistry.get(TGTID).getAuthentication().getPrincipal().getId().
> Best regards,
> Jérôme
> 
> 
> 
> 2013/9/5 
> Hi Jérôme,
> 
> Thank you for your assistance (and apologies for the delay in my reply).
> I have managed to add an action into the webflow after renewRequestCheck and 
> before viewLoginForm (note I'm using cas 3.3.1 if it matters).
> I currently have injected into my new action, CentralAuthenticationService 
> and TicketRegistry and have access to the tgtid using 
> WebUtils.getTicketGrantingTicketId, but I cant see where to get the username 
> from.
> Any pointers ?
> 
> Thank you.
> 
> On Tuesday, August 27, 2013 7:56:12 AM UTC+1, Jérôme LELEU wrote:
> Hi,
> 
> The CAS server behaves according to what is defined in its webflow : 
> https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java.
> 
> In this case, we'd like to have a login page not displaying the "username" 
> filed is the user is already authenticated (just the password field).
> 
> You need two changes :
> - in the webflow, before displaying the login page, add a new expression 
> (around line 128) to evaluate if the user is already authenticated and his 
> username (be aware that the TGT id is in the webflow : 
> https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java,
>  so you would need to query the tickets registry with that)
> - in the login page, add the appropriate logic : 
> https://github.com/Jasig/cas/blob/3.5.x/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginView.jsp.
> 
> Best regards,
> Jérôme
> 
> 
> 
> 
> 
> 2013/8/22 
> Renew does sound like it should renew an existing identity.
> Im afraid im a bit of a newbie when it comes to customising cas. Do you have 
> any pointers for where to start ? Any wiki articles ? Or do I need to start 
> trawling source code ? Regardless, thank you very much for your help.
> 
> 
> On Thursday, August 22, 2013 9:32:03 AM UTC+1, Jérôme LELEU wrote:
> Hi,
> 
> There were several discussions about the renew parameter, especially when we 
> wrote the LOA specifications.
> I'm in favor of blocking new identity when using the renew parameter : it 
> should only be possible to check the password.
> But we didn't reach any clear agreement on this, so I guess it will stay a 
> customization for now.
> Best regards,
> Jérôme
> 
> 
> 
> 
> 2013/8/22 
> That sounds like exactly what I want, I was hoping there was a native 
> mechanism to support that and initially wondered if renew was it but I guess 
> not.
> 
> On Thursday, August 22, 2013 7:26:15 AM UTC+1, Jérôme LELEU wrote:
> Hi,
> 
> What would be the expected behaviour when the user is already authenticated 
> and requested to login again ?
> Do you want the login page to have the username already fixed by the previous 
> authentication and only the password can be edited ? Because I'm pretty sure 
> that this can be easily achieved with a customization.
> Best regards,
> Jérôme
> 
> 
> 
> 
> 2013/8/21 
> Thank you very much for the responses. I suspect I didn't explain myself very 
> well. The idea is that the user logs onto the web application with a username 
> and password through cas. They are then free to use the system. If they 
> attempt to click the "edit my profile" link they are then asked to provide 
> their password again before they can see that screen - to mitigate against a 
> user leaving their browser logged in, walking away and someone sitting down 
> and changing their details. Similar to the way Amazon deals with editing a 
> profile.
> 
> I have tried to redirect to login with renew=true when the profile page is 
> requested and indeed authentication is requested but at that point any valid 
> account seems to work as it is requesting fresh credentials. I am really

Re: [cas-user] List Tickets by UserName

2013-09-26 Thread Dmitriy Kopylenko 
… and perhaps this: https://github.com/UniconLabs/cas-sso-sessions-report :-)

Cheers,
Dmitriy.

On Sep 26, 2013, at 12:40 PM, Misagh Moayyed  wrote:

> You might be interested in this:
> https://github.com/Unicon/cas-addons/wiki/Active-SSO-Sessions-Report
> 
> From: "Rakesh" 
> To: cas-user@lists.jasig.org
> Sent: Thursday, September 26, 2013 8:18:14 AM
> Subject: [cas-user] List Tickets by UserName
> 
> Hi,
> 
>Is there a way to list TGT's / ST's using the logged in user name? We are 
> using CAS with Ehcache in our environment and I would like to know if there 
> is way to get this list for Administrative purpose.
> 
> Thanks,
> Rakesh
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] zero luck getting MySQL as services management backend

2013-09-26 Thread Dmitriy Kopylenko 
Aaron,

no, you are not being stupid at all. The thing is, you don't have to know the 
class name of that registry implementation. Just use the custom XML element to 
define it and it will create an appropriate instance, just like the doc says:

http://www.springframework.org/schema/beans";
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
   xmlns:cas="http://unicon.net/schema/cas";
   xsi:schemaLocation="http://www.springframework.org/schema/beans
   
http://www.springframework.org/schema/beans/spring-beans.xsd
   http://unicon.net/schema/cas
   http://unicon.net/schema/cas/cas-addons.xsd";>

 







Cheers,
Dmitriy.


On Sep 26, 2013, at 4:11 PM, Aaron Bennett  wrote:

> 
> 
> From: Andrew Petro [mailto:ape...@unicon.net] 
> Sent: Tuesday, September 24, 2013 11:12 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] zero luck getting MySQL as services management backend
> 
>> Aaron,
> 
>> Depending where you're at with your proof-of-concept, maybe you'd like to 
>> try the JSON-file-backed services registry instead?  I've found that not 
>> having a runtime >dependency on a database can save some trouble.
> 
> 
> Hi Andrew,
> 
> Thank you.  I'm definitely interested in trying that since we have no other 
> reason for a MySQL database in this project.  Unfortunately it seems the docs 
> are incomplete: 
> https://github.com/Unicon/cas-addons/wiki/Configuring%20JSON%20Service%20Registry
>  , or else I'm woefully obtuse.
> 
> I can see the edits needed to the  section, but it never shows the 
> definition of the JsonServiceRegistryDao bean.  I know it's something like:
> 
>id="serviceRegistryDao"
>class="what ever class the Json Registry implements ">
> 
> But that's not on the page.  If I'm being stupid, feel free to tell me!
> 
> Thanks,
> 
> Aaron
> 
> 
> ---
> Aaron Bennett
> Manager of Systems Administration
> Clark University ITS
> W:508.793.7315
> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Sending domain parameter

2013-11-13 Thread Dmitriy Kopylenko 
Here’s an example of a custom AuthenticationHandler that authenticates against 
Stormpath cloud service:

https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/handler/StormpathAuthenticationHandler.java

In your case, you would need to create a custom Credentials to encapsulate the 
“domain” data and customize a login flow to package that “domain” data in it 
before passing it further down the processing pipeline to authentication 
handler, etc.

Best,
Dmitriy.

