[cas-user] CAS 5.1 Database Authentication Issue

2017-06-28 Thread Berry 
It's the first time I use CAS, and I aim for Database/LDAP Authentication.
I managed to make the static mode CAS server with https works. (gradle 
overlay template)
Then I tried to add the database authentication support, by adding 

compile "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
to the script file, and add the database connect information to the property 
file.
Accordding to the document, net.sourceforge.jtds.jdbc.Driver is available after 
the rebuild, but it turns out to be "ClassNotFound Exception".
So I just import the dependency manually:
compile group: 'net.sourceforge.jtds', name: 'jtds', version: '1.3.1'
I got a exception: "'principal' cannot be null".
I need a more detailed document to complete the configuration, or at least a 
typical property file.
In the "Database Authentication" section, all lines are with a leading #, I'm 
really confused and don't know what each key-value pair means.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c488954-3a49-4d4f-9672-742101168dea%40apereo.org.

Re: [cas-user] Re: CAS 5.1 Mariadb runtime issues

2017-06-28 Thread Uxío 
How many applications, if it is not asking too much? 

Sent from my iPhone

> On 27 Jun 2017, at 19:33, Richard Frovarp  wrote:
> 
> You can just include your own JDBC driver dependency instead of using the 
> previous version. Not having them is preferable for us as we use the same 
> Tomcat instance for several things and have the JDBC driver central as the 
> MySQL one doesn't like application restarts and leaks. So I had to previously 
> exclude all of the drivers.
> 
>> On 06/27/2017 09:23 AM, 'Iain Workman' via CAS Community wrote:
>> I would also be interested in a solution to this, as I have been 
>> experiencing the same issue.
>> 
>> As an interim solution I forced the application to make use of the 
>> dependency package from the previous version (which has worked without this 
>> error) in the pom.xml
>> ...
>> 
>> org.apereo.cas
>> cas-server-support-jdbc-drivers
>> 5.0.6
>> 
>> ...
>> 
>> 
>> -- 
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6403e8f5-24cb-45a9-92fd-2df2cf883f2b%40apereo.org.
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4918949-280c-7ae9-c1e6-a285557a301b%40ndsu.edu.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/58740D46-BAD1-4B95-9EE4-99016A431309%40madiva.com.

Re: [cas-user] Attempting to connect CAS 5.1 to LDAP and running into cert issues

2017-06-28 Thread Waldbieser, Carl 
Toby,

The issue is that many TLS client libraries expect that the host name used for 
the connection should either match the subject on the certificate, or a subject 
alternative name (SAN) on the certificate.  In your case, "dev-ldap7-1.usd.edu" 
does not match "dev-ldap7-1.636.Directory Server.Sun Microsystems".
Some libraries let you disable host name verification, which might be OK if 
this is a development environment, though I'm not sure how you'd do that in 
this case.

Other options might include:
* Update the certificate on your LDAP service to include a subject or SAN that 
matches the DNS name used to connect.  This is likely the only reasonable 
option in a production environment.
* If it is a DEV environment, you could try running without TLS and just using 
port 389 of your DEV LDAP service can be configured that way.

Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College

- Original Message -
From: "Toby Archer" 
To: "CAS Community" 
Sent: Wednesday, June 28, 2017 3:06:23 PM
Subject: [cas-user] Attempting to connect CAS 5.1 to LDAP and running into cert 
issues

We are currently running CAS 3.5. It took my all of a few seconds to 
realize that upgrading, while I suppose could be an option, is way more 
effort than just reimplementing it. So I've started work on reimplementing 
our arrangement with CAS 5.1. 

I cloned the gradle overlay template repo and got it up and running fairly 
easily on my local machine. Followed the instruction and made a self signed 
keystore and got cas running over https. So far so good. Then I figured 
ldap was next. So far this is my authn configuration

cas.authn.accept.users=
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://dev-ldap7-1.usd.edu
> cas.authn.ldap[0].baseDn=o=usd.edu
> cas.authn.ldap[0].userFilter=uid=%u
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=Directory Manager
> cas.authn.ldap[0].bindCredential=lols you no see password
>
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keyStorePassword=changeit
> cas.authn.ldap[0].name=dev-ldap7-1
>

First line disables the demo auth service, and the rest is supposed to get 
ldap up and running. But when I do I get:

Caused by: java.security.cert.CertificateException: Hostname 
> '[dev-ldap7-1.usd.edu]' does not match the hostname in the server's 
> certificate 'CN=dev-ldap7-1, CN=636, CN=Directory Server, O=Sun 
> Microsystems'
>

This is why I added "cas.authn.ldap[0].name" at the end of the properties 
list there. I was hoping that that would make it decide the hose name would 
be dev-ldap7-1. But no such luck. Looking over the available properties I 
can't find anything that helps me. Anyone got any clue on how to fix this?

