date:20161021

Re: [cas-user] Regarding JWT and CAS Server

2016-10-21 Thread Ajay Madhavan

Sorry my bad. I did not understand what you meant initially.

I was able to make the pac 4j work on my webapp. Also I was able to work on
the suggestion you provided as to use the CAS identity but use JWTGenerator
for the JWT instead of service tickets.

As far as validation, I think I will move to JWT validation rather than cas
ticket validation.

Your piece of advice was extremely helpful.

Regards
Ajay

On Thu, Oct 20, 2016 at 11:09 PM, Jérôme LELEU  wrote:

> Hi,
>
> "pac4j needs cas-server-core 4.0.0": how do you see that?
>
> Thanks.
> Best regards,
> Jérôme
>
>
> 2016-10-21 1:05 GMT+02:00 Ajay Madhavan :
>
>> Hi Jerome,
>>
>> I see that pac4j needs cas-server-core 4.0.0. But I use cas-server-core
>> 3.5.2.1. Is it compatible with that?
>>
>> Regards
>> Ajay
>>
>> On Tue, Oct 18, 2016 at 8:30 AM, Ajay Madhavan 
>> wrote:
>>
>>> Hi Jerome,
>>>
>>> Thanks for your response. Where do I plugin this controller to replace
>>> the original ticket generation inside CAS??
>>>
>>> Regards
>>> Ajay
>>>
>>> On Tue, Oct 18, 2016 at 1:08 AM, Jérôme LELEU  wrote:
>>>
 Hi,

 We already generate JWTs for the OpenID Connect protocol so for sure,
 it's feasible.
 For example, you can create some controller to return a JWT generated
 by pac4j based on the CAS user identity. Replacing the service ticket
 validation by a returned JWT would be more work.
 Thanks.
 Best regards,
 Jérôme


 2016-10-18 6:33 GMT+02:00 Ajay Madhavan :

> I want to use the cas server to authenticate since it gives me good
> integration with radius and AD. I would like to generate a JWT instead of 
> a
> service ticket. Do you think that will be possible? Do you think it would
> be possible to just add the JSON web Token generator inside CAS to 
> generate
> a token after authentication in the required format?
>
> Thanks
> Ajay
>
> --
> CAS gitter chatroom: https://gitter.im/apereo/cas
> CAS mailing list guidelines: https://apereo.github.io/cas/M
> ailing-Lists.html
> CAS documentation website: https://apereo.github.io/cas
> CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/ap
> ereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANF
> zPuKkswNvQdo%3DYB9T7WrH0bj9MF9tBjN1jMS3%3DTbb28JVCg%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/a/ap
> ereo.org/d/optout.
>


>>>
>>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANFzPuLK1pLFJmS04onk0rbE_Xz-EbjHKVSzY%3DpFwtBSsjzeRg%40mail.gmail.com.

Re: [cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Andrew Morgan


On Fri, 21 Oct 2016, Yan Zhou wrote:


OK, thx for explanation.

I cannot see any TGC cookie in my browser.  Why is that?  If it is not
there, how does Browser send to CAS server?


You could try running something like Firefox's Live HTTP Headers add-on to 
view the headers sent and received when you interact with CAS.


Andy

Re: [cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Yan Zhou

OK, thx for explanation.

I cannot see any TGC cookie in my browser.  Why is that?  If it is not
there, how does Browser send to CAS server?

Yan

On Fri, Oct 21, 2016 at 5:47 PM, Andrew Morgan  wrote:

> On Fri, 21 Oct 2016, Yan Zhou wrote:
>
> Hello,
>>
>> It was said that the TGT cookie (TGC) is hidden, so that we won't see it.
>>
>> I am curious how browser can send such hidden cookie to CAS, when user
>> goes
>> to apps?  If browser can see it, there should be a way for us to see it.
>>
>> The reason I am asking is because I noticed that Ajax XhrRequest does not
>> seem to send TGC cookie in some circumstances, so I need to investigate.
>>
>
> The TGC is set by the CAS server using the domain of the CAS server.  For
> example, my CAS server is at https://login.oregonstate.edu/cas/ and the
> TGC has a domain of "login.oregonstate.edu" and a path of "/cas".  The
> browser will only send the cookie to the CAS, not the CAS client.
>
> The TGC persists the SSO session.  It is not used by client applications.
> They receive a Service Ticket (ST) appended to the URL and validate the ST
> by calling CAS's /serviceValidate endpoint.
>
> A more complete description of this can be found at:
>
>   https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html
>
> Thanks,
> Andy
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFSoZendeDth%3D1WW%3DS3c%2BR_6Gdw99pX%2Bn32gmpRAuBJz0Xfupg%40mail.gmail.com.