On Nov 13, 2013, at 9:23 AM, Idan Fridman  wrote:

> Thanks for your response.
> Do you have any example where you created specific  authentication handler 
> for any other purpose?
>  
> Thanks,
> Idan.
>  
> From: Jérôme LELEU [mailto:lel...@gmail.com] 
> Sent: Wednesday, November 13, 2013 11:41 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Sending domain parameter
>  
> Hi,
>  
> OK. I understand your request.
> You can't do that out of the box. You need some customization to do that : 
> you will need to create a specific authentication handler, in which you will 
> need to get the service from the url and use it dynamically to build your SQL 
> query.
> Best regards,
> Jérôme
>  
>  
>  
> 2013/11/13 Idan Fridman 
> Hi,
>  
> Did you understand my target?
> Thanks.
>  
>  
> From: Idan Fridman 
> Sent: Tuesday, November 12, 2013 3:13 PM
> To: 'cas-user@lists.jasig.org'
> Subject: RE: [cas-user] Sending domain parameter
>  
> Hi,
> Ill try to explain what I need.
>  
> I am using CAS (beside of authentication) to retrieve user attributes(in my 
> case PERMISSIONS) from DB.
>  
> The user roles retrieved from Database configured this way:
>  
>  class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
> 
> 
> 
>   
> 
>   
> 
> 
>   
> 
> 
>   
> 
>   
>  
>  
> My table in the database includes the column "DOMAIN_NAME".
>  
> I want to adjust my query by involving the DOMAIN_NAME in the select clauses, 
> something like this:  SELECT * FROM USER_DATA WHERE {0} and DOMAIN_NAME=?
>  
> The question how I retrieve the DOMAIN_NAME from the client?
>  
> If for example a user authentication from domain_name=www.mywebsite.com I 
> would like to have something like this: SELECT * FROM USER_DATA WHERE {0} and 
> DOMAIN_NAME='www.mywebsite.com'
>  
> Thanks,
> Ray.
>  
>  
> From: Jérôme LELEU [mailto:lel...@gmail.com] 
> Sent: Tuesday, November 12, 2013 3:07 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Sending domain parameter
>  
> Hi,
>  
> I'm not sure to understand your need : the CAS service sent to the CAS server 
> is the url of the CASsified application (example : 
> http://myserverhost/cas/login?service=http://myapphost/myapp).
> The CAS service already provides you the domain name of the CAS 
> client/application.
> Best regards,
> Jérôme
>  
>  
> 2013/11/12 ray 
> Hi,
> Want to know if it's possible to send additional attributes (for example 
> domain name) from CAS-client to CAS server?
> 
> I would like the client application to send it's Domain name to a CAS server. 
> The domain name will help me to retrieve domain-based-attribute within the 
> CAS response to the user.
> 
> thanks,
> ray.
> --
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> id...@cellebrite.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> This e-mail and the information it contains may be privileged and/or 
> confidential. It is intended solely for the use of the named recipient(s). If 
> you are not the intended recipient you may not disclose, copy, distribute or 
> retain any part of this message or attachments. If you have received this 
> e-mail in error please notify the sender immediately [by clicking 'Reply'] 
> and delete this e-mail.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> id...@cellebrite.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> This e-mail and the information it contains may be privileged and/or 
> confidential. It is intended solely for the use of the named recipient(s). If 
> you are not the intended recipient you may not disclose, copy, distribute or 
> retain any part of this message or attachments. If you have received this 
> e-mail in error please notify the sender immediately [by clicking 'Reply'] 
>

Re: [cas-user] Sending domain parameter

2013-11-13 Thread Dmitriy Kopylenko 
Idan,

the standard way of customizing CAS has been a Maven war overlay method as 
outlined here: 
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method

Please note that even though the document calls it a “Maven2 overlay method”, 
in reality Maven2 is kind of “dead” and Maven versions 3.x should be used 
whenever possible. The current latest version of Apache Maven is 3.1.1

Best,
Dmitriy.

On Nov 13, 2013, at 10:39 AM, Idan Fridman  wrote:

> Thanks Dimity,
> Question: Do I need to download CAS source code and recompile it for that?
>  
> thanks
>  
> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
> Sent: Wednesday, November 13, 2013 4:32 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Sending domain parameter
>  
> Here’s an example of a custom AuthenticationHandler that authenticates 
> against Stormpath cloud service:
>  
> https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/handler/StormpathAuthenticationHandler.java
>  
> In your case, you would need to create a custom Credentials to encapsulate 
> the “domain” data and customize a login flow to package that “domain” data in 
> it before passing it further down the processing pipeline to authentication 
> handler, etc.
>  
> Best,
> Dmitriy.
>  
> On Nov 13, 2013, at 9:23 AM, Idan Fridman  wrote:
> 
> 
> Thanks for your response.
> Do you have any example where you created specific  authentication handler 
> for any other purpose?
>  
> Thanks,
> Idan.
>  
> From: Jérôme LELEU [mailto:lel...@gmail.com] 
> Sent: Wednesday, November 13, 2013 11:41 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Sending domain parameter
>  
> Hi,
>  
> OK. I understand your request.
> You can't do that out of the box. You need some customization to do that : 
> you will need to create a specific authentication handler, in which you will 
> need to get the service from the url and use it dynamically to build your SQL 
> query.
> Best regards,
> Jérôme
>  
>  
>  
> 2013/11/13 Idan Fridman 
> Hi,
>  
> Did you understand my target?
> Thanks.
>  
>  
> From: Idan Fridman 
> Sent: Tuesday, November 12, 2013 3:13 PM
> To: 'cas-user@lists.jasig.org'
> Subject: RE: [cas-user] Sending domain parameter
>  
> Hi,
> Ill try to explain what I need.
>  
> I am using CAS (beside of authentication) to retrieve user attributes(in my 
> case PERMISSIONS) from DB.
>  
> The user roles retrieved from Database configured this way:
>  
>  class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
> 
> 
> 
>   
> 
>   
> 
> 
>   
> 
> 
>   
> 
>   
>  
>  
> My table in the database includes the column "DOMAIN_NAME".
>  
> I want to adjust my query by involving the DOMAIN_NAME in the select clauses, 
> something like this:  SELECT * FROM USER_DATA WHERE {0} and DOMAIN_NAME=?
>  
> The question how I retrieve the DOMAIN_NAME from the client?
>  
> If for example a user authentication from domain_name=www.mywebsite.com I 
> would like to have something like this: SELECT * FROM USER_DATA WHERE {0} and 
> DOMAIN_NAME='www.mywebsite.com'
>  
> Thanks,
> Ray.
>  
>  
> From: Jérôme LELEU [mailto:lel...@gmail.com] 
> Sent: Tuesday, November 12, 2013 3:07 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Sending domain parameter
>  
> Hi,
>  
> I'm not sure to understand your need : the CAS service sent to the CAS server 
> is the url of the CASsified application (example : 
> http://myserverhost/cas/login?service=http://myapphost/myapp).
> The CAS service already provides you the domain name of the CAS 
> client/application.
> Best regards,
> Jérôme
>  
>  
> 2013/11/12 ray 
> Hi,
> Want to know if it's possible to send additional attributes (for example 
> domain name) from CAS-client to CAS server?
> 
> I would like the client application to send it's Domain name to a CAS server. 
> The domain name will help me to retrieve domain-based-attribute within the 
> CAS response to the user.
> 
> thanks,
> ray.
> --
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> id...@ce

Re: [cas-user] CAS 3.5.2 HA Setup with Ehcache

2013-11-17 Thread Dmitriy Kopylenko 
Just as an awareness message:

there is an alternative distributed TicketRegistry implementation based on 
Hazelcast available in cas-addons 1.9 which hasn't seen any wide deployments 
yet, but could be a viable alternative to EhCache TicketRegistry:

https://github.com/Unicon/cas-addons/wiki/Configuring-HazelcastTicketRegistry

Best,
Dmitriy. 