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0feb6647-e139-43b1-adac-4c9aed32fb8e%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1920226957.31222800.1498681826840.JavaMail.zimbra%40lafayette.edu.

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-28 Thread crdaudt 
Thanks Julien.  With your suggested change, /staus/dashboard is now working 
for me.

I changed my entry for adminusers.properties to 'crdaudt=pwdnotuse,ROLE_ADMIN' 
(i.e., as you suggested).

I changed the value of cas.adminPagesSecurity.ip to allow the ip address 
ranges of 10.11.12.0/24 and 14.15.16.0/24 as follows:
cas.adminPagesSecurity.ip=^10\.11\.12\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$|
^14\.15\.16\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$

My other parameters are as listed above.

One further question:  What does '=pwdnotuse' mean?  Is this documented 
somewhere?

Other than that, my issue is resolved.  Thanks all!
p.s. -- looking forward to more complete, updated documentation some day, 
and perhaps some more examples.  Thanks for everyone's good hard work.

On Wednesday, June 28, 2017 at 3:36:16 PM UTC-4, Julien Whizz wrote:
>
> Hi, 
>
> I think IS : crdaudt=pwdnotuse,ROLE_ADMIN
>
> No ?
>
> Le 28 juin 2017 5:49 PM, "crdaudt" > a 
> écrit :
>
> Thanks Iain.  I have this working now for only filtering with IP 
> addresses.  For those interested, I have the following in my cas.properties 
> file:
> BEGIN snippet from cas.properties
> ...
> cas.monitor.endpoints.enabled=true
> cas.monitor.endpoints.sensitive=false
> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
> END
>
> However, to pick up on Julien's issue, I am not able to get this working 
> if I further restrict this to users logged in who are specified as 
> authorized users in my adminusers.properties file.
> Here is what I have:
> BEGIN snippet from cas.properties
> ...
> cas.monitor.endpoints.enabled=true
> cas.monitor.endpoints.sensitive=false
> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
> cas.adminPagesSecurity.loginUrl=https://my.test.cas.server/cas/login
> cas.adminPagesSecurity.service=
> https://my.test.cas.server/cas/status/dashboard
> cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
> cas.serviceRegistry.watcherEnabled=true
> cas.serviceRegistry.initFromJson=true
> END
>
> And here are the contents of my adminusers.properties file (for now, I 
> only have my username listed):
> BEGIN adminusers.properties
> user=crdaudt,ROLE_ADMIN
> END
>
> My results are as follows:
> --When I visit https://my.test.cas.server/cas/status/dashboard, I am 
> redirected to login.
> --When I log in, my logs show the following:
>
> BEGIN log snippet
> >
> 2017-06-28 11:42:01,961 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: crdaudt
> WHAT: 
> TGT-**kloPuBba1M-my.test.cas.server
> ACTION: TICKET_GRANTING_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Jun 28 11:42:01 EDT 2017
> CLIENT IP ADDRESS: 10.11.12.13
> SERVER IP ADDRESS: 10.10.10.100
> =
>
> >
> 2017-06-28 11:42:02,001 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: crdaudt
> WHAT: ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server for 
> https://my.test.cas.server/cas/status/dashboard
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Jun 28 11:42:02 EDT 2017
> CLIENT IP ADDRESS: 10.11.12.13
> SERVER IP ADDRESS: 10.10.10.100
> =
>
> >
> 2017-06-28 11:42:02,206 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: crdaudt
> WHAT: ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server
> ACTION: SERVICE_TICKET_VALIDATED
> APPLICATION: CAS
> WHEN: Wed Jun 28 11:42:02 EDT 2017
> CLIENT IP ADDRESS: 10.11.12.13
> SERVER IP ADDRESS: 10.10.10.100
> =
> END
>
> I am then redirected to 
> https://my.test.cas.server/cas/status/dashboard?ticket=ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server,
>  
> and informed that:  "YOU ARE NOT AUTHORIZED TO BE AUTHORIZED!".
>
> Any suggestions?
>
>
>
> On Tuesday, June 27, 2017 at 2:19:58 PM UTC-4, Iain Workman wrote:
>>
>> The cas.adminPagesSecurity.ip setting is interpreted as a regex which the 
>> sending ip of the request is matched against. If you can form a regex which 
>> will match only the required ips that will work.
>>
>> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
>

RE: [cas-user] Get Token using Google Authenticator or Email - CAS 5.1.1

2017-06-28 Thread Misagh Moayyed 
No.



