Re: [cas-user] Protect Services Management Webapp with LDAP
Updated. You should see the new version show up in about 30 minutes or so. -- Misagh From: Misagh MoayyedReply: Misagh Moayyed Date: March 29, 2016 at 11:53:54 AM To: cas-user@apereo.org Subject: Re: [cas-user] Protect Services Management Webapp with LDAP Understood. Thanks. The docs are incorrect in this case; looks like they have not been updated. I’ll take a pass and post back. Sorry about this. -- Misagh From: Travis Schmidt Reply: Travis Schmidt Date: March 29, 2016 at 11:28:27 AM To: Misagh Moayyed , cas-user@apereo.org Subject: Re: [cas-user] Protect Services Management Webapp with LDAP We would like to look up the authenticated user in LDAP to check they are part of the the ADMIN group, to key off of if they are authorized to access the Services Management Webapp. We assumed that is what the LDAP snippet was doing that is in the guide. Thanks Travis On Tue, Mar 29, 2016 at 11:11 AM Misagh Moayyed wrote: Trying to replace the user-details.properties method of authentication by getting the user role from LDAP. Trying to follow the instructions found here https://jasig.github.io/cas/4.2.x/installation/Installing-ServicesMgmt-Webapp.html This doesn't seem to be complete though. I am assuming the reference to deployerConfigContext, is really meant to be managementConfigContext. Yes that looks like a typo, assuming you’re referring to the LDAP config. Also it seems there needs to be another step needed to wire up. Do we need to replace the "authorizationGenerator" for pac4j config? Do we need to replace the pac4j in securityContext.xml completely with soemthing else? Are you trying to configure a static list of users via that file or, provide LDAP access, or something else? I appreciate any help or hints in the right direction to get this going. Thanks Travis -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Re: [cas-user] Protect Services Management Webapp with LDAP
We would like to look up the authenticated user in LDAP to check they are part of the the ADMIN group, to key off of if they are authorized to access the Services Management Webapp. We assumed that is what the LDAP snippet was doing that is in the guide. Thanks Travis On Tue, Mar 29, 2016 at 11:11 AM Misagh Moayyedwrote: > > > Trying to replace the user-details.properties method of authentication by > getting the user role from LDAP. Trying to follow the instructions found > here > > > https://jasig.github.io/cas/4.2.x/installation/Installing-ServicesMgmt-Webapp.html > > This doesn't seem to be complete though. I am assuming the reference to > deployerConfigContext, is really meant to be managementConfigContext. > > Yes that looks like a typo, assuming you’re referring to the LDAP config. > > Also it seems there needs to be another step needed to wire up. Do we > need to replace the "authorizationGenerator" for pac4j config? Do we need > to replace the pac4j in securityContext.xml completely with soemthing else? > > Are you trying to configure a static list of users via that file or, > provide LDAP access, or something else? > > > > I appreciate any help or hints in the right direction to get this going. > > Thanks > Travis > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Re: [cas-user] Protect Services Management Webapp with LDAP
Trying to replace the user-details.properties method of authentication by getting the user role from LDAP. Trying to follow the instructions found here https://jasig.github.io/cas/4.2.x/installation/Installing-ServicesMgmt-Webapp.html This doesn't seem to be complete though. I am assuming the reference to deployerConfigContext, is really meant to be managementConfigContext. Yes that looks like a typo, assuming you’re referring to the LDAP config. Also it seems there needs to be another step needed to wire up. Do we need to replace the "authorizationGenerator" for pac4j config? Do we need to replace the pac4j in securityContext.xml completely with soemthing else? Are you trying to configure a static list of users via that file or, provide LDAP access, or something else? I appreciate any help or hints in the right direction to get this going. Thanks Travis -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Re: [cas-user] Figred out, support theme in subflow
Sounds about right. -- Misagh From: Yan ZhouReply: Yan Zhou Date: March 29, 2016 at 8:16:28 AM To: CAS Community CC: Yan Zhou Subject: [cas-user] Figred out, support theme in subflow Hi there, I want to define a subflow in CAS' main login flow to reset user password. The reason I want to define it as a subflow is because I do not want the URL to change in browser. And, after user completes password change, and login successfully, he should be redirected to the original URL (in the application) that he was trying to go to in the first place. I noticed a problem, while the main flow shows theme UI correctly, the subflow always goes back to the default theme. It turns out that "service" is a flowScope attribute, therefore, subflow does not see it. public static WebApplicationService getService(final RequestContext context) { return context != null ? (WebApplicationService) context.getFlowScope().get("service") : null; } What I did is to manually pass flowScope.service from parent flow into the subflow. See below. Does that sound correct? Any better suggestion? in the main login parent flow in the child change password flow Thanks, Yan -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] Re: [cas-dev] licence and configuration
