date:20170706

Re: [cas-user] Re: Password Management Assistance

2017-07-06 Thread William Jojo

Thank you! I will look at those links. Got basic functionality working 
without questions to gain understanding of the code. LDAP worked great for 
the password reset portion (again, no questions). When working through the 
details of the JDBC component, I have modest MySQL database for testing:

create table questions (

username tinytext not null,

question tinytext not null,

answer tinytext not null

);


create table pwreset (

username tinytext not null,

password tinytext not null

);


create table email (

username tinytext not null,

email tinytext not null

);

Related JDBC queries:

cas.authn.pm.jdbc.sqlSecurityQuestions=SELECT question, answer FROM 
questions WHERE username=?

cas.authn.pm.jdbc.sqlFindEmail=SELECT email FROM email WHERE username=?

cas.authn.pm.jdbc.sqlChangePassword=insert into pwreset (password, 
username) values (?, ?)

Populated user with two emails  - CAS does not like, but I am planning on 
extending this. We have users with multiple personal email as option.

Working around that, I have three questions setup for user, and I know that 
Map is being used:

Caused by: org.springframework.dao.IncorrectResultSizeDataAccessException: 
Incorrect result size: expected 1, actual 3

at 
org.springframework.dao.support.DataAccessUtils.requiredSingleResult(DataAccessUtils.java:74)
 
~[spring-tx-4.3.8.RELEASE.jar:4.3.8.RELEASE]

at 
org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:795)
 
~[spring-jdbc-4.3.8.RELEASE.jar:4.3.8.RELEASE]

at 
org.springframework.jdbc.core.JdbcTemplate.queryForMap(JdbcTemplate.java:828) 
~[spring-jdbc-4.3.8.RELEASE.jar:4.3.8.RELEASE]

at 
org.apereo.cas.pm.jdbc.JdbcPasswordManagementService.getSecurityQuestions(JdbcPasswordManagementService.java:68)
 
~[cas-server-support-pm-5.1.1.jar:5.1.1]

Line 68 is definitely the overridden getSecurityQuestions() with the Map, 
but question results are limited to 1? Cannot find this result size in the 
code.

Don't think I am missing a config option...


Bill


On Thursday, July 6, 2017 at 4:06:18 PM UTC-4, Misagh Moayyed wrote:
>
> Great.
>
> What you want to do is mostly controlled by this line:
>
>
> https://github.com/apereo/cas/blob/master/support/cas-server-support-pm/src/main/java/org/apereo/cas/pm/config/PasswordManagementConfiguration.java#L125
>
> Write something that extends/implements PasswordManagementService. Then 
> inject a “bean” instance of it into the runtime engine. CAS will pick up 
> yours instead of the defaults (note that Conditional tag).
>
> To learn how to inject config into CAS dynamically:
>
> https://apereo.github.io/cas/5.1.x/installation/Configuration-Management-Extensions.html
>
> More or less the same:
> https://apereo.github.io/2017/02/21/cas-autocfg-strategy/ 
>
> --Misagh
>
> On July 6, 2017 at 12:48:06 PM, William Jojo (joj...@gmail.com 
> ) wrote:
>
> Thank you, Misagh. I am looking at the code tree at 
> https://github.com/apereo/cas/blob/master/support/cas-server-support-pm/src/main/java/org/apereo/cas/pm/.
>  
> Again, at the moment, I am attempting to trigger the basic PM 
> functionality, then I can determine the injection point. If may attempt is 
> worthy, I am happy to contribute it to CAS.
>
> Bill
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a500a35c-0ae0-4629-a048-06d0b3a652d6%40apereo.org.

Re: [cas-user] Re: Password Management Assistance

2017-07-06 Thread Misagh Moayyed

Great.