But Yes: https://apereo.github.io/2017/02/18/onthe-theoryof-possibility/



--Misagh



From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Sai 
Mallela
Sent: Wednesday, June 28, 2017 12:47 PM
To: CAS Community 
Subject: [cas-user] Get Token using Google Authenticator or Email - CAS 
5.1.1



Is it possible to get GAUTH code using Google Authenticator app and / or 
Email the code to the user to login using MFA.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/23fa50d4-73d2-4817-8928-18957acaefcc%40apereo.org
 

 
.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b001d2f048%24d09ff0a0%2471dfd1e0%24%40unicon.net.

[cas-user] Get Token using Google Authenticator or Email - CAS 5.1.1

2017-06-28 Thread Sai Mallela 
Is it possible to get GAUTH code using Google Authenticator app and / or 
Email the code to the user to login using MFA.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/23fa50d4-73d2-4817-8928-18957acaefcc%40apereo.org.

Re: [cas-user] how to upgradation from CAS 3.5.2 to CAS 5.0.

2017-06-28 Thread Richard Frovarp 
Ours is going live tomorrow morning. This time with MFA, OpenID, and 
SAML 2.0 support. Only pain was "migrating" the services which involved 
me manually copy and pasting URLs and setting attribute return.


On 06/28/2017 10:00 AM, Carlos Fernandez wrote:
I'm in the process of doing the same -- we have finished testing 
already and will go live on Saturday. Since nothing carries over from 
the 3.5 series to 5.0, you'll be better off starting a CAS 5.0 
implementation from scratch on a separate system and build it up to 
the necessary level of functionality.


Best regards,
--
Carlos M. Fernández
Enterprise Systems Manager
*Saint Joseph’s University*
Philadelphia PA 19131
T: +1 610 660 1501


On Wed, Jun 28, 2017 at 7:08 AM, Ravi Sharma > wrote:


Hi Team

working on JASIG CAS upgradation from *CAS 3.5.2* to* CAS 5.0.*
Did not find any link for this please provide help for this.

reagrds
ravi Prakash
-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas

- CAS mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html


- CAS documentation website: https://apereo.github.io/cas


- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+unsubscr...@apereo.org
.
To view this discussion on the web visit

https://groups.google.com/a/apereo.org/d/msgid/cas-user/14d2eb3a-7f83-4efc-ae08-c3648c216b3d%40apereo.org

.


--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html

- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE7KU86iNFh01A3x4GY6mm-9FAXKHT4UsvwywKY4ghxOwRQW%3Dg%40mail.gmail.com 
.



--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ec1dd18-0d0f-ee79-2f47-bc41a967bc56%40ndsu.edu.

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-28 Thread Julien Whizz 
Hi,

I think IS : crdaudt=pwdnotuse,ROLE_ADMIN

No ?

Le 28 juin 2017 5:49 PM, "crdaudt"  a écrit :

Thanks Iain.  I have this working now for only filtering with IP
addresses.  For those interested, I have the following in my cas.properties
file:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
END

However, to pick up on Julien's issue, I am not able to get this working if
I further restrict this to users logged in who are specified as authorized
users in my adminusers.properties file.
Here is what I have:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
cas.adminPagesSecurity.loginUrl=https://my.test.cas.server/cas/login
cas.adminPagesSecurity.service=https://my.test.cas.
server/cas/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.initFromJson=true
END

And here are the contents of my adminusers.properties file (for now, I only
have my username listed):
BEGIN adminusers.properties
user=crdaudt,ROLE_ADMIN
END

My results are as follows:
--When I visit https://my.test.cas.server/cas/status/dashboard, I am
redirected to login.
--When I log in, my logs show the following:

BEGIN log snippet
>
2017-06-28 11:42:01,961 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- 
2017-06-28 11:42:02,001 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- https://my.test.cas.server/cas/status/dashboard
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jun 28 11:42:02 EDT 2017
CLIENT IP ADDRESS: 10.11.12.13
SERVER IP ADDRESS: 10.10.10.100
=

>
2017-06-28 11:42:02,206 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- https://my.test.cas.server/
cas/status/dashboard?ticket=ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server,
and informed that:  "YOU ARE NOT AUTHORIZED TO BE AUTHORIZED!".

Any suggestions?



On Tuesday, June 27, 2017 at 2:19:58 PM UTC-4, Iain Workman wrote:
>
> The cas.adminPagesSecurity.ip setting is interpreted as a regex which the
> sending ip of the request is matched against. If you can form a regex which
> will match only the required ips that will work.
>
> --
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/
Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/
apereo.org/d/msgid/cas-user/e315e2f4-4290-46d9-8680-
29b7f5f62e10%40apereo.org

.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABkwnn_Ch_T0rEbDO-Rqn7%2B52ojabUX45g-Rvjj-P75rGQUM%3Dg%40mail.gmail.com.

