Re: [cas-user] Protect Services Management Webapp with LDAP

2016-03-29 Thread Misagh Moayyed 
Updated. You should see the new version show up in about 30 minutes or so. 

-- 
Misagh

From: Misagh Moayyed 
Reply: Misagh Moayyed 
Date: March 29, 2016 at 11:53:54 AM
To: cas-user@apereo.org 
Subject:  Re: [cas-user] Protect Services Management Webapp with LDAP  

Understood. Thanks. The docs are incorrect in this case; looks like they have 
not been updated. I’ll take a pass and post back. Sorry about this. 

-- 
Misagh

From: Travis Schmidt 
Reply: Travis Schmidt 
Date: March 29, 2016 at 11:28:27 AM
To: Misagh Moayyed , cas-user@apereo.org 

Subject:  Re: [cas-user] Protect Services Management Webapp with LDAP

We would like to look up the authenticated user in LDAP to check they are part 
of the the ADMIN group, to key off of if they are authorized to access the 
Services Management Webapp.  We assumed that is what the LDAP snippet was doing 
that is in the guide.

Thanks
Travis

On Tue, Mar 29, 2016 at 11:11 AM Misagh Moayyed  wrote:


Trying to replace the user-details.properties method of authentication by 
getting the user role from LDAP.  Trying to follow the instructions found here

https://jasig.github.io/cas/4.2.x/installation/Installing-ServicesMgmt-Webapp.html

This doesn't seem to be complete though.  I am assuming the reference to 
deployerConfigContext, is really meant to be managementConfigContext.  
Yes that looks like a typo, assuming you’re referring to the LDAP config. 

Also it seems there needs to be another step needed to wire up.  Do we need to 
replace the "authorizationGenerator" for pac4j config?   Do we need to replace 
the pac4j in securityContext.xml completely with soemthing else?
Are you trying to configure a static list of users via that file or, provide 
LDAP access, or something else? 



I appreciate any help or hints in the right direction to get this going.

Thanks
Travis
--
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Re: [cas-user] Protect Services Management Webapp with LDAP

2016-03-29 Thread Travis Schmidt 
We would like to look up the authenticated user in LDAP to check they are
part of the the ADMIN group, to key off of if they are authorized to access
the Services Management Webapp.  We assumed that is what the LDAP snippet
was doing that is in the guide.

Thanks
Travis

On Tue, Mar 29, 2016 at 11:11 AM Misagh Moayyed  wrote:

>
>
> Trying to replace the user-details.properties method of authentication by
> getting the user role from LDAP.  Trying to follow the instructions found
> here
>
>
> https://jasig.github.io/cas/4.2.x/installation/Installing-ServicesMgmt-Webapp.html
>
> This doesn't seem to be complete though.  I am assuming the reference to
> deployerConfigContext, is really meant to be managementConfigContext.
>
> Yes that looks like a typo, assuming you’re referring to the LDAP config.
>
> Also it seems there needs to be another step needed to wire up.  Do we
> need to replace the "authorizationGenerator" for pac4j config?   Do we need
> to replace the pac4j in securityContext.xml completely with soemthing else?
>
> Are you trying to configure a static list of users via that file or,
> provide LDAP access, or something else?
>
>
>
> I appreciate any help or hints in the right direction to get this going.
>
> Thanks
> Travis
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Re: [cas-user] Protect Services Management Webapp with LDAP

2016-03-29 Thread Misagh Moayyed 


Trying to replace the user-details.properties method of authentication by 
getting the user role from LDAP.  Trying to follow the instructions found here

https://jasig.github.io/cas/4.2.x/installation/Installing-ServicesMgmt-Webapp.html

This doesn't seem to be complete though.  I am assuming the reference to 
deployerConfigContext, is really meant to be managementConfigContext.  
Yes that looks like a typo, assuming you’re referring to the LDAP config. 

Also it seems there needs to be another step needed to wire up.  Do we need to 
replace the "authorizationGenerator" for pac4j config?   Do we need to replace 
the pac4j in securityContext.xml completely with soemthing else?
Are you trying to configure a static list of users via that file or, provide 
LDAP access, or something else? 



I appreciate any help or hints in the right direction to get this going.

Thanks
Travis
--
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Re: [cas-user] Figred out, support theme in subflow

2016-03-29 Thread Misagh Moayyed 
Sounds about right. 

-- 
Misagh

From: Yan Zhou 
Reply: Yan Zhou 
Date: March 29, 2016 at 8:16:28 AM
To: CAS Community 
CC: Yan Zhou 
Subject:  [cas-user] Figred out, support theme in subflow  

Hi there, 

I want to define a subflow in CAS' main login flow to reset user password.  The 
reason I want to define it as a subflow is because I do not want the URL to 
change in browser.  And, after user completes password change, and login 
successfully, he should be redirected to the original URL (in the application) 
that he was trying to go to in the first place. 

I noticed a problem, while the main flow shows theme UI correctly, the subflow 
always goes back to the default theme.  It turns out that "service" is a 
flowScope attribute, therefore, subflow does not see it.

    public static WebApplicationService getService(final RequestContext 
context) {
        return context != null ? (WebApplicationService) 
context.getFlowScope().get("service") : null;
    }


What I did is to manually pass flowScope.service from parent flow into the 
subflow.   See below.