What you want to do is mostly controlled by this line:

https://github.com/apereo/cas/blob/master/support/cas-server-support-pm/src/main/java/org/apereo/cas/pm/config/PasswordManagementConfiguration.java#L125

Write something that extends/implements PasswordManagementService. Then inject 
a “bean” instance of it into the runtime engine. CAS will pick up yours instead 
of the defaults (note that Conditional tag).

To learn how to inject config into CAS dynamically:
https://apereo.github.io/cas/5.1.x/installation/Configuration-Management-Extensions.html

More or less the same:
https://apereo.github.io/2017/02/21/cas-autocfg-strategy/ 

--Misagh

On July 6, 2017 at 12:48:06 PM, William Jojo (jojo...@gmail.com) wrote:

Thank you, Misagh. I am looking at the code tree at 
https://github.com/apereo/cas/blob/master/support/cas-server-support-pm/src/main/java/org/apereo/cas/pm/.
 Again, at the moment, I am attempting to trigger the basic PM functionality, 
then I can determine the injection point. If may attempt is worthy, I am happy 
to contribute it to CAS.

Bill

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.595e9834.7688fab.7a35%40unicon.net.

Re: [cas-user] Need help setting up LDAP Authentication

2017-07-06 Thread Sébastien Beaudlot

Hello Toby, 

I think you should try like this :

cas.authn.ldap[0].userFilter=uid={user} 

Refer to the CAS properties page. 

Le 6 juillet 2017 17:32:01 GMT+02:00, Toby Archer  a écrit 
:
>I'm upgrading from CAS 3.5 to CAS 5.1. The configurations are similar,
>but 
>not quite the same. My configuration on CAS 3.5 is:
>
># == LDAP Authentication settings ==
>> ldap.authentication.filter=uid=%u
>> ldap.authentication.server.urls=ldap://dev-ldap7-1.usd.edu
>> ldap.authentication.basedn=o=usd.edu
>> ldap.authentication.manager.userdn=cn=Directory Manager
>> ldap.authentication.manager.password=lols a password in plain text
>> ldap.authentication.ignorePartialResultException=true
>> ldap.authentication.scope=2
>>
>> ldap.authentication.services.manager.userdn=cn=WebTeam Members,
>o=usd.edu
>>
>> ldap.authentication.jndi.connect.timeout=1
>> ldap.authentication.jndi.read.timeout=1
>> ldap.authentication.jndi.security.level=simple
>>
>
>And here's my configuration so far in 5.1:
>
>cas.authn.accept.users=
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldap://dev-ldap7-1
>> cas.authn.ldap[0].baseDn=o=usd.edu
>> cas.authn.ldap[0].userFilter=uid=%u
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].bindDn=cn=Directory Manager
>> cas.authn.ldap[0].bindCredential=shhh, dont tell anyone
>>
>> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
>> cas.authn.ldap[0].principalAttributeId=uid
>> cas.authn.ldap[0].principalAttributePassword=password
>> cas.authn.ldap[0].principalAttributeList=sn,givenName
>>
>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>> cas.authn.ldap[0].keyStorePassword=changeit
>> cas.authn.ldap[0].name=dev-ldap7-1
>>
>> cas.authn.ldap[0].poolPassivator=CLOSE
>
>
>It binds to the server fine. I added the logger that turns up debugging
>on 
>this particular component. I tried logging in and saw this in the logs:
>
>> user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer, 
>> context=null] failed using 
>> filter=[org.ldaptive.SearchFilter@-635903203::filter=uid=%u, 
>> parameters={context=null, user=toben.archer}]>
>> 2017-07-06 10:28:41,778 DEBUG
>[org.ldaptive.auth.PooledSearchDnResolver] - 
>> > user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer, 
>> context=null]>
>> 2017-07-06 10:28:41,778 DEBUG [org.ldaptive.auth.Authenticator] - 
>> >
>request=[org.ldaptive.auth.AuthenticationRequest@314951352::user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer,
>
>> context=null], returnAttributes=[uid, givenName, sn]]>
>> 2017-07-06 10:28:41,778 WARN 
>> [org.apereo.cas.authentication.LdapAuthenticationHandler] - resolution 
>> failed. [DN cannot be null]>
>> 2017-07-06 10:28:41,779 INFO 
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>> <[dev-ldap7-1] failed authenticating [toben.archer]>
>> 2017-07-06 10:28:41,779 WARN 
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>> cannot find 
>> authentication handler that supports [toben.archer] of type 
>> [UsernamePasswordCredential], which suggests a configuration
>problem.>
>>
>
>The problem appears to be the "DN resolution failed. [DN cannot be
>null]" 
>which seems strange because I set baseDn, bindDn, and dnFormat. Have I 
>missed something? Why is it still not working?
>
>-- 
>- CAS gitter chatroom: https://gitter.im/apereo/cas
>- CAS mailing list guidelines:
>https://apereo.github.io/cas/Mailing-Lists.html
>- CAS documentation website: https://apereo.github.io/cas
>- CAS project website: https://github.com/apereo/cas
>--- 
>You received this message because you are subscribed to the Google
>Groups "CAS Community" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to cas-user+unsubscr...@apereo.org.
>To view this discussion on the web visit
>https://groups.google.com/a/apereo.org/d/msgid/cas-user/01662caf-30ab-4655-908d-a0ab5b2c7173%40apereo.org.