Re: [cas-user] Different SSO behaviour in CAS 5.0.4?

2017-06-28 Thread Richard Frovarp 
Have you verified that you're getting the right cookies? Kind of sounds 
like the cookies are being issued for a different domain and/or path 
than where CAS is being requested.


On 06/27/2017 01:29 PM, Castang wrote:
Were you ever able to find a solution to this? We're experiencing the 
same issue on 5.1.1


On Friday, June 16, 2017 at 7:40:13 AM UTC-4, atilling wrote:

I'm seeing the same effect in CAS 5.1.0 I have checked the
properties for TGC and I have made sure that enable SSO is set in
the service manager but every service still requires login.

On Tue, Apr 11, 2017 at 5:21 PM, Manfredo Hopp
> wrote:

Hi,

I recently installed cas 5.0.4 and tested SSO with 2  web
applications which are running under version 4.0.1 installed
in production.

The test sequence was the same as for 4.0.1 e.g. ( in
chronological order):

1. Login to casified application A requires cas login
2. Redirect to casified application B with SSO enabled does
NOT require signing in.

but on 5.0.4 step 2. requires login in again.

Through cas-management I can see that services have SSO
enabled by default.

I made a revision of properties used but found no reason for
this different behaviour.

Regards Manfredo


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas

- CAS mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html

- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to cas-user+u...@apereo.org .
To view this discussion on the web visit

https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAB623R_ShsHHJjObJ_9Bi0opwVRqLya-8SB8_xjQyAxNMaLCTQ%40mail.gmail.com

.




-- 
Andrew Tillinghast

Sr. Web Developer
atill...@conncoll.edu 
270 Mohegan Avenue
New London, CT 06320-4196
Ph:860 439-5265 Fax: 860 439-2871
P*Think before you print
***CONFIDENTIALITY: This email (including any attachments) may
contain confidential, proprietary and privileged information, and
unauthorized disclosure or use is prohibited. If you received this
email in error, please notify the sender and delete this email
from your system.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html

- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e469609-256a-44a0-8e13-a3b7c89a4eb5%40apereo.org 
.



--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f380738c-845c-8dac-4f10-f0e5723fbb4f%40ndsu.edu.

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-28 Thread Julien Whizz 
I have the same problem, and I encounter a similar error to access
/cas-management
No error in the logs (DEBUG)

For ranges Security.ip think is like this :
cas.adminPagesSecurity.ip=(10)(\.(1|2|3|4|5|6|7))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}

2017-06-27 9:23 GMT+02:00 Michael Kotowski :

> Same issue here. In 5.0.5 it was sufficient to set
> cas.adminPagesSecurity.ip, but with 5.1.0 I have the same issue.
>
> But, with 5.1.0 there is also a big bunch of new properties ... will play
> with them.
>
> 5.0.x: https://apereo.github.io/cas/5.0.x/installation/
> Configuration-Properties.html#admin-status-endpoints
>
> 5.1.x: https://apereo.github.io/cas/5.1.x/installation/
> Configuration-Properties.html#spring-boot-endpoints
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/873b7de0-f4ca-405d-8915-
> 83a7d1dcc775%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABkwnn8%3D2%3Do%3D_64qDPPKt7FYmyGAphTvGE6WYbGcJQYhD3zUuQ%40mail.gmail.com.

Re: [cas-user] question about conf files with 5.1

2017-06-28 Thread Vallee Romain 
Hello cas users !

I answer myself .

So for a 4.X users, the 5.X version is very very simple!

Congratulation to the devs team !

example ... for activate rememberme : just add in cas.properties:
cas.ticket.tgt.rememberMe.enabled=true !!!

I have the feeling that i'm a jasig master !! ( just the feeling ... )

Thank you very much


Le mardi 27 juin 2017 16:49:03 UTC+2, Vallee Romain a écrit :
>
> Hello,
> i from 4.2 version, and 5.1 version seem to be very different .
>
> I read the doc, and i download the "cas-overlay-template-master", i modify 
> my pom.xml for add ldap and memcached support.
>
> I modify my cas-overlay-template-master/etc/cas/config/cas.properties with 
> my active directory parameters ...
>
> i run ./build.sh package 
>
> I saw every depandancies downloaded ...
>
> the build programs said to me :
> Building war: 
> /usr/local/apache-tomcat-9.0.0.M21/webapps/cas-overlay-template-master/target/cas.war
>
> and when i open target/cas/WEB-INF, i don't have any 
> deployerConfigContext.xml like 4.X version .
>
> I don't find config files about my cas.properties.
>
> may be it's normal ... ???
>
> Thank you 
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cea684c8-7331-487c-8468-101c77d02ce8%40apereo.org
>  
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/babaaa02-5de1-4386-adb3-68d4ecba7bc5%40googlegroups.com.