Sent from my iPhone

> On Nov 17, 2013, at 18:55, "Gene"  wrote:
> 
> After finding this message via a lot of time on Google, I read all the pages 
> at http://jasig.github.io/cas/index.html and was left with just a couple of 
> questions:
> 
> 1) What are your thoughts on Ehcache compared to JBoss Cache?
> 2) Is there a start-to-finish guide / tutorial anywhere for setting up a HA 
> CAS systems (CAS, replicated ticket store, Tomcat / whatever, Maven, etc., 
> etc.)?
> 
> Thanks!
> Gene
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Mapping principal to REMOTE_USER

2013-11-19 Thread Dmitriy Kopylenko 
Try using plain UsernamePasswordCredentialsToPrincipalResolver without wrapping 
it in CredentialsToLDAPAttributePrincipalResolver. 

Best,
Dmitriy. 

Sent from my iPad

On Nov 19, 2013, at 9:10 PM, Baron Fujimoto  wrote:

> Anyone? Is there a perhaps a more useful way to frame my query?
> 
> Specifically, I'm trying to ensure that REMOTE_USER is set to the
> actual username credential that was used to authenticate to CAS.
> More generally, it would be useful to have a better understanding
> of what gets mapped to REMOTE_USER and how to configure such.
> 
> Aloha,
> -baron
> 
> On Wed, Nov 13, 2013 at 05:34:10PM -1000, Baron Fujimoto wrote:
>> I'm trying to debug/resolve an issue we recently encountered. 
>> 
>> Our setup is as follows:
>> 
>> - We authenticate Google Apps using SSO via the Shibboleth IdP. [1]
>> - Our Shib IdP authenticates using CAS using RemoteUser. [2]
>> - Our CAS authenticates against and obtains attributes from LDAP.
>> 
>> The issue we've encountered is that we have a few users with more than one
>> uid attribute in their LDAP entries (let's say their values are "u1" and
>> "u2"). Google wants the principal to identify their user, and per the
>> Shibboleth-CAS+Integration docs referenced below, appears to be getting
>> it via REMOTE_USER. The problem is that when the user authenticates as u2,
>> it looks like REMOTE_USER is being set to u1 instead of u2.
>> 
>> I think this is the relevant(?) config snippet from
>> deployerConfigContext.xml
>> 
>> >   
>> class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
>>   
>>   
>>   > 
>> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>>  />
>>   
>> 
>>   
>>   
>> 
>>   
>>   
>>   
>>   
>> 
>>   
>>   
>>   
>> 
>> 
>> Is there a way keeping the the username/credential that was used to
>> authenticate as the principal, or otherwise have that mapped to
>> REMOTE_USER?
>> 
>> Any help would be appreciated, even if it's just RTFM if you can point me
>> to some appropriate FM.
>> 
>> [1] 
>> [2] 
>> 
>> -- 
>> Baron Fujimoto  :: UH Information Technology Services
>> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: ba...@hawaii.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> Baron Fujimoto  :: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] JPA Ticket Registry CAS 4.0RC2

2013-11-21 Thread Dmitriy Kopylenko 
Sounds like a bug to me.

D.

On Nov 21, 2013, at 11:27 AM, Rafael Pineros  wrote:

> Hello all,
> 
> 
> There seems to be an issue when performing a logout from CAS Server 4.0RC2 
> when using a JPA Ticket Registry. 
> 
> In the CentralAuthenticationServiceImpl we have:
> 
> 
> 226logger.debug("Ticket found. Deleting and then performing back 
> channel logout.");
> 227this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
> 228
> 229return logoutManager.performLogout(ticket);
> 
> Which apparently removes the ticket from the DB and then, when calling 
> performLogout it attempts to use merge in order to update the Expired field 
> of this already deleted object, leading to  an exception whenever I try to do 
> an actual logout in my local CAS instance,
> 
> 
> -- 
> Rafael Pineros, BSc
> Application Developer
> 
> FORCORP
> #101, 11710 Kingsway NW
> Edmonton , AB, T5G 0X5
> www.forcorp.com
> 
> (o) 780-452-5878 ext 226
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Automatic Login... best practices

2013-12-28 Thread Dmitriy Kopylenko 
Hi Ray. You'd need to invent a kind of 'Credentials' implementation that 
encapsulates this host/ip info and get that info into it somewhere in the login 
flow before those credentials are passed onto your custom authn handler's 
"authenticate" method. 

Happy New Year!

Dmitriy. 

Sent from my iPhone

> On Dec 28, 2013, at 3:56, Idan Fridman  wrote:
> 
> Hi,
> You were talking about authentication handlers. Is it possible to retrieve 
> the service host/ip via that authentication handler? Because if you implement 
> AuthenticationHandler you could get only the Credentials.
> 
> Thanks,
> Ray
> 
> - Reply message -
> From: "Jérôme LELEU" 
> To: "cas-user@lists.jasig.org" 
> Subject: [cas-user] CAS Automatic Login... best practices
> Date: Sat, Dec 28, 2013 09:53
> 
> Hi,
> 
> OK. You don't need an auto login process here (as you don't have the user's 
> password, which is a good thing), but as I also suggested, you need an 
> authentication handler taking a username and a OTP (one-time password) = an 
> authentication code, to authenticate  a user. I would got that way.
> 
> So you would have two authentication handlers, one processing user's login 
> and password and one processing a username and an authentication code (which 
> can be used only once).
> 
> Best regards,
> Jérôme
> 
> 
> 
> 2013/12/27 Joe 
>> Sorry, rereading what I want to do, I can see now, how it's a bit misleading.
>> 
>> So (on the application server side) I have authenticated the user via an 
>> authentication code, and have created the account.  CAS has not yet 
>> authenticated the user.  I want to tell CAS that the current user and 
>> session is authenticated without passing the password back over the public 
>> wire .(The application server might pass the user/password to CAS).
>> 
>> I can think of a few ways to do this, but is there a recommended way?
>> 
>> -Joe
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> id...@cellebrite.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> This e-mail and the information it contains may be privileged and/or 
> confidential. It is intended solely for the use of the named recipient(s). If 
> you are not the intended recipient you may not disclose, copy, distribute or 
> retain any part of this message or attachments. If you have received this 
> e-mail in error please notify the sender immediately [by clicking 'Reply'] 
> and delete this e-mail.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Automatic Login... best practices

2013-12-29 Thread Dmitriy Kopylenko 
You'd need to invent custom Spring Web Flow state(s) to do the job and declare 
them in login-flow.xml. Also a new class implementing Credentials interface 
that wraps the IP information of the target service well as custom 
AuthenticationHandler supporting this Credentials type. 

This is a basic outline, as this would be a some what advanced case of 
extending CAS server which requires custom development and thorough 
understanding of CAS internals. 

I hope this gives you a right idea to do the further research. 

Best,
Dmitriy. 