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/31CDF2E0-8CFE-4A72-AEC6-4389F66A8D64%40univ-avignon.fr.

Re: [cas-user] Re: Password Management Assistance

2017-07-06 Thread William Jojo

Thank you, Misagh. I am looking at the code tree at
https://github.com/apereo/cas/blob/master/support/cas-server-support-pm/src/main/java/org/apereo/cas/pm/.
Again, at the moment, I am attempting to trigger the basic PM
functionality, then I can determine the injection point. If may attempt is
worthy, I am happy to contribute it to CAS.

Bill

On Wed, Jul 5, 2017 at 4:52 PM, Misagh Moayyed 
wrote:

>
>>
>> My question is whether the user can reset their password in LDAP (as
>> Active Directory), but have the question answers come from Oracle (JDBC)?
>> My request is a sharing of a config the does basic Password Reset through
>> CAS.
>>
>
>
> No. Sources are assumed to be the same. You're welcome however to design
> your own component and inject it into CAS and that would know how to handle
> each operation per source type.
>
>> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/5dc605c4-7393-49e3-b0b9-
> 5854701c17df%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOGev1gc%3DYifzGBe%2BFOPewHcpCEjUdZvxxAnnkE_TptjWMgEJQ%40mail.gmail.com.

[cas-user] SAML IdP Response Configurations

2017-07-06 Thread Oscar Ruiz

Hello,

Could someone please explain to me what the attribute below does and what's 
a valid value(s) I can use for it?

cas.authn.samlIdp.response.overrideSignatureCanonicalizationAlgorithm=

We're setting up a brand new CAS (5.0.5) instance so that we can leverage 
SAML for SSO with one of our vendors but we're having issues getting the 
SSO to work. One of their recommendations was to change the exclusive 
canonicalization into inclusive in the response and the setting above is 
the only one I can find that might work, but I don't know what a proper 
value looks like. Has anyone else used this setting?

Thanks for any help,
Oscar

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/054d5beb-5a58-426a-95a5-3fb8f5cdaa57%40apereo.org.

[cas-user] Spring Boot Dev Tools with CAS

2017-07-06 Thread Adam Causey

Currently we are using the Eclipse IDE for development of our
customizations to CAS 5.0.x. We also use the Maven WAR overlay.

Is there a way to utilize Spring Boot Dev Tools during development?

https://docs.spring.io/spring-boot/docs/current/reference/html/using-boot-devtools.html

I have not been able to get this to work so far with CAS, but have used it
with other Spring Boot projects.

Thanks!