Re: [cas-user] how to upgradation from CAS 3.5.2 to CAS 5.0.

2017-06-28 Thread Carlos Fernandez 
I'm in the process of doing the same -- we have finished testing already
and will go live on Saturday. Since nothing carries over from the 3.5
series to 5.0, you'll be better off starting a CAS 5.0 implementation from
scratch on a separate system and build it up to the necessary level of
functionality.

Best regards,
--
Carlos M. Fernández
Enterprise Systems Manager
*Saint Joseph’s University*
Philadelphia PA 19131
T: +1 610 660 1501

On Wed, Jun 28, 2017 at 7:08 AM, Ravi Sharma  wrote:

> Hi Team
>
> working on JASIG CAS upgradation from *CAS 3.5.2* to* CAS 5.0.*
> Did not find any link for this please provide help for this.
>
> reagrds
> ravi Prakash
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> 
> - CAS documentation website: https://apereo.github.io/cas
> 
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/14d2eb3a-7f83-4efc-ae08-
> c3648c216b3d%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE7KU86iNFh01A3x4GY6mm-9FAXKHT4UsvwywKY4ghxOwRQW%3Dg%40mail.gmail.com.

Re: [cas-user] Re: CAS 5.1 Mariadb runtime issues

2017-06-28 Thread Richard Frovarp 
You can just include your own JDBC driver dependency instead of using 
the previous version. Not having them is preferable for us as we use the 
same Tomcat instance for several things and have the JDBC driver central 
as the MySQL one doesn't like application restarts and leaks. So I had 
to previously exclude all of the drivers.


On 06/27/2017 09:23 AM, 'Iain Workman' via CAS Community wrote:
I would also be interested in a solution to this, as I have been 
experiencing the same issue.


As an interim solution I forced the application to make use of the 
dependency package from the previous version (which has worked without 
this error) in the pom.xml

|
...

org.apereo.cas
cas-server-support-jdbc-drivers
5.0.6

...
|


--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html

- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6403e8f5-24cb-45a9-92fd-2df2cf883f2b%40apereo.org 
.



--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4918949-280c-7ae9-c1e6-a285557a301b%40ndsu.edu.

Re: [cas-user] How to configure / inject DataSource into AbstractUsernamePasswordAuthenticationHandler (CAS 5.1)

2017-06-28 Thread Dmitriy Kopylenko 
You could follow an example of the Jdbc authn handler configuration: 
https://github.com/apereo/cas/blob/master/support/cas-server-support-jdbc/src/main/java/org/apereo/cas/adaptors/jdbc/config/CasJdbcAuthenticationConfiguration.java

Cheers,
D.


From: 'Adalbert Schwafel' via CAS Community 
Reply: cas-user@apereo.org 
Date: June 28, 2017 at 3:22:41 PM
To: CAS Community 
Subject:  [cas-user] How to configure / inject DataSource into 
AbstractUsernamePasswordAuthenticationHandler (CAS 5.1)  

I have a basic CAS 5.1 running using the Maven overlay and a custom 
AuthenticationHandler following the blog post 
https://apereo.github.io/2017/02/02/cas51-authn-handlers/ 

I need to make my own DB queries to carry out authentication. Are there any 
pointers how to create a datasource and inject that into the auth handler, 
potentially also using a DB connection pool such as c3p0?

Thanks

.as


--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8a519dd-9533-4f90-ae2c-60e6ed9d7ea3%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.595402c8.6c424df9.2415%40unicon.net.

RE: [cas-user] How to configure / inject DataSource into AbstractUsernamePasswordAuthenticationHandler (CAS 5.1)

2017-06-28 Thread Misagh Moayyed 
https://github.com/apereo/cas/blob/master/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/support/Beans.java#L164



--Misagh



From: 'Adalbert Schwafel' via CAS Community [mailto:cas-user@apereo.org]
Sent: Wednesday, June 28, 2017 12:23 PM
To: CAS Community 
Subject: [cas-user] How to configure / inject DataSource into 
AbstractUsernamePasswordAuthenticationHandler (CAS 5.1)



I have a basic CAS 5.1 running using the Maven overlay and a custom 
AuthenticationHandler following the blog post 
https://apereo.github.io/2017/02/02/cas51-authn-handlers/



I need to make my own DB queries to carry out authentication. Are there any 
pointers how to create a datasource and inject that into the auth handler, 
potentially also using a DB connection pool such as c3p0?


Thanks



.as





-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8a519dd-9533-4f90-ae2c-60e6ed9d7ea3%40apereo.org
 

 
.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/005a01d2f044%2462cfbeb0%24286f3c10%24%40unicon.net.