Sent from my iPhone

> On Dec 29, 2013, at 3:13, Idan Fridman  wrote:
> 
> Hi Dmitriy,
>  
> How would you build that flow? How can I modify that 'Credentials'  object 
> before the auth handler's being invoked.
>  
> Thanks,
> Idan.
>  
> From: Dmitriy Kopylenko [mailto:dmitriy.kopyle...@gmail.com] 
> Sent: Saturday, December 28, 2013 4:02 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] CAS Automatic Login... best practices
>  
> Hi Ray. You'd need to invent a kind of 'Credentials' implementation that 
> encapsulates this host/ip info and get that info into it somewhere in the 
> login flow before those credentials are passed onto your custom authn 
> handler's "authenticate"  method. 
>  
> Happy New Year!
>  
> Dmitriy. 
> 
> Sent from my iPhone
> 
> On Dec 28, 2013, at 3:56, Idan Fridman  wrote:
> 
> Hi,
> You were talking about authentication handlers. Is it possible to retrieve 
> the service host/ip via that authentication handler? Because if you implement 
> AuthenticationHandler you could get only the Credentials.
>  
> Thanks,
> Ray
>  
> - Reply message -
> From: "Jérôme LELEU" 
> To: "cas-user@lists.jasig.org" 
> Subject: [cas-user] CAS Automatic Login... best practices
> Date: Sat, Dec 28, 2013 09:53
>  
> Hi,
>  
> OK. You don't need an auto login process here (as you don't have the user's 
> password, which is a good thing), but as I also suggested, you need an 
> authentication handler taking a username and a OTP (one-time password) = an 
> authentication code, to authenticate a user. I would got that way.
>  
> So you would have two authentication handlers, one processing user's login 
> and password and one processing a username and an authentication code (which 
> can be used only once).
>  
> Best regards,
> Jérôme
>  
>  
> 
> 2013/12/27 Joe 
> Sorry, rereading what I want to do, I can see now, how it's a bit misleading.
> 
> So (on the application server side) I have authenticated the user via an 
> authentication code, and have created the account.  CAS has not yet 
> authenticated the user.  I want to tell CAS that the current user and session 
> is authenticated without passing the password back over the public wire .(The 
> application server might pass the user/password to CAS).
> 
> I can think of a few ways to do this, but is there a recommended way?
> 
> -Joe
> --
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> id...@cellebrite.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> This e-mail and the information it contains may be privileged and/or 
> confidential. It is intended solely for the use of the named recipient(s). If 
> you are not the intended recipient you may not disclose, copy, distribute or 
> retain any part of this message or attachments. If you have received this 
> e-mail in error please notify the sender immediately [by clicking 'Reply'] 
> and delete this e-mail.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> id...@cellebrite.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> This e-mail and the information it contains may be privileged and/or 
> confidential. It is intended solely for the use of the named recipient(s). If 
> you are not the intended recipient you may not disclose, copy, distribute or 
> retain any part of this message or attachments. If you have received this 
> e-mail in error please notify the sender immediately [by clicking 'Reply'] 
> and delete this e-mail.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] authentication meta data populators

2014-01-03 Thread Dmitriy Kopylenko 
This information should be available in the Authentication object's 
encapsulated attribute bound to the following key: 
https://github.com/Jasig/cas/blob/v3.5.2/cas-server-core/src/main/java/org/jasig/cas/authentication/AuthenticationManager.java#L38
 without the need for custom MetadataPopulator (at least for Jdbc and Ldap 
authn handlers which inherit the ‘NamedAuthenticationHandler’ implementation 
from their respective parent classes).

Cheers,
Dmitriy.

On Jan 3, 2014, at 3:49 PM, Nancy Snoke  wrote:

> This is something that I want to know later in the authentication flow.
>  
> Thanks,
> Nancy
>  
> From: Misagh Moayyed [mailto:mmoay...@unicon.net] 
> Sent: Monday, December 30, 2013 9:15 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] authentication meta data populators
>  
> Is this something that the application should know, or is it something you at 
> the CAS layer would want to know to use later on somewhere in the 
> authentication flow?
> 
> Misagh
>  
>  
> From: "Nancy Snoke" 
> To: cas-user@lists.jasig.org
> Sent: Monday, December 30, 2013 7:29:36 AM
> Subject: [cas-user] authentication meta data populators
> 
> Hi,
>  
> I am using CAS 3.5.2 (I have no problem upgrading to the newly released 4.0 
> if that would help) and I currently have authentication working with either 
> ldap and a database.  I want to know whether the user logged on using the 
> ldap or the database.  Based on something I read 
> (https://wiki.jasig.org/display/CASUM/2.+Architecture: 2.3.1.6 section) I 
> thought I could do this using Meta Data Populators, but couldn’t find any 
> documentation on how to use those.  Can anyone point me to some documentation 
> that would help?
>  
> Thanks,
> Nancy
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> nsn...@thegeneral.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Custom Registered Service Implementation?

2014-01-08 Thread Dmitriy Kopylenko 
Perhaps this might be of help:

https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization

Cheers,
Dmitriy. 

Sent from my iPhone

> On Jan 8, 2014, at 20:26, Joe Osowski  wrote:
> 
> Is there a best practice for allowing certain users (being a
> principal) access to certain services?
> 
> Thanks!
> -Joe
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dmitriy.kopyle...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Service Registry ssoEnabled option

2014-01-30 Thread Dmitriy Kopylenko 
Hi Ted. This might be able to help you: 
https://github.com/Unicon/cas-addons/wiki/Configuring%20services%20initiating%20SSO%20sessions

Just one note about this implementation is that the CAS SLO must be turned off 
(which as I see from your description is not the case for you) - I don’t 
remember off the top of my head why. Anyway, see if this is useful to you and 
perhaps we might think about improving this facility to work well with SLO 
turned on, etc.

Cheers,
Dmitriy.

On Jan 30, 2014, at 8:59 AM, Ted Fisher  wrote:

> I have found that ssoEnabled set to false does not have quite the effect we 
> were thinking it did.   When I set a service to not allow SSO participation 
> it does force the user to enter user name and password  each time they try to 
> access the service (ie. Get a service ticket), which is fine.  The problem is 
> that I thought that also caused it to not generate a TGT so that other 
> services could get STs based on a TGT obtained already.
> We have an application (at least one) that does not have any session 
> management or logout.  Our policy for SLO is that when any application 
> participating in SSO logs out then all SSO application sessions are logged 
> out.  This is to prevent a user from walking away from a PC in a lab leaving 
> any SSO sessions active that someone else could hijack.  So, for this 
> application that has no means for the user to log out (depends on user 
> closing browser which doesn't always happen), we don't want authentication 
> for this one app to enable SSO for any other applications.  That is, when 
> they authenticate via CAS for this app we don't want a TGT generated (or we 
> want the TGT destroyed right after the ST is created/validated).
> 
> Is this possible?  
> 
> Can we cause authentication for a single service to apply only to that 
> service?
> 
> Thanks.
> 
> Ted F. Fisher
> Information Technology Services
> Bowling Green State University
> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] username in services management

2014-02-03 Thread Dmitriy Kopylenko 
Try this one: 
http://jasig.github.io/cas/current/installation/Service-Management.html

Dmitriy.

On Feb 3, 2014, at 9:24 AM, Adam Causey  wrote:

> Misagh, I appreciate the response, but the page you sent returns a 404 Page 
> Not Found.
> 
> Thanks,
> Adam
> 
> 
> On Fri, Jan 31, 2014 at 11:56 AM, Misagh Moayyed  wrote:
> Adam,
> 
> Take a look at properties of registered services here: 
> http://jasig.github.io/cas/installation/Service-Management.html
> 
>  
> 
> Misagh
> 
>  
> 
> From: Adam Causey [mailto:apcau...@vcu.edu] 
> Sent: Thursday, January 30, 2014 8:10 AM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] username in services management
> 
>  
> 
> I am curious as to what the 'Username' drop down is used for in the Service 
> Management interface?  I noticed this after an upgrade, but never 
> investigated what it is used for since everything seems to still work as it 
> did in previous versions of CAS.
> 
>  
> 
> I also would like some insight into the 'Ignore Attribute Management via this 
> Tool' setting - is this a quick way to tell CAS that the client is only 
> allowed to authentication but are not passed any attributes?
> 
>  
> 
> Thank you,
> 
> Adam
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  -- 
> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Getting OAUTH Error

2014-02-04 Thread Dmitriy Kopylenko 
Hi Kristen. You don’t need to clone and build the entire CAS source tree in 
order to use CAS. Instead, the Maven war overlay method is the recommended 
approach. Try following this document: 
http://jasig.github.io/cas/current/installation/Maven-Overlay-Installation.html

Best,
Dmitriy.