-Adam

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6MV5MCMH2C9dRnfrGVOa2H5E23rV8g%2B_1OSHSuQOgONQLmPw%40mail.gmail.com.

Re: [cas-user] Need help setting up LDAP Authentication

2017-07-06 Thread Toby Archer

ah. that did it. Thank you. I'm sure I would have looked at that all day
and not realized it was the missing piece.

On Thu, Jul 6, 2017 at 11:07 AM, Sébastien Beaudlot <
sebastien.beaud...@univ-avignon.fr> wrote:

> Hello Toby,
>
> I think you should try like this :
>
> cas.authn.ldap[0].userFilter=uid={user}
>
> Refer to the CAS properties page.
>
> Le 6 juillet 2017 17:32:01 GMT+02:00, Toby Archer  a
> écrit :
>>
>> I'm upgrading from CAS 3.5 to CAS 5.1. The configurations are similar,
>> but not quite the same. My configuration on CAS 3.5 is:
>>
>> # == LDAP Authentication settings ==
>>> ldap.authentication.filter=uid=%u
>>> ldap.authentication.server.urls=ldap://dev-ldap7-1.usd.edu
>>> ldap.authentication.basedn=o=usd.edu
>>> ldap.authentication.manager.userdn=cn=Directory Manager
>>> ldap.authentication.manager.password=lols a password in plain text
>>> ldap.authentication.ignorePartialResultException=true
>>> ldap.authentication.scope=2
>>>
>>> ldap.authentication.services.manager.userdn=cn=WebTeam Members, o=
>>> usd.edu
>>>
>>> ldap.authentication.jndi.connect.timeout=1
>>> ldap.authentication.jndi.read.timeout=1
>>> ldap.authentication.jndi.security.level=simple
>>>
>>
>> And here's my configuration so far in 5.1:
>>
>> cas.authn.accept.users=
>>> cas.authn.ldap[0].type=AUTHENTICATED
>>> cas.authn.ldap[0].ldapUrl=ldap://dev-ldap7-1
>>> cas.authn.ldap[0].baseDn=o=usd.edu
>>> cas.authn.ldap[0].userFilter=uid=%u
>>> cas.authn.ldap[0].subtreeSearch=true
>>> cas.authn.ldap[0].bindDn=cn=Directory Manager
>>> cas.authn.ldap[0].bindCredential=shhh, dont tell anyone
>>>
>>> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
>>> cas.authn.ldap[0].principalAttributeId=uid
>>> cas.authn.ldap[0].principalAttributePassword=password
>>> cas.authn.ldap[0].principalAttributeList=sn,givenName
>>>
>>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>>> cas.authn.ldap[0].keyStorePassword=changeit
>>> cas.authn.ldap[0].name=dev-ldap7-1
>>>
>>> cas.authn.ldap[0].poolPassivator=CLOSE
>>
>>
>> It binds to the server fine. I added the logger that turns up debugging
>> on this particular component. I tried logging in and saw this in the logs:
>>
>> >> context=null] failed using filter=[org.ldaptive.SearchFilter@
>>> -635903203::filter=uid=%u, parameters={context=null,
>>> user=toben.archer}]>
>>> 2017-07-06 10:28:41,778 DEBUG [org.ldaptive.auth.PooledSearchDnResolver]
>>> - >> 1196469953::identifier=toben.archer, context=null]>
>>> 2017-07-06 10:28:41,778 DEBUG [org.ldaptive.auth.Authenticator] -
>>> >> AuthenticationRequest@314951352::user=[org.ldaptive.auth.User@1196469953
>>> ::identifier=toben.archer, context=null], returnAttributes=[uid,
>>> givenName, sn]]>
>>> 2017-07-06 10:28:41,778 WARN 
>>> [org.apereo.cas.authentication.LdapAuthenticationHandler]
>>> - 
>>> 2017-07-06 10:28:41,779 INFO [org.apereo.cas.authentication.
>>> PolicyBasedAuthenticationManager] - <[dev-ldap7-1] failed
>>> authenticating [toben.archer]>
>>> 2017-07-06 10:28:41,779 WARN [org.apereo.cas.authentication.
>>> PolicyBasedAuthenticationManager] - >> Credentials may be incorrect or CAS cannot find authentication handler that
>>> supports [toben.archer] of type [UsernamePasswordCredential], which
>>> suggests a configuration problem.>
>>>
>>
>> The problem appears to be the "DN resolution failed. [DN cannot be null]"
>> which seems strange because I set baseDn, bindDn, and dnFormat. Have I
>> missed something? Why is it still not working?
>>
>>
> --
> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma
> brièveté.
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAF3b_ijPZFFUmL5FP5Gef6P8CUqPMXoZSkpDSe1pUeG8LeLn2w%40mail.gmail.com.