[cas-user] How to configure / inject DataSource into AbstractUsernamePasswordAuthenticationHandler (CAS 5.1)

2017-06-28 Thread 'Adalbert Schwafel' via CAS Community 
I have a basic CAS 5.1 running using the Maven overlay and a custom 
AuthenticationHandler following the blog 
post https://apereo.github.io/2017/02/02/cas51-authn-handlers/ 

I need to make my own DB queries to carry out authentication. Are there any 
pointers how to create a datasource and inject that into the auth handler, 
potentially also using a DB connection pool such as c3p0?

Thanks

.as


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8a519dd-9533-4f90-ae2c-60e6ed9d7ea3%40apereo.org.

[cas-user] Attempting to connect CAS 5.1 to LDAP and running into cert issues

2017-06-28 Thread Toby Archer 
We are currently running CAS 3.5. It took my all of a few seconds to 
realize that upgrading, while I suppose could be an option, is way more 
effort than just reimplementing it. So I've started work on reimplementing 
our arrangement with CAS 5.1. 

I cloned the gradle overlay template repo and got it up and running fairly 
easily on my local machine. Followed the instruction and made a self signed 
keystore and got cas running over https. So far so good. Then I figured 
ldap was next. So far this is my authn configuration

cas.authn.accept.users=
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://dev-ldap7-1.usd.edu
> cas.authn.ldap[0].baseDn=o=usd.edu
> cas.authn.ldap[0].userFilter=uid=%u
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=Directory Manager
> cas.authn.ldap[0].bindCredential=lols you no see password
>
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keyStorePassword=changeit
> cas.authn.ldap[0].name=dev-ldap7-1
>

First line disables the demo auth service, and the rest is supposed to get 
ldap up and running. But when I do I get:

Caused by: java.security.cert.CertificateException: Hostname 
> '[dev-ldap7-1.usd.edu]' does not match the hostname in the server's 
> certificate 'CN=dev-ldap7-1, CN=636, CN=Directory Server, O=Sun 
> Microsystems'
>

This is why I added "cas.authn.ldap[0].name" at the end of the properties 
list there. I was hoping that that would make it decide the hose name would 
be dev-ldap7-1. But no such luck. Looking over the available properties I 
can't find anything that helps me. Anyone got any clue on how to fix this?

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0feb6647-e139-43b1-adac-4c9aed32fb8e%40apereo.org.

RE: [cas-user] Re: User Attributes for MongoDB Authentication not found (5.1.0)

2017-06-28 Thread Misagh Moayyed 
You’re doing just fine. The mongo authN simply ignores the attributes as it 
assumed attributes are to be retrieved from separate attribute repository 
sources. Dima and I were just reviewing this actually,  and are working on a 
change to ensure attributes produced by the authentication process can be 
merged/echoed back with attributes produced by separate repository sources, 
if any. This behavior/feature only exists for a certain number of authN 
schemes, not for all…and our goal is to make sure it works for every mode of 
authN regardless.



This will be fixed before RC1 goes out.



--Misagh



From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Karl 
Banke
Sent: Wednesday, June 28, 2017 8:28 AM
To: CAS Community 
Subject: [cas-user] Re: User Attributes for MongoDB Authentication not found 
(5.1.0)



Now Using 5.2.0-RC1-SNAPSHOT for another reason. I debugged the login 
process.

- The profile is created in by the profile creator called from the 
MongoAuthenticationHandler that extends AbstractWrapperAuthenticationHandler
- As expected, the profile has two attributes last_name -> User, 
first_name -> Cas
- This is then passed to create a new DefaultHandlerResult in the 
AbstractPac4jAuthenticationHandler
- It then reaches the 
AbstractAuthenticationManager.authenticateAndResolvePrincipal as a Handler 
Result where the principal has the two attributes
  correctly set.
- Here the resolvePrincipal method is called with the following attributes:

handler:MongoAuthenticationHandler
resolver: 
org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver
credential: UsernamePasswordCredential
principal:  The aforementioned Principal

After this call, the principal has no attributes left.

Within the PersonDirectoryPrincipalResolver the method 
retrievePersonAttributes(principalId, credential) returns null, which makes 
sense, since there are none defined. The attribute list is obtained from the 
attributeRepository which is by default an instance of 
CachingPersonAttributeDaoImpl.
There the person with the given id has no attributes assigned, since the 
only way it could have been loaded is by the process that now tries to 
resolves the attributes. Is there any other place where I have to declare 
what the possible attributes are?!

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/06b86984-c0a6-4f81-a0e5-ae56bc0100d3%40apereo.org
 

 
.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/01bf01d2f026%24a9bbb400%24fd331c00%24%40unicon.net.

[cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-28 Thread crdaudt 
Thanks Iain.  I have this working now for only filtering with IP 
addresses.  For those interested, I have the following in my cas.properties 
file:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
END

However, to pick up on Julien's issue, I am not able to get this working if 
I further restrict this to users logged in who are specified as authorized 
users in my adminusers.properties file.
Here is what I have:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
cas.adminPagesSecurity.loginUrl=https://my.test.cas.server/cas/login
cas.adminPagesSecurity.service=https://my.test.cas.server/cas/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.initFromJson=true
END

And here are the contents of my adminusers.properties file (for now, I only 
have my username listed):
BEGIN adminusers.properties
user=crdaudt,ROLE_ADMIN
END

My results are as follows:
--When I visit https://my.test.cas.server/cas/status/dashboard, I am 
redirected to login.
--When I log in, my logs show the following:

BEGIN log snippet
>
2017-06-28 11:42:01,961 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2017-06-28 11:42:02,001 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my.test.cas.server/cas/status/dashboard
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jun 28 11:42:02 EDT 2017
CLIENT IP ADDRESS: 10.11.12.13
SERVER IP ADDRESS: 10.10.10.100
=

>
2017-06-28 11:42:02,206 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my.test.cas.server/cas/status/dashboard?ticket=ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server,
 
and informed that:  "YOU ARE NOT AUTHORIZED TO BE AUTHORIZED!".

Any suggestions?


On Tuesday, June 27, 2017 at 2:19:58 PM UTC-4, Iain Workman wrote:
>
> The cas.adminPagesSecurity.ip setting is interpreted as a regex which the 
> sending ip of the request is matched against. If you can form a regex which 
> will match only the required ips that will work.
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e315e2f4-4290-46d9-8680-29b7f5f62e10%40apereo.org.

[cas-user] Re: User Attributes for MongoDB Authentication not found (5.1.0)

2017-06-28 Thread Karl Banke 
Now Using 5.2.0-RC1-SNAPSHOT for another reason. I debugged the login 
process. 

- The profile is created in by the profile creator called from the 
MongoAuthenticationHandler that extends 
AbstractWrapperAuthenticationHandler 
- As expected, the profile has two attributes last_name -> User, first_name 
-> Cas
- This is then passed to create a new DefaultHandlerResult in the 
AbstractPac4jAuthenticationHandler
- It then reaches the 
AbstractAuthenticationManager.authenticateAndResolvePrincipal as a Handler 
Result where the principal has the two attributes
  correctly set. 
- Here the resolvePrincipal method is called with the following attributes:

handler:MongoAuthenticationHandler
resolver:   
org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver
credential: UsernamePasswordCredential
principal:  The aforementioned Principal

After this call, the principal has no attributes left. 

Within the PersonDirectoryPrincipalResolver the method 
retrievePersonAttributes(principalId, credential) returns null, which makes 
sense, since there are none defined. The attribute list is obtained from 
the attributeRepository which is by default an instance of 
CachingPersonAttributeDaoImpl. 
There the person with the given id has no attributes assigned, since the 
only way it could have been loaded is by the process that now tries to 
resolves the attributes. Is there any other place where I have to declare 
what the possible attributes are?!  

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/06b86984-c0a6-4f81-a0e5-ae56bc0100d3%40apereo.org.

Re: [cas-user] CAS 5.1 Missing cas.properties

2017-06-28 Thread Ben Howell-Thomas 
It's not supposed to be copied.

See
https://apereo.github.io/cas/development/installation/Configuration-Management.html#overview
and also bootstrap.properties.

There's lots of different ways to get the config.  I think we set our
servers to get it via the -D vm argument (see bootstrap.properties).

On 27 June 2017 at 18:33, Nona M  wrote:

> Hi,
>
> I'am trying to implement CAS with ldap on Tomcat for the first time. I am
> trying to figure out why cas.properties file doesn't get created in target
> directory after I do my maven build. I do see application.properties in
> cas/WEB-INF/classes. Are they the same???
> Here is my pom.xml:
>
> Thanks for the help.
>
> 
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> 
> http://maven.apache.org/xsd/maven-4.0.0.xsd ">
>4.0.0
>org.apereo.cas
>cas-overlay
>war
>1.0
>
> 
>
>
>org.springframework.boot
>spring-boot-maven-plugin
>${springboot.version}
>
>org.springframework.boot.loader.WarLauncher
> 
>true
>
>
>
>org.apache.maven.plugins
>maven-war-plugin
>2.6
>
>cas
> false
>false
>
>
>org.apereo.cas
>cas-server-webapp
>
> 
>
>
> 
>
>
>cas
>
>
> 
> 
>org.apereo.cas
>cas-server-webapp
>5.1.0
>war
>runtime
>
>
>org.apereo.cas
>cas-server-support-ldap
>5.1.0
>
>
>org.apereo.cas
>cas-server-support-ldap-core
>5.1.0
>
>
>
> 
>1.4.2.RELEASE
>1.8
>1.8
>UTF-8
>
>
> 
>
>sonatype-releases
>http://oss.sonatype.org/content/repositories/releases/
> 
>
>false
>
>
>true
>
>
>
>sonatype-snapshots
>https://oss.sonatype.org/content/repositories/snapshots/
> 
>
>true
>
>
>false
>
>
>
>shibboleth-releases
>https://build.shibboleth.net/nexus/content/r
> epositories/releases
>
>
>spring-milestones
>https://repo.spring.io/milestone
>
>
> 
>
>
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/2b16ac0b-e009-4747-b8cc-
> 8dc4d8e6bf2f%40apereo.org
> 
> .
>