On Feb 4, 2014, at 3:04 PM, Kristen Walker  wrote:

> Hi All,
> 
> I am brand new to CAS and trying to set up my first CAS server. I downloaded
> 3.5.2, made adjustments to deployerConfigContext.xml and pom.xml, then run "
> mvn clean package."
> 
> I am getting a build failure because of errors in the OAUTH tests.:
> 
> [INFO] 
> 
> [INFO] Reactor Summary:
> [INFO] 
> [INFO] Jasig Central Authentication Service .. SUCCESS [7.342s]
> [INFO] Jasig CAS Core  SUCCESS
> [2:25.316s]
> [INFO] Jasig CAS Web Application . SUCCESS [33.274s]
> [INFO] Jasig CAS Generic Support . SUCCESS [7.023s]
> [INFO] Jasig CAS JDBC Support  SUCCESS [3.385s]
> [INFO] Jasig CAS LDAP Support  SUCCESS [15.001s]
> [INFO] Jasig CAS Legacy Support .. SUCCESS [6.807s]
> [INFO] Jasig CAS OpenId Support .. SUCCESS [14.293s]
> [INFO] Jasig CAS RADIUS Support .. SUCCESS [4.304s]
> [INFO] Jasig CAS SPNEGO/NTLM Support . SUCCESS [8.064s]
> [INFO] Jasig CAS Trusted User Support  SUCCESS [7.708s]
> [INFO] Jasig CAS X.509 Client Certificate Support  SUCCESS [17.430s]
> [INFO] Jasig CAS OAuth Support ... FAILURE [14.621s]
> [INFO] Jasig CAS JBoss Cache Integration . SKIPPED
> [INFO] Jasig CAS Memcached Integration ... SKIPPED
> [INFO] Jasig CAS Ehcache Integration . SKIPPED
> [INFO] Jasig CAS Restlet Integration . SKIPPED
> [INFO] Jasig CAS - Uber WAR .. SKIPPED
> [INFO] Jasig CAS Documentation ... SKIPPED
> [INFO] Jasig CAS ClearPass Extension . SKIPPED
> 
> ---
> T E S T S
> ---
> Running org.jasig.cas.support.oauth.web.OAuth20AccessTokenControllerTests
> Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.601 sec
> Running 
> org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeControllerTests
> Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.057 sec
> Running org.jasig.cas.support.oauth.web.OAuth20ProfileControllerTests
> Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.111 sec
> Running org.jasig.cas.support.oauth.web.OAuth20AuthorizeControllerTests
> Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.048 sec
> Running org.jasig.cas.support.oauth.web.OAuth20WrapperControllerTests
> cas-server-support-oauth 2014/02/04 11:49:03,235 ERROR [main]
> org.jasig.cas.support.oauth.web.BaseOAuthWrapperController - Unknown method
> : wrongmethod
> Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.03 sec
> Running org.jasig.cas.support.oauth.web.flow.OAuthActionTests
> cas-server-support-oauth 2014/02/04 11:49:03,753 ERROR [main]
> org.scribe.up.provider.BaseOAuth20Provider - Possible threat of Cross-site
> Request Forgery.
> Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.533 sec
> Running org.jasig.cas.support.oauth.web.OAuth10LoginControllerTests
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.951 sec
> <<< FAILURE!
> 
> 
> Sorry if this is vague or something completely obvious. I am very new to
> CAS. Any help would be much appreciated!
> 
> Thanks,
> Kristen
> 
> -- 
> Kristen Walker
> Digital Media Resources Developer
> Educational Technology Services
> Santa Barbara County Education Office
> (805) 964-4711 x 5244
> Twitter: @kwalkersb
> kwal...@sbceo.org
> http://www.sbceoportal.org
> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Limiting Service Ticket length

2014-02-21 Thread Dmitriy Kopylenko 
Hi Jonathan,

Hi Jonathan,

you’d just need to pull in the uniqueIdGenerators.xml into your overlay’s 
WEB-INF/spring-configuration directory and redefine the following bean like so:






Best,
Dmitriy.

On Feb 21, 2014, at 2:55 PM, Liedy, Jonathan  wrote:

> Hey all,
>  
> So I’m in a bit of a configuration pickle.  Due to some unique constraints, 
> I’ve got a need to limit the character length of the service ticket while in 
> a clustered system.  I plan on shortening our host.name variable for the 
> suffix of the ST ticket generation, but I need to limit the length of the 
> serialzed portion of the ticket.  I notice there’s a way to limit the 
> serialized portion of the ticket.
>  
> Using version 3.5.2, In org.jasig.cas.util.DefaultUniqueTicketIdGenerator, 
> lines 64 and 65 there is a maxLength variable that can be set to limit the 
> length of the DefaultUniqueTicketIdGenerator, but I cannot, for the life of 
> me, figure out how to set it for the ST.  I need to limit it to 3 or 4 
> characters (instead of limiting the random string generation character 
> limit).  Even pointing me in the right direction would be useful.
>  
> Thanks!
>  
> Jonathan Liedy
> Middleware Administrator
> The Florida State University
> 2035 East Paul Dirac Drive
> Sliger, Suite 113
> Tallahassee, FL 32310
> jli...@fsu.edu
> Voice: (850) 270-7368
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] annoying responses

2014-03-21 Thread Dmitriy Kopylenko 
Test… (effectively to test if I get a barrage of auto responses)

D.

On Mar 21, 2014, at 12:14 PM, Marvin Addison  wrote:

>> That might help; however, most of the objectionable "not available" messages 
>> I see come directly to me, not through the list.
> 
> I've worked with our mailing list admins to implement the suggestion you made.
> 
> From the WiscList folks:
> 
> The header "X-Auto-Response-Suppress: All" has been added to each of
> the lists.  Let me know how this works for you and we can make changes
> to other lists as you see fit.
> 
> Please follow up with your impressions on efficacy. There's interest
> in adding this header to other Jasig lists if it helps.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] annoying responses

2014-03-21 Thread Dmitriy Kopylenko 
Ooops… I got one...

Begin forwarded message:

> From: Tan Teck Tim 
> Subject: Out of Office: [cas-user] annoying responses
> Date: March 21, 2014 at 1:28:30 PM EDT
> To: Dmitriy Kopylenko 
> 
> I am not in office on 21 MAR FRI . I may have limited access to email duing 
> this period. For any urgent matters, please contact serviced...@ntu.edu.sg
> 
> CONFIDENTIALITY:This email is intended solely for the person(s) named and may 
> be confidential and/or privileged.If you are not the intended 
> recipient,please delete it,notify us and do not copy,use,or disclose its 
> content.
> 
> Towards A Sustainable Earth:Print Only When Necessary.Thank you.


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Using cluster Env on Amazon

2014-04-07 Thread Dmitriy Kopylenko 
You might want to put the HazelcastTicketRegistry on your “to try” list, as 
Hazelcast supports Amazon EC2 auto discovery for its cluster natively:

https://github.com/Unicon/cas-addons/wiki/Configuring-HazelcastTicketRegistry

http://hazelcast.org/docs/latest/manual/html/ec2autodiscovery.html

Cheers,
Dmitriy.