Does that sound correct?  Any better suggestion?


in the main login parent flow




    

in the child change password flow


   

                 



Thanks,
Yan
--
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

[cas-user] Re: [cas-dev] licence and configuration

2016-03-29 Thread Misagh Moayyed 

I have a question, I'm trying to open the project with eclipse to customize 
CAS, but when I am trying to import the project, it ask me a license: a plugin 
maven-license-plugin: 1.9.0: check (1 errors). 
And what is the error?

If you’re following the overlay instructions, you should not ever see anything 
like that. If you are not following the overlay instructions, you’re doing this 
wrong. You should be following the overlay instructions.

How I can get a license? 
There is no license to get. Is this the plugin? 
http://www.mojohaus.org/license-maven-plugin/ 

You’re likely missing headers somewhere for a file you have added, or you’re 
not using the right plugin, or it’s an eclipse issue.

How much is a license? 
CAS is under Apache v2 license. Unless they have changed the license overnight, 
there is no cost. 

It allows me to download CAS 4.0.1 source with their java classes in the src 
file? 
What does?

Since the version 3.5, the src folder has java classes (.java) but in version 
4.0.1 "cas-server-webapp \ src" has only classes (.class).
Yes, all true.



Thanks
--
You received this message because you are subscribed to the Google Groups "CAS 
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-dev+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

[cas-user] Figred out, support theme in subflow

2016-03-29 Thread Yan Zhou 
Hi there, 

I want to define a subflow in CAS' main login flow to reset user password. 
 The reason I want to define it as a subflow is because I do not want the 
URL to change in browser.  And, after user completes password change, and 
login successfully, he should be redirected to the original URL (in the 
application) that he was trying to go to in the first place. 

I noticed a problem, while the main flow shows theme UI correctly, the 
subflow always goes back to the default theme.  It turns out that "service" 
is a flowScope attribute, therefore, subflow does not see it.

public static WebApplicationService getService(final RequestContext 
context) {
return context != null ? (WebApplicationService) 
context.getFlowScope().get("service") : null;
}


What I did is to manually pass flowScope.service from parent flow into the 
subflow.   See below.

Does that sound correct?  Any better suggestion?


in the main login parent flow






in the child change password flow


   

 



Thanks,
Yan

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Re: [cas-user] Custom OAuth Protected Service

2016-03-29 Thread Uwe Wolfinger 
Thank you very much for the quick response.

So if i have a custom webapp, this means that i have to write my own 
controller that extends BaseOAuthWrapperController. Will this work in a 
standalone app, or has this controller to reside within the cas.war? Are 
there any plans to provide a servlet filter (like 
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter) 
for this kind of authentication?

Another question concerns the access_token expiration: what is the 
expiration time of this ticket (the same as the normal cas ticket?) and is 
there a service, where i can refresh the access_token?

Kind regards,
Uwe

Am Dienstag, 29. März 2016 15:24:48 UTC+2 schrieb leleuj:
>
> Hi,
>
> Yes, /oauth2.0/profile is the only OAuth url, protected by access tokens. 
> The /oauth2.0/authorize is the endpoint to call to start the authorization 
> (/ authentication) process and get an access token.
> Then, you need to implement the check on the access token like it's done 
> in the 
> https://github.com/Jasig/cas/blob/4.2.x/cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20ProfileController.java
>
> Thanks.
> Best regards,
> Jérôme
>
>
>
> 2016-03-29 15:17 GMT+02:00 Uwe Wolfinger  >:
>
>> i have just installed cas version 4.2.0 with a ldap backend. Login works 
>> fine, now i tried to get the oauth system working, but unfortunately i got 
>> stuck.
>>
>> what i did so for:
>> - enabled the oauth server mode
>> - i am able to get an access_token but now the question is, how to use 
>> this access token.
>>
>> My goal would be to write a custom rest service and secure this service 
>> via oauth. So far i can only find the */oauth2.0/profile *service where 
>> i can use the access_token.
>>
>> So my question is, is this the only service that is protected by oauth? 
>> If no, how can i configure a custom service (in a client webapp - as i 
>> would do it as a standard cas client), that ist protected by oauth.
>>
>> Kind Regards,
>> Uwe
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> Visit this group at 
>> https://groups.google.com/a/apereo.org/group/cas-user/.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

[cas-user] Custom OAuth Protected Service

2016-03-29 Thread Uwe Wolfinger 
i have just installed cas version 4.2.0 with a ldap backend. Login works 
fine, now i tried to get the oauth system working, but unfortunately i got 
stuck.

what i did so for:
- enabled the oauth server mode
- i am able to get an access_token but now the question is, how to use this 
access token.

My goal would be to write a custom rest service and secure this service via 
oauth. So far i can only find the */oauth2.0/profile *service where i can 
use the access_token.

So my question is, is this the only service that is protected by oauth? If 
no, how can i configure a custom service (in a client webapp - as i would 
do it as a standard cas client), that ist protected by oauth.

Kind Regards,
Uwe

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.