Re: [cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Andrew Morgan


On Fri, 21 Oct 2016, Yan Zhou wrote:


Hello,

It was said that the TGT cookie (TGC) is hidden, so that we won't see it.

I am curious how browser can send such hidden cookie to CAS, when user goes
to apps?  If browser can see it, there should be a way for us to see it.

The reason I am asking is because I noticed that Ajax XhrRequest does not
seem to send TGC cookie in some circumstances, so I need to investigate.


The TGC is set by the CAS server using the domain of the CAS server.  For 
example, my CAS server is at https://login.oregonstate.edu/cas/ and the 
TGC has a domain of "login.oregonstate.edu" and a path of "/cas".  The 
browser will only send the cookie to the CAS, not the CAS client.


The TGC persists the SSO session.  It is not used by client applications. 
They receive a Service Ticket (ST) appended to the URL and validate the ST 
by calling CAS's /serviceValidate endpoint.


A more complete description of this can be found at:

  https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html

Thanks,
Andy

[cas-user] where is CAS TGC cookie stored in brower?

2016-10-21 Thread Yan Zhou

Hello,

It was said that the TGT cookie (TGC) is hidden, so that we won't see it. 

I am curious how browser can send such hidden cookie to CAS, when user goes 
to apps?  If browser can see it, there should be a way for us to see it. 

The reason I am asking is because I noticed that Ajax XhrRequest does not 
seem to send TGC cookie in some circumstances, so I need to investigate.

Thx!

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0d6acb1-cd01-45e0-9f7e-8cd30993c742%40apereo.org.

[cas-user] CAS 5.0.0 RC4-SNAPSHOT - Customize JBDC query with more than the username

2016-10-21 Thread Erdal Gunyar

Hi all,

Does anyone know if it is possible to customize the query of either the
JDBC authentication or te JDBC attribute repository with the callback URL?

The idea behind being to return different result depending on the site
which called CAS server.

I didn't see anything related to that, so maybe it's far from a best
practice...

Thanks,

*Erdal.*

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFCWW1ywHsnyRa%3DNTdHxGAGgq4qrwkYsTyCG6d%3DJ7hM3kvDNJQ%40mail.gmail.com.

[cas-user] Re: Installation/Configuration CAS 4.2.6 LDAP

2016-10-21 Thread Sebastian Wilde

Now i looked into the log of Active Directory and the manager logged in.

But every user i typed into the cas login won't be login and there is no 
entry in the log of AD.

In my opinion, Cas don't verified the user to the ad only to the text file.

Is there anyone, who can help me?

Thanks.

Am Freitag, 21. Oktober 2016 10:30:38 UTC+2 schrieb Sebastian Wilde:
>
> Hello everybody,
>
> i think it's a very easy question for you, but i'm dispairing.
>
> I want to install cas Version 4.2.6 with LDAP Authentication.
>
> So i downloaded the Overlay from this site: 
> https://github.com/apereo/cas-overlay-template and created the war file.
>
> Everything is working fine and i can login with casuser/Mellon.
>
> In the next step i wanted to add the LDAP Authentication and take this 
> site: 
> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html.
>
> I've included the dependency to the pom.xml of the War Overlay.
>
> Then i downloaded the source code from: 
> https://github.com/apereo/cas/archive/v4.2.6.zip and copied the 
> deployerConfigConext.xml from cas-server-webapp to the WEB-INF of the 
> Overlay.
>
> But in most scenarios i get error that there couldn't be created beans.
>
> Only in one scenario everything looks good on first sight, but then i 
> can't login with LDAP Users, but the login with casuser/Mellon works fine.
>
> I hope there is someone, who can help me.
>
> Thanks a lot for your help.
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7efa297f-6509-4860-882c-cd76bd8d804c%40apereo.org.