On Apr 7, 2014, at 11:30 AM, ray  wrote:

> I am trying to configure clustering to our CAS nodes via this article:
> https://wiki.jasig.org/display/CASUM/Clustering+CAS
> 
> Our servers running on Amazon's cloud. As I understand I must have multicast 
> on the network.
> 
> Amazon doesnt support multicast. any proven way how to backdoor this?
> 
> found some links on the web but not sure about their legitimate
> 
> thanks,
> ray.
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas server and radius authentication

2014-05-28 Thread Dmitriy Kopylenko 
Looking at the JRadiusServerImpl in 4.0, the constructor only takes the 
protocol and RadiusClientFactory (no 'number of retries’ property)

https://github.com/Jasig/cas/blob/v4.0.0/cas-server-support-radius/src/main/java/org/jasig/cas/adaptors/radius/JRadiusServerImpl.java#L72

So apparently the wiki documentation is wrong.

Try adjusting the bean definition for radiusServer1 accordingly.

Cheers,
D.

On May 28, 2014, at 9:43 AM, Reuben Popp  wrote:

> Good morning to all,
> 
> Quick question for the group.  I'm attempting to deploy CAS with radius 
> authentication and am running into a little trouble. 
> 
> The environment consists of the following:
> 
> Redhat ES 6.5
> Cas Server 4.0
> Apache Tomcat 7
> Java 1.6
> 
> I renamed the cas-server-uber-webapp-4.0.0.war to cas.war and moved it to 
> /opt/apache-tomcat/webapps and made sure it had the appropriate permissions, 
> after which I restarted tomcat to ensure that the war file was deployed.
> 
> I then modified /cas/WEB-INF/deployerConfigContext.xml as per 
> the documentation for cas server 4 in the wiki:
> 
> https://wiki.jasig.org/display/CASUM/RADIUS
> 
> Restarting tomcat, I see the following errors in the catalina.out log:
> 
> 2014-05-28 08:18:09,911 ERROR [org.springframework.web.context.ContextLoader] 
> - 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'centralAuthenticationService' defined in ServletContext resource 
> [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve 
> reference to bean 'authenticationManager' while setting constructor argument; 
> nested exception is org.springframework.beans.factory.BeanCreationException: 
> Error creating bean with name 'authenticationManager' defined in 
> ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve 
> reference to bean 'radiusAuthenticationHandler' while setting constructor 
> argument; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'radiusAuthenticationHandler' defined in ServletContext resource 
> [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 
> 'radiusServer1' while setting bean property 'servers' with key [0]; nested 
> exception is org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'radiusServer1' defined in ServletContext resource 
> [/WEB-INF/deployerConfigContext.xml]: Could not resolve matching constructor 
> (hint: specify index/type/name arguments for simple parameters to avoid type 
> ambiguities)
> 
> 
> 
> Caused by: org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'authenticationManager' defined in ServletContext 
> resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to 
> bean 'radiusAuthenticationHandler' while setting constructor argument; nested 
> exception is org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'radiusAuthenticationHandler' defined in 
> ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve 
> reference to bean 'radiusServer1' while setting bean property 'servers' with 
> key [0]; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'radiusServer1' defined in ServletContext resource 
> [/WEB-INF/deployerConfigContext.xml]: Could not resolve matching constructor 
> (hint: specify index/type/name arguments for simple parameters to avoid type 
> ambiguities)
> 
> 
> 
> Caused by: org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'radiusAuthenticationHandler' defined in 
> ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve 
> reference to bean 'radiusServer1' while setting bean property 'servers' with 
> key [0]; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'radiusServer1' defined in ServletContext resource 
> [/WEB-INF/deployerConfigContext.xml]: Could not resolve matching constructor 
> (hint: specify index/type/name arguments for simple parameters to avoid type 
> ambiguities)
> 
> 
> 
> Caused by: org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'radiusServer1' defined in ServletContext resource 
> [/WEB-INF/deployerConfigContext.xml]: Could not resolve matching constructor 
> (hint: specify index/type/name arguments for simple parameters to avoid type 
> ambiguities)
>  
> My deployerConfigContext.xml consists of the following [changes], the rest 
> was left as-is:
> 
>  class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
> 
> 
> 
> 
>  value-ref="primaryPrincipalResolver" />
> 
> 
> 
>  class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
> 
>

Re: [cas-user] What controller handles login post?

2014-06-03 Thread Dmitriy Kopylenko 
It’s this SWF action state implementation that handles the job:

https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java

Note that the above is for the 3.5.2.1 version. Here’s the version of the same 
class in the master:

https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java

Best,
Dmitriy.

On Jun 3, 2014, at 9:06 AM, Zac Harvey  wrote:

> When someone logs into CAS (from the casLoginView.jsp page), what controller 
> actually handles the HTTP POST?  I see an 
> org.jasig.cas.web.ServiceValidateController, but believe this is for the 
> subsequent /validateService call.  I’m looking for what controller actually 
> handles the initial POST (authentication attempt).  Ideas? Thanks in advance!
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] What controller handles login post?

2014-06-03 Thread Dmitriy Kopylenko 
That happens in the following action state implementation (v3.5.2.1 and master 
respectively):

https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/SendTicketGrantingTicketAction.java

https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/SendTicketGrantingTicketAction.java

Cheers,
D.

On Jun 3, 2014, at 9:57 AM, Zac Harvey  wrote:

> Thanks Dmitriy,
>  
> I assume that AuthenticationViaFormAction somehow invokes the 
> CookieRetrievingCookieGenerator to produce the CASTGC cookie and hand it back 
> to the browser?  If so, can you point me in the general vicinity of where 
> this communication is happening? Thanks again!
>  
> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
> Sent: Tuesday, June 03, 2014 9:13 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] What controller handles login post?
>  
> It’s this SWF action state implementation that handles the job:
>  
> https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
>  
> Note that the above is for the 3.5.2.1 version. Here’s the version of the 
> same class in the master:
>  
> https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
>  
> Best,
> Dmitriy.
>  
> On Jun 3, 2014, at 9:06 AM, Zac Harvey  wrote:
> 
> 
> When someone logs into CAS (from the casLoginView.jsp page), what controller 
> actually handles the HTTP POST?  I see an 
> org.jasig.cas.web.ServiceValidateController, but believe this is for the 
> subsequent /validateService call.  I’m looking for what controller actually 
> handles the initial POST (authentication attempt).  Ideas? Thanks in advance!
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> zhar...@commercehub.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] What controller handles login post?

2014-06-03 Thread Dmitriy Kopylenko 
And the transition between ‘authenticationViaFormAction’ and 
‘sendTicketGrantingTicket’ happens here:

https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L146

All Spring Web Flow standard machinery.

Hope this helps.

D.