[cas-user] Need help setting up LDAP Authentication

2017-07-06 Thread Toby Archer

I'm upgrading from CAS 3.5 to CAS 5.1. The configurations are similar, but 
not quite the same. My configuration on CAS 3.5 is:

# == LDAP Authentication settings ==
> ldap.authentication.filter=uid=%u
> ldap.authentication.server.urls=ldap://dev-ldap7-1.usd.edu
> ldap.authentication.basedn=o=usd.edu
> ldap.authentication.manager.userdn=cn=Directory Manager
> ldap.authentication.manager.password=lols a password in plain text
> ldap.authentication.ignorePartialResultException=true
> ldap.authentication.scope=2
>
> ldap.authentication.services.manager.userdn=cn=WebTeam Members, o=usd.edu
>
> ldap.authentication.jndi.connect.timeout=1
> ldap.authentication.jndi.read.timeout=1
> ldap.authentication.jndi.security.level=simple
>

And here's my configuration so far in 5.1:

cas.authn.accept.users=
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://dev-ldap7-1
> cas.authn.ldap[0].baseDn=o=usd.edu
> cas.authn.ldap[0].userFilter=uid=%u
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=cn=Directory Manager
> cas.authn.ldap[0].bindCredential=shhh, dont tell anyone
>
> cas.authn.ldap[0].dnFormat=uid=%s,ou=people
> cas.authn.ldap[0].principalAttributeId=uid
> cas.authn.ldap[0].principalAttributePassword=password
> cas.authn.ldap[0].principalAttributeList=sn,givenName
>
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keyStorePassword=changeit
> cas.authn.ldap[0].name=dev-ldap7-1
>
> cas.authn.ldap[0].poolPassivator=CLOSE


It binds to the server fine. I added the logger that turns up debugging on 
this particular component. I tried logging in and saw this in the logs:

 user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer, 
> context=null] failed using 
> filter=[org.ldaptive.SearchFilter@-635903203::filter=uid=%u, 
> parameters={context=null, user=toben.archer}]>
> 2017-07-06 10:28:41,778 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - 
>  user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer, 
> context=null]>
> 2017-07-06 10:28:41,778 DEBUG [org.ldaptive.auth.Authenticator] - 
>  request=[org.ldaptive.auth.AuthenticationRequest@314951352::user=[org.ldaptive.auth.User@1196469953::identifier=toben.archer,
>  
> context=null], returnAttributes=[uid, givenName, sn]]>
> 2017-07-06 10:28:41,778 WARN 
> [org.apereo.cas.authentication.LdapAuthenticationHandler] -  failed. [DN cannot be null]>
> 2017-07-06 10:28:41,779 INFO 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <[dev-ldap7-1] failed authenticating [toben.archer]>
> 2017-07-06 10:28:41,779 WARN 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>  authentication handler that supports [toben.archer] of type 
> [UsernamePasswordCredential], which suggests a configuration problem.>
>

The problem appears to be the "DN resolution failed. [DN cannot be null]" 
which seems strange because I set baseDn, bindDn, and dnFormat. Have I 
missed something? Why is it still not working?