[cas-user] Installation/Configuration CAS 4.2.6 LDAP

2016-10-21 Thread Sebastian Wilde

Hello everybody,

i think it's a very easy question for you, but i'm dispairing.

I want to install cas Version 4.2.6 with LDAP Authentication.

So i downloaded the Overlay from this site: 
https://github.com/apereo/cas-overlay-template and created the war file.

Everything is working fine and i can login with casuser/Mellon.

In the next step i wanted to add the LDAP Authentication and take this 
site: 
https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html.

I've included the dependency to the pom.xml of the War Overlay.

Then i downloaded the source code from: 
https://github.com/apereo/cas/archive/v4.2.6.zip and copied the 
deployerConfigConext.xml from cas-server-webapp to the WEB-INF of the 
Overlay.

But in most scenarios i get error that there couldn't be created beans.

Only in one scenario everything looks good on first sight, but then i can't 
login with LDAP Users, but the login with casuser/Mellon works fine.

I hope there is someone, who can help me.

Thanks a lot for your help.

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f894f2ea-8318-4e8e-98e8-d4200b6e181c%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
2016-10-19 16:43:49,416 INFO 
[org.jasig.cas.services.DefaultServicesManagerImpl] - 
2016-10-19 16:43:50,798 INFO 
[org.jasig.cas.services.DefaultServicesManagerImpl] - 
2016-10-19 16:43:59,398 INFO 
[org.jasig.cas.ticket.registry.TicketRegistryCleaner] - 
2016-10-19 16:43:59,400 INFO 
[org.jasig.cas.ticket.registry.TicketRegistryCleaner] - 
2016-10-19 16:44:00,185 WARN [org.jasig.cas.util.WebflowCipherExecutor] - 

2016-10-19 16:44:00,273 WARN [org.jasig.cas.util.WebflowCipherExecutor] - 

2016-10-19 16:44:00,274 WARN [org.jasig.cas.util.WebflowCipherExecutor] - 
2016-10-19 16:44:00,289 WARN [org.jasig.cas.util.WebflowCipherExecutor] - 

2016-10-19 16:44:01,738 WARN [org.jasig.cas.util.TGCCipherExecutor] - 
2016-10-19 16:44:01,745 WARN [org.jasig.cas.util.TGCCipherExecutor] - 

2016-10-19 16:44:01,745 WARN [org.jasig.cas.util.TGCCipherExecutor] - 
2016-10-19 16:44:01,746 WARN [org.jasig.cas.util.TGCCipherExecutor] - 

2016-10-19 16:44:03,565 WARN [org.jasig.cas.util.NoOpCipherExecutor] - 
<[org.jasig.cas.util.NoOpCipherExecutor] does no encryption and may NOT be safe 
in a production environment. Consider using other choices, such as 
[org.jasig.cas.util.BaseStringCipherExecutor] that handle encryption, signing 
and verification of all appropriate values.>
2016-10-19 16:44:05,837 DEBUG [org.ldaptive.pool.BlockingConnectionPool] - 
ldap://***:389,
 connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, 
useStartTLS=false, 
connectionInitializer=[org.ldaptive.BindConnectionInitializer@622039081::bindDn=**,
 bindSaslConfig=null, bindControls=null]]], initialized=false, 
availableCount=0, activeCount=0]>
2016-10-19 16:44:06,122 DEBUG [org.ldaptive.pool.BlockingConnectionPool] - 
= 1 for 
[org.ldaptive.pool.BlockingConnectionPool@1440044218::name=search-pool, 
poolConfig=[org.ldaptive.pool.PoolConfig@1520351801::minPoolSize=1, 
maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=false, 
validatePeriodically=true, validatePeriod=300], activator=null, 
passivator=null, 
validator=[org.ldaptive.pool.SearchValidator@2048515752::searchRequest=[org.ldaptive.SearchRequest@-608136577::baseDn=,
 searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*), 
parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=0, 
sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null, 
sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null, 
controls=null, referralHandler=null, intermediateResponseHandlers=null]] 
pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy@1882103694::prunePeriod=300, 
idleTime=600], connectOnCreate=true, 
connectionFactory=[org.ldaptive.DefaultConnectionFactory@184368::provider=org.ldaptive.provider.jndi.JndiProvider@5ec79860,
 