On Jun 3, 2014, at 10:05 AM, Dmitriy Kopylenko  wrote:

> That happens in the following action state implementation (v3.5.2.1 and 
> master respectively):
> 
> https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/SendTicketGrantingTicketAction.java
> 
> https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/SendTicketGrantingTicketAction.java
> 
> Cheers,
> D.
> 
> On Jun 3, 2014, at 9:57 AM, Zac Harvey  wrote:
> 
>> Thanks Dmitriy,
>>  
>> I assume that AuthenticationViaFormAction somehow invokes the 
>> CookieRetrievingCookieGenerator to produce the CASTGC cookie and hand it 
>> back to the browser?  If so, can you point me in the general vicinity of 
>> where this communication is happening? Thanks again!
>>  
>> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
>> Sent: Tuesday, June 03, 2014 9:13 AM
>> To: cas-user@lists.jasig.org
>> Subject: Re: [cas-user] What controller handles login post?
>>  
>> It’s this SWF action state implementation that handles the job:
>>  
>> https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
>>  
>> Note that the above is for the 3.5.2.1 version. Here’s the version of the 
>> same class in the master:
>>  
>> https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
>>  
>> Best,
>> Dmitriy.
>>  
>> On Jun 3, 2014, at 9:06 AM, Zac Harvey  wrote:
>> 
>> 
>> When someone logs into CAS (from the casLoginView.jsp page), what controller 
>> actually handles the HTTP POST?  I see an 
>> org.jasig.cas.web.ServiceValidateController, but believe this is for the 
>> subsequent /validateService call.  I’m looking for what controller actually 
>> handles the initial POST (authentication attempt).  Ideas? Thanks in advance!
>>  
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dkopyle...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>  
>>  
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> zhar...@commercehub.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dkopyle...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] What controller handles login post?

2014-06-03 Thread Dmitriy Kopylenko 
It’s just a name of the default event that triggers the transition, and since 
there’s is only one possible transition out of this state:

https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L158

regardless of the event, the code might as easily return null and the 
transition would execute in any case. It’s just the way it is and how it was 
coded originally. That is all I could say about it.

Best,
D.

On Jun 3, 2014, at 10:10 AM, Zac Harvey  wrote:

> Thank you!
>  
> One last followup question (I promise) - but I’m just curious: in 
> SendTicketGrantingTicketAction#doExecute:
>  
> If(ticketGrantingId == null) {
> return success();
> }
>  
> // Now add the CASTGC cookie here
>  
> Why would we want to return success() if the ticketGrantingId is NULL?  
> Wouldn’t that indicate an error? Thanks again!
>  
> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
> Sent: Tuesday, June 03, 2014 10:06 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] What controller handles login post?
>  
> That happens in the following action state implementation (v3.5.2.1 and 
> master respectively):
>  
> https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/SendTicketGrantingTicketAction.java
>  
> https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/SendTicketGrantingTicketAction.java
>  
> Cheers,
> D.
>  
> On Jun 3, 2014, at 9:57 AM, Zac Harvey  wrote:
> 
> 
> Thanks Dmitriy,
>  
> I assume that AuthenticationViaFormAction somehow invokes the 
> CookieRetrievingCookieGenerator to produce the CASTGC cookie and hand it back 
> to the browser?  If so, can you point me in the general vicinity of where 
> this communication is happening? Thanks again!
>  
> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
> Sent: Tuesday, June 03, 2014 9:13 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] What controller handles login post?
>  
> It’s this SWF action state implementation that handles the job:
>  
> https://github.com/Jasig/cas/blob/v3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
>  
> Note that the above is for the 3.5.2.1 version. Here’s the version of the 
> same class in the master:
>  
> https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
>  
> Best,
> Dmitriy.
>  
> On Jun 3, 2014, at 9:06 AM, Zac Harvey  wrote:
> 
> 
> 
> When someone logs into CAS (from the casLoginView.jsp page), what controller 
> actually handles the HTTP POST?  I see an 
> org.jasig.cas.web.ServiceValidateController, but believe this is for the 
> subsequent /validateService call.  I’m looking for what controller actually 
> handles the initial POST (authentication attempt).  Ideas? Thanks in advance!
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> zhar...@commercehub.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> zhar...@commercehub.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS: Please confirm cas.properties behavior

2014-06-13 Thread Dmitriy Kopylenko 
I’ll try. There is nothing special how we (at Unicon) define the CAS props and 
the referenced overlay is just an example of best practices of what worked 
really well for our CAS deployments. As Scott explained, it is 'either OR' 
situation in the way that the PPC (PropertyPlaceholderConfigurer) is defined - 
it’s either the default one in CAS which looks for the properties file in the 
WAR’s class path, or the one you redefine with whatever properties resource 
location you choose. I think it’s possible to have a complex PPC definition to 
combine 2 (or more) locations, but I personally don’t see the benefit for such 
complexity.

Best,
Dmitriy.


On Jun 13, 2014, at 9:26 AM, Scott Battaglia  wrote:

> No, its not easy to understand.  You overwrote where it would look for the 
> file but you're still expecting it to find the file.  If you want CAS to 
> still leverage the default file, you should have your property configurer 
> reference both.
> 
> I can't speak for how Unicon defines their overlay.  You'll have to let one 
> of them chime into this thread. (they're usually really good about responding)
> 
> 
> On Fri, Jun 13, 2014 at 9:20 AM, Zac Harvey  wrote:
> Thanks again Scott,
> 
>  
> 
> But it’s easy to understand why I’m expecting CAS to behave the way I do.
> 
>  
> 
> Take a look at:
> 
>  
> 
> https://github.com/Unicon/unicon-cas-overlay/blob/master/src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml
> 
>  
> 
> That project says “Hey CAS, look on the file system for 
> /etc/cas/cas.properties.”  Then, at:
> 
>  
> 
> https://github.com/Unicon/unicon-cas-overlay/blob/master/etc/cas.properties
> 
>  
> 
> In that cas.properties files, several of the properties that exist at the 
> link you sent me 
> (https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml)
>  aren’t defined.
> 
>  
> 
> So again, it’s unclear as to what properties CAS needs by default, and 
> because of that, it’s unclear how CAS supplies its own defaults when the 
> supplied cas.properties file omits them. Thanks again!
> 
>  
> 
> From: Scott Battaglia [mailto:scott.battag...@gmail.com] 
> Sent: Friday, June 13, 2014 9:13 AM
> 
> 
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] CAS: Please confirm cas.properties behavior
> 
>  
> 
> You've re-defined this file:
> 
> https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml
> 
> by creating your own.
> 
>  
> 
> So I don't understand why you think it would still apply those properties if 
> that bean definition no longer exists.
> 
>  
> 
>  
> 
> On Fri, Jun 13, 2014 at 9:07 AM, Zac Harvey  wrote:
> 
> Thanks Scott,
> 
>  
> 
> So can you (or anyone else) confirm that my suspicions about default 
> cas.properties behavior is correct? Also, Scott, is the cas.properties link 
> you reference below simply the minimal props I need to define inside my 
> cas.properties file?
> 
>  
> 
> From: Scott Battaglia [mailto:scott.battag...@gmail.com] 
> Sent: Friday, June 13, 2014 8:02 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] CAS: Please confirm cas.properties behavior
> 
>  
> 
> https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties
> 
>  
> 
> On Fri, Jun 13, 2014 at 7:15 AM, Zac Harvey  wrote:
> 
> I’m seeing some behavior that *appears* to be default CAS behavior, but it’s 
> just not working like I expected and it has me stumped.
> 
>  
> 
> If I create a brand new project directory, and only stick a pom.xml in it 
> (hence using 100% CAS defaults, no overrides or customizations whatsoever) 
> and run “mvn clean package”, I get a cas.war that deploys to Tomcat just fine 
> (using CAS 4.0.0 and Tomcat 7).
> 
>  
> 
> But then I go ahead and add a 
> src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml file, 
> that has the following contents:
> 
>  
> 
>  class=”org.springframework.beans.factory.config.PropertyPlaceholderConfigurer”>
> 
>  value=”true” />
> 
> 
> 
> 
> 
> 
> file:/home/myuser/cas.properties
> 
> 
> 
> 
> 
> 
> 
>  
> 
> And, just to see what happens, I intentionally *do not* put a cas.properties 
> file under /home/myuser.  Now when I run “mvn clean package” and deploy the 
> cas.war to Tomcat, I get all sorts of exceptions in the Tomcat log, 
> complaining about there not being a host.name property specified (which is 
> true since I don’t have a /home/myuser/cas.properties file).
> 
>  
> 
> I *expected* CAS to look for /home/myuser/cas.properties and, if it can’t be 
> found, to use the same defaults that were applied befor

Re: [cas-user] CAS: Broken webflow on failed authentication on 4.0.0?