I have a question, I'm trying to open the project with eclipse to customize CAS, but when I am trying to import the project, it ask me a license: a plugin maven-license-plugin: 1.9.0: check (1 errors). And what is the error? If you’re following the overlay instructions, you should not ever see anything like that. If you are not following the overlay instructions, you’re doing this wrong. You should be following the overlay instructions. How I can get a license? There is no license to get. Is this the plugin? http://www.mojohaus.org/license-maven-plugin/ You’re likely missing headers somewhere for a file you have added, or you’re not using the right plugin, or it’s an eclipse issue. How much is a license? CAS is under Apache v2 license. Unless they have changed the license overnight, there is no cost. It allows me to download CAS 4.0.1 source with their java classes in the src file? What does? Since the version 3.5, the src folder has java classes (.java) but in version 4.0.1 "cas-server-webapp \ src" has only classes (.class). Yes, all true. Thanks -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] Figred out, support theme in subflow
Hi there, I want to define a subflow in CAS' main login flow to reset user password. The reason I want to define it as a subflow is because I do not want the URL to change in browser. And, after user completes password change, and login successfully, he should be redirected to the original URL (in the application) that he was trying to go to in the first place. I noticed a problem, while the main flow shows theme UI correctly, the subflow always goes back to the default theme. It turns out that "service" is a flowScope attribute, therefore, subflow does not see it. public static WebApplicationService getService(final RequestContext context) { return context != null ? (WebApplicationService) context.getFlowScope().get("service") : null; } What I did is to manually pass flowScope.service from parent flow into the subflow. See below. Does that sound correct? Any better suggestion? in the main login parent flow in the child change password flow Thanks, Yan -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Re: [cas-user] Custom OAuth Protected Service
Thank you very much for the quick response. So if i have a custom webapp, this means that i have to write my own controller that extends BaseOAuthWrapperController. Will this work in a standalone app, or has this controller to reside within the cas.war? Are there any plans to provide a servlet filter (like org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter) for this kind of authentication? Another question concerns the access_token expiration: what is the expiration time of this ticket (the same as the normal cas ticket?) and is there a service, where i can refresh the access_token? Kind regards, Uwe Am Dienstag, 29. März 2016 15:24:48 UTC+2 schrieb leleuj: > > Hi, > > Yes, /oauth2.0/profile is the only OAuth url, protected by access tokens. > The /oauth2.0/authorize is the endpoint to call to start the authorization > (/ authentication) process and get an access token. > Then, you need to implement the check on the access token like it's done > in the > https://github.com/Jasig/cas/blob/4.2.x/cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20ProfileController.java > > Thanks. > Best regards, > Jérôme > > > > 2016-03-29 15:17 GMT+02:00 Uwe Wolfinger>: > >> i have just installed cas version 4.2.0 with a ldap backend. Login works >> fine, now i tried to get the oauth system working, but unfortunately i got >> stuck. >> >> what i did so for: >> - enabled the oauth server mode >> - i am able to get an access_token but now the question is, how to use >> this access token. >> >> My goal would be to write a custom rest service and secure this service >> via oauth. So far i can only find the */oauth2.0/profile *service where >> i can use the access_token. >> >> So my question is, is this the only service that is protected by oauth? >> If no, how can i configure a custom service (in a client webapp - as i >> would do it as a standard cas client), that ist protected by oauth. >> >> Kind Regards, >> Uwe >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org . >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] Custom OAuth Protected Service
i have just installed cas version 4.2.0 with a ldap backend. Login works fine, now i tried to get the oauth system working, but unfortunately i got stuck. what i did so for: - enabled the oauth server mode - i am able to get an access_token but now the question is, how to use this access token. My goal would be to write a custom rest service and secure this service via oauth. So far i can only find the */oauth2.0/profile *service where i can use the access_token. So my question is, is this the only service that is protected by oauth? If no, how can i configure a custom service (in a client webapp - as i would do it as a standard cas client), that ist protected by oauth. Kind Regards, Uwe -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.