config=[org.ldaptive.ConnectionConfig@566606192::ldapUrl=ldap://:389,
 connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, 
useStartTLS=false, 
connectionInitializer=[org.ldaptive.BindConnectionInitializer@622039081::bindDn=**,
 bindSaslConfig=null, bindControls=null]]], initialized=false, 
availab

[cas-user] Mailing lists: lags and blockages

2016-10-21 Thread Misagh Moayyed

I have noticed that a number of messages posted to CAS mailing lists get tagged 
as pending/blocked by google. It’s not immediately obvious why but I am keeping 
an eye to see if I can find a pattern. If you find that your messages are not 
reaching the lists, please contact the project. 

As always, please be mindful of the mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html 

Happy Friday. 

-- 
Misagh

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5809cd37.4bfeaaf4.122ea%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Regarding JWT and CAS Server

2016-10-21 Thread Ajay Madhavan

Hi Jerome,

I see that pac4j needs cas-server-core 4.0.0. But I use cas-server-core
3.5.2.1. Is it compatible with that?

Regards
Ajay

On Tue, Oct 18, 2016 at 8:30 AM, Ajay Madhavan  wrote:

> Hi Jerome,
>
> Thanks for your response. Where do I plugin this controller to replace the
> original ticket generation inside CAS??
>
> Regards
> Ajay
>
> On Tue, Oct 18, 2016 at 1:08 AM, Jérôme LELEU  wrote:
>
>> Hi,
>>
>> We already generate JWTs for the OpenID Connect protocol so for sure,
>> it's feasible.
>> For example, you can create some controller to return a JWT generated by
>> pac4j based on the CAS user identity. Replacing the service ticket
>> validation by a returned JWT would be more work.
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> 2016-10-18 6:33 GMT+02:00 Ajay Madhavan :
>>
>>> I want to use the cas server to authenticate since it gives me good
>>> integration with radius and AD. I would like to generate a JWT instead of a
>>> service ticket. Do you think that will be possible? Do you think it would
>>> be possible to just add the JSON web Token generator inside CAS to generate
>>> a token after authentication in the required format?
>>>
>>> Thanks
>>> Ajay
>>>
>>> --
>>> CAS gitter chatroom: https://gitter.im/apereo/cas
>>> CAS mailing list guidelines: https://apereo.github.io/cas/M
>>> ailing-Lists.html
>>> CAS documentation website: https://apereo.github.io/cas
>>> CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To post to this group, send email to cas-user@apereo.org.
>>> Visit this group at https://groups.google.com/a/ap
>>> ereo.org/group/cas-user/.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/CANFzPuKkswNvQdo%3DYB9T7WrH0bj9MF9
>>> tBjN1jMS3%3DTbb28JVCg%40mail.gmail.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>>
>>
>>
>

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANFzPu%2BOpcgW82dAc_VDjVGKP186sGg1Zvb_uABMrPjXL1op9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] How CAS protect server side API in separate apps?

2016-10-21 Thread Ray Bon

Yan,

If xyzservice needs to know who the user is, then clearpass is an
option, https://apereo.github.io/cas/4.2.x/integration/ClearPass.html.