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/01662caf-30ab-4655-908d-a0ab5b2c7173%40apereo.org.

Re: [cas-user] Managing access to which services/websites users have access to when using SSO

2017-07-06 Thread Dmitriy Kopylenko

https://apereo.github.io/cas/development/installation/Configuring-Service-Access-Strategy.html

D.


From: Roy Langa 
Reply: cas-user@apereo.org 
Date: July 6, 2017 at 10:06:26 AM
To: CAS Community 
Subject:  [cas-user] Managing access to which services/websites users have 
access to when using SSO  

Hi,

I’m looking to implement CAS and was wondering if it’s possible for an admin to 
manage which websites a user has access to so that they can grant/revoke access 
to a website while retaining access to the rest if need be.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/56ad8c3b-81cb-4e63-8272-2b41971edbb7%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.595e4535.5f38f0fb.4a7%40unicon.net.

[cas-user] Managing access to which services/websites users have access to when using SSO

2017-07-06 Thread Roy Langa



Hi,

I’m looking to implement CAS and was wondering if it’s possible for an 
admin to manage which websites a user has access to so that they can 
grant/revoke access to a website while retaining access to the rest if need 
be.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/56ad8c3b-81cb-4e63-8272-2b41971edbb7%40apereo.org.

[cas-user] Roles attribute does not get set in the custom AuthenticationHandler.

2017-07-06 Thread Filip Majernik

I have a custom AuthenticationHandler because my users get authenticated 
against a BPM engine. This is working fine. Now I also have to retrieve the 
roles. I can do this also in the authentication handler. However, I don't 
see the 'roles' attribute in the validation response. XML.Here is the 
authentication handler:

protected HandlerResult 
authenticateUsernamePasswordInternal(UsernamePasswordCredential 
transformedCredential, String originalPassword)
throws GeneralSecurityException, PreventedException {

logger.debug("Logging in into the Bonita Engine.");

// get the username/password
final String username = transformedCredential.getUsername();
final String password = transformedCredential.getPassword();

// check the login
try {
List authorities = login(username, password);

// construct attributes
Map attributes = new HashMap<>();
attributes.put("roles", authorities);
// attributes.put("roles", authorities.toArray(new 
String[authorities.size()]));

// return the handler result
return createHandlerResult(transformedCredential, 
this.principalFactory.createPrincipal(username, attributes), null);
} catch (Exception e) {
logger.error("Error logging in: {}", e.getMessage());
logger.debug("Exception:", e);
}

// throw the exception if the login has not been valid.
throw new FailedLoginException(String.format("Could not 
authenticate the user '%s'", username));
}

I have tried every cas.authn.attributeRepository.merger , but without 
success. Interestingly, if I name the attribute with a different name (e.g. 
"asdasd"), I can see the roles there.

Another thing is also, that I am using the OAuth server support with the 
resource owner password schema. I can successfully validate but in the 
response I am getting only the AT, RT, token_type and expiration. But no 
other attributes. I would like to save the one another request to the 
/p3/serviceValidate. Is this somehow possible to configure. I am using CAS 
5.1.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/462b3357-59ab-4c2e-ae44-68ee6282e3f2%40apereo.org.

[cas-user] CAS proxy and uPortal

2017-07-06 Thread Sébastien BEAUDLOT

Hello,

I have a working 5.0.7 CAS on a Debian Jessie. All our websites and 
services using CAS are working and able to produce an use TGTs and STs.

Except for uPortal, which is using proxy granting. Below, all technical 
details. I also join debug level logs (sensitive datas replaced) of a 
uPortal login test with CAS. Every web server is using DigiCert 
certificates and listening on port 443 only. I also add the service 
definition and cas.properties (also with sensitive data taken off).

CAS version : 5.0.7
uPortal version : 4.0.12
Main error after uPortal login :  Forwarding to error page from request 
[/serviceValidate] due to exception ['principal' cannot be null.

I am really stuck, i don't even understand the meaning of this exception.

Maybe someone here can help me with this issue.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/da965ffe-849f-4f46-a40c-4ea47e863913%40apereo.org.
2017-07-06 11:24:16,693 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2017-07-06 11:24:16,704 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2017-07-06 11:24:16,721 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://ent-test.mydomain.tld/uPortal/Login
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Jul 06 11:24:16 CEST 2017
CLIENT IP ADDRESS: 195.83.163.141
SERVER IP ADDRESS: 195.83.163.58
=

>
2017-07-06 11:24:16,831 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://ent-test.mydomain.tld/uPortal/CasProxyServlet
WHAT: Supplied credentials: 
[https://ent-test.mydomain.tld/uPortal/CasProxyServlet]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Jul 06 11:24:16 CEST 2017
CLIENT IP ADDRESS: 195.83.163.115
SERVER IP ADDRESS: 195.83.163.58
=

>
2017-07-06 11:24:16,906 ERROR 
[org.springframework.boot.web.support.ErrorPageFilter] - 
java.lang.IllegalArgumentException: 'principal' cannot be null.
Check the correctness of @Audit annotation at the following audit point: 
execution(public org.apereo.cas.ticket.proxy.ProxyGrantingTicket 
org.apereo.cas.CentralAuthenticationServiceImpl.createProxyGrantingTicket
(java.lang.String,org.apereo.cas.authentication.AuthenticationResult))
at 
org.apereo.inspektr.audit.AuditActionContext.assertNotNull(AuditActionContext.java:80)
 ~[AuditActionContext.class:1.7.GA]
at 
org.apereo.inspektr.audit.AuditActionContext.(AuditActionContext.java:62) 
~[AuditActionContext.class:1.7.GA]
at 
org.apereo.inspektr.audit.AuditTrailManagementAspect.executeAuditCode(AuditTrailManagementAspect.java:159)
 ~[AuditTrailManagementAspect.class:1.7.GA]
at 
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:147)
 ~[AuditTrailManagementAspect.class:1.7.GA]
at sun.reflect.GeneratedMethodAccessor240.invoke(Unknown Source) ~[?:?]
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:629)
 ~[AbstractAspectJAdvice.class:4.3.4.RELEASE]
at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:618)
 ~[AbstractAspectJAdvice.class:4.3.4.RELEASE]
at 
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
 ~[AspectJAroundAdvice.class:4.3.4.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)
 ~[ReflectiveMethodInvocation.class:4.3.4.RELEASE]
at 
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
 ~[TransactionInterceptor$1.class:4.3.4.RELEASE]
at 
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
 ~[TransactionAspectSupport.class:4.3.4.RELEASE]
at 
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
 ~[TransactionInterceptor.class:4.3.4.RELEASE]
at

[cas-user] Re: Metadata resolver could not be located from metadata

2017-07-06 Thread Daniel Stahlnecker II

Hello,
Have you been able to solve this issue? I am running into the same error 
and would be interested to know the solution if you where able to find one.
Thank you

On Monday, May 29, 2017 at 3:08:54 PM UTC+8, Emilian Mitocariu wrote:
>
> Hi,
>
> I have a CAS 5.0.5 server (with ldap backend) and a Nextcloud server which 
> i am trying to make it authenticate users with the CAS server using SAML2. 
> When i go to Nextcloud, it redirects me to CAS but instead of the login 
> page i get this message "Error: Metadata resolver could not be located from 
> metadata". I attached a file with the logs.
>
> Anyone know how i could fix this?
> Thanks
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/acbd68e0-3b0b-4db8-8c5b-b1bafaebff2c%40apereo.org.

Re: [cas-user] SAML Authentication. Application can't authorize to use cas

2017-07-06 Thread Marco