2014-06-27 Thread Dmitriy Kopylenko 
Here’s some insight into this req-resp - on the second HTTP POST with correct 
credentials, HTTP 302 is returned and browser simply re-issues GET to the 
/login resource:

Remote Address:75.101.143.131:80
Request URL:http://mycas.commercehub.cloudbees.net/login
Request Method:POST
Status Code:302 Found

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,ru;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:137
Content-Type:application/x-www-form-urlencoded
Cookie:JSESSIONID=9E5C40753758BC75CDC6A9FE5344FD28
Host:mycas.commercehub.cloudbees.net
Origin:http://mycas.commercehub.cloudbees.net
Referer:http://mycas.commercehub.cloudbees.net/login;jsessionid=9E5C40753758BC75CDC6A9FE5344FD28
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

username:dummy
password:12345
lt:LT-124-z9dnswJnrDmWWEpWVDTJJsZgusHyD9-localsso.example.com
execution:e1s2
_eventId:submit
submit:SIGN IN
Response Headersview source
Cache-Control:no-cache
Cache-Control:no-store
Connection:keep-alive
Content-Length:0
Date:Fri, 27 Jun 2014 18:04:04 GMT
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Location:http://mycas.commercehub.cloudbees.net/login
Pragma:no-cache
Server:nginx/1.4.2 

Browser culprit? Nginx webserver culprit? No culprit?

Cheers,
Dmitriy.

On Jun 27, 2014, at 1:22 PM, Zac Harvey  wrote:

> I am on CAS 4.0.0 and am experiencing what I *believe* is a bug in the login 
> webflow.  To see this yourself:
>  
> 1.  Go to http://mycas.commercehub.cloudbees.net/login (my DEV/dummy CAS 
> server).
> 2.  Enter username of “dummy”
> 3.  Enter password of “abc” and hit [ENTER] or slick the “Sign In” button
> 4.  You’ll get an error: “The username or password that you supplied is 
> incorrect.” (the password is bad)
> 5.  Re-enter the correct password: “12345”
> 6.  The login form resets!  Both username and password clear, whereas it 
> should have logged you in
> 7.  Re-enter username/password with correct values (“dummy”/”12345” without 
> the quotes of course)
> 8.  About 50% of the time it will allow you to login, and about 50% of the 
> time it will just reset the login form again.  If this happens, it will never 
> log you in; every time you login with good credentials it will just do a form 
> reset.  The only way to fix this is to hit F5 (page refresh), and you can 
> then login with success.
>  
> This happens in all browsers and does not happen unless your logins fail.  
> Anybody know why this could be happening?  Thanks in advance!
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS: Broken webflow on failed authentication on 4.0.0?

2014-06-27 Thread Dmitriy Kopylenko 
Have you tried to reproduce it in the locally deployed let’s say standalone 
Tomcat instance?

D.

On Jun 27, 2014, at 2:23 PM, Zac Harvey  wrote:

> Thanks Dmitriy, however:
>  
> Browser culprit?
> I can reproduce this in *any* browser, although it seems more difficult to 
> reproduce in Chrome.
>  
> Nginx culprit?
> The link (http://mycas.commercehub.cloudbees.net/login) is my CAS server 
> running on the CloudBees PaaS.  I put it up there so the CAS community could 
> actually reproduce what I’m seeing.  Normally, this app is hosted from inside 
> my org’s internal network and is not publicly available.  As far as I know 
> our data center/infrastructure does not use Nginx at all.  And I’m 100% sure 
> that CloudBees has a much different infrastructure stack than what we use!  
> So this is a problem that transpires network stack/topology/technologies and 
> is definitely a problem with CAS itself.
>  
> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
> Sent: Friday, June 27, 2014 2:16 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] CAS: Broken webflow on failed authentication on 4.0.0?
>  
> Here’s some insight into this req-resp - on the second HTTP POST with correct 
> credentials, HTTP 302 is returned and browser simply re-issues GET to the 
> /login resource:
>  
> Remote Address:75.101.143.131:80
> Request URL:http://mycas.commercehub.cloudbees.net/login
> Request Method:POST
> Status Code:302 Found
>  
> Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Accept-Encoding:gzip,deflate,sdch
> Accept-Language:en-US,en;q=0.8,ru;q=0.6
> Cache-Control:max-age=0
> Connection:keep-alive
> Content-Length:137
> Content-Type:application/x-www-form-urlencoded
> Cookie:JSESSIONID=9E5C40753758BC75CDC6A9FE5344FD28
> Host:mycas.commercehub.cloudbees.net
> Origin:http://mycas.commercehub.cloudbees.net
> Referer:http://mycas.commercehub.cloudbees.net/login;jsessionid=9E5C40753758BC75CDC6A9FE5344FD28
> User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 
> (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
>  
> username:dummy
> password:12345
> lt:LT-124-z9dnswJnrDmWWEpWVDTJJsZgusHyD9-localsso.example.com
> execution:e1s2
> _eventId:submit
> submit:SIGN IN
> Response Headersview source
> Cache-Control:no-cache
> Cache-Control:no-store
> Connection:keep-alive
> Content-Length:0
> Date:Fri, 27 Jun 2014 18:04:04 GMT
> Expires:Thu, 01 Jan 1970 00:00:00 GMT
> Location:http://mycas.commercehub.cloudbees.net/login
> Pragma:no-cache
> Server:nginx/1.4.2 
>  
> Browser culprit? Nginx webserver culprit? No culprit?
>  
> Cheers,
> Dmitriy.
>  
> On Jun 27, 2014, at 1:22 PM, Zac Harvey  wrote:
> 
> 
> I am on CAS 4.0.0 and am experiencing what I *believe* is a bug in the login 
> webflow.  To see this yourself:
>  
> 1.  Go to http://mycas.commercehub.cloudbees.net/login (my DEV/dummy CAS 
> server).
> 2.  Enter username of “dummy”
> 3.  Enter password of “abc” and hit [ENTER] or slick the “Sign In” button
> 4.  You’ll get an error: “The username or password that you supplied is 
> incorrect.” (the password is bad)
> 5.  Re-enter the correct password: “12345”
> 6.  The login form resets!  Both username and password clear, whereas it 
> should have logged you in
> 7.  Re-enter username/password with correct values (“dummy”/”12345” without 
> the quotes of course)
> 8.  About 50% of the time it will allow you to login, and about 50% of the 
> time it will just reset the login form again.  If this happens, it will never 
> log you in; every time you login with good credentials it will just do a form 
> reset.  The only way to fix this is to hit F5 (page refresh), and you can 
> then login with success.
>  
> This happens in all browsers and does not happen unless your logins fail.  
> Anybody know why this could be happening?  Thanks in advance!
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> zhar...@commercehub.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

  1   2   3   >