Ray

On 2016-10-20 09:28, Yan Zhou wrote:
>
> Hi 
>
>  
>
> We have CAS 4.1.x overlay. We have one webapp and one backend
> services. Two different WAR files, both apps are casified.
>
>  
>
> Webapp runs at localhost:8080/myapp, backend service runs at
> localhost:8080/xyzservice  (same domain).
>
>  
>
> After user login successfully into /myapp, its AngularJS code makes
> XhrRequest call, it does HTTP GET on  
> /localhost:8080/xyzservice/protected/simple.html
>
>  
>
> I am getting CAS login page in javascript response code when
> XhrRequest call is made. However, if I use browser and navigate to
> /localhost:8080/xyzservice/protected/simple.html,  that works fine.
>
>  
>
> My guess is that 
>
>
> 1) in browser scenario, CAS tells browser to redirect to CAS login
> page via 302.  And, when browser GETs the CAS login page, it will send
> the SSO TGT in the cookie.  Everything else follows.
>
>
> 2) in XhrRequest, CAS returns 200 with CAS login page. The XhrRequest
> does not know how to process the HTML login page and it fails.
>
>
> What do I need to do, so that when XhrRequest is made by a user that
> is already authenticated, it will work just like browser scenario?
>
>
> Thx!
>
> Yan
>
> -- 
> CAS gitter chatroom: https://gitter.im/apereo/cas
> CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> CAS documentation website: https://apereo.github.io/cas
> CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+unsubscr...@apereo.org
> .
> To post to this group, send email to cas-user@apereo.org
> .
> Visit this group at
> https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0521f18c-058a-472e-8ea0-89baf1ee2bec%40apereo.org
> .
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE C017 | r...@uvic.ca

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a257564-bb4a-5573-b26f-b87fb3947770%40uvic.ca.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Re: Cas client fails to communicate in TLS mode

2016-10-21 Thread Guru Prashanth Thanakodi

Attaching the stack trace of the failure.

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: 
handshake_failure
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 

[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
[rt.jar:1.7.0_79]
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
Source) 

[rt.jar:1.7.0_79]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown 
Source) 

[rt.jar:1.7.0_79]
at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown 
Source) 

[rt.jar:1.7.0_79]
at 
org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer

(Saml11TicketValidator.java:216) [cas-client-core-3.2.1.jar:3.2.1]



On Friday, 21 October 2016 12:32:49 UTC+5:30, Guru Prashanth Thanakodi 
wrote:
>
> Hi All
>
> We have CAS 3.4.11 deployed on Apache Tomcat 7. Our Application is 
> deployed on JBOSS 7.1.
>
> If we disable the TLS 1.0 communication in JASIG CAS Sever(Apache Tomcat) 
> , We are unable to login.
>
> Here is the stack trace
>
>
>
> Thanks,
> Guru
>
>
>

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/baafd574-9319-4c55-8f08-536b8ca21705%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: 
handshake_failure
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown 
Source) [jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
[jsse.jar:1.7.0_79]
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
[rt.jar:1.7.0_79]
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
Source) [rt.jar:1.7.0_79]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown 
Source) [rt.jar:1.7.0_79]
at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown 
Source) [rt.jar:1.7.0_79]
at 
org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:216)
 [cas-client-core-3.2.1.jar:3.2.1]
... 37 more

[cas-user] Cas client fails to communicate in TLS mode

2016-10-21 Thread Guru Prashanth Thanakodi

Hi All

We have CAS 3.4.11 deployed on Apache Tomcat 7. Our Application is deployed
on JBOSS 7.1.

If we disable the TLS 1.0 communication in JASIG CAS Sever(Apache Tomcat) ,
We are unable to login.

Here is the stack trace



Thanks,
Guru

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJPPnqCY1KzK1FX89C76VxnD7K4vPRKa%3D%2B%3DDQYfTq4xsWpSbLg%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Regarding JWT and CAS Server

Re: [cas-user] where is CAS TGC cookie stored in brower?

Re: [cas-user] where is CAS TGC cookie stored in brower?

Re: [cas-user] where is CAS TGC cookie stored in brower?

[cas-user] where is CAS TGC cookie stored in brower?

[cas-user] CAS 5.0.0 RC4-SNAPSHOT - Customize JBDC query with more than the username

[cas-user] Re: Installation/Configuration CAS 4.2.6 LDAP

[cas-user] Installation/Configuration CAS 4.2.6 LDAP

[cas-user] Mailing lists: lags and blockages

Re: [cas-user] Regarding JWT and CAS Server

Re: [cas-user] How CAS protect server side API in separate apps?

[cas-user] Re: Cas client fails to communicate in TLS mode

[cas-user] Cas client fails to communicate in TLS mode

13 matches

Site Navigation

Mail list logo

Footer information