-- 
This email is sent on behalf of Northgate Public Services (UK) Limited and 
its associated companies including Rave Technologies (India) Pvt Limited 
(together "Northgate Public Services") and is strictly confidential and 
intended solely for the addressee(s). 
If you are not the intended recipient of this email you must: (i) not 
disclose, copy or distribute its contents to any other person nor use its 
contents in any way or you may be acting unlawfully;  (ii) contact 
Northgate Public Services immediately on +44(0)1908 264500 quoting the name 
of the sender and the addressee then delete it from your system.
Northgate Public Services has taken reasonable precautions to ensure that 
no viruses are contained in this email, but does not accept any 
responsibility once this email has been transmitted.  You should scan 
attachments (if any) for viruses.

Northgate Public Services (UK) Limited, registered in England and Wales 
under number 00968498 with a registered address of Peoplebuilding 2, 
Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2 
4NN.  Rave Technologies (India) Pvt Limited, registered in India under 
number 117068 with a registered address of 2nd Floor, Ballard House, Adi 
Marzban Marg, Ballard Estate,

Re: [cas-user] Re: CAS 5.1 Risk Based Authentication issues

2017-06-28 Thread Ludovic Senecaux 


I also noticed that this attribute is added to other ticket attributes returned 
to the client application

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/017e872e-710a-447b-abb5-717fbc12b49e%40apereo.org.

Re: [cas-user] how to upgradation from CAS 3.5.2 to CAS 5.0.

2017-06-28 Thread Petr Gašparík - AMI Praha a . s . 
It will hurt. Better reimplement it. A lot of changes...

--

s pozdravem

Petr Gašparík
solution architect

gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]


Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.


2017-06-28 13:08 GMT+02:00 Ravi Sharma :

> Hi Team
>
> working on JASIG CAS upgradation from *CAS 3.5.2* to* CAS 5.0.*
> Did not find any link for this please provide help for this.
>
> reagrds
> ravi Prakash
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/14d2eb3a-7f83-4efc-ae08-
> c3648c216b3d%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABAspd0_bWG%3De%3D%2BadsJ69%2BOUS5V1g7Dhsi98Hs-6C14LiS%2B8GA%40mail.gmail.com.

[cas-user] how to upgradation from CAS 3.5.2 to CAS 5.0.

2017-06-28 Thread Ravi Sharma 
Hi Team 

working on JASIG CAS upgradation from *CAS 3.5.2* to* CAS 5.0.*
Did not find any link for this please provide help for this.

reagrds
ravi Prakash

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/14d2eb3a-7f83-4efc-ae08-c3648c216b3d%40apereo.org.

[cas-user] Re: Does CAS 5.1.0 supports Radius Access Challenge?

2017-06-28 Thread Ravi Sharma 

Hi Team,

I am working on a product which uses JASIG CAS upgradation from *CAS 3.5.2* 
to* CAS 5.0*
But did not get any link for this please provide the url for JASIG CAS 
upgradation from *CAS 3.5.2* to* CAS 5.0.*

Please confirm.

Thanks & Regards,
Ravi Sharma

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f2751abc-95b2-4489-9772-3a8d0823e4f7%40apereo.org.

Re: [cas-user] Re: CAS 5.1 Risk Based Authentication issues

2017-06-28 Thread Pavlos Drandakis 

Hi Ludovic,

I think that the purpose of this property is for "registering" 
risk-based authentication in authentication handlers and that its value 
is just a name, could be whatever. If none is specified, the default 
triggeredRiskBasedAuthentication, will be used.


Pavlos


On 26/06/2017 05:48 μμ, Ludovic Senecaux wrote:
Did you found the purpose of 
cas.authn.adaptive.risk.response.riskyAuthenticationAttribute ?


--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ffe57174-0d30-c1dd-429a-d793d0085f84%40noc.edunet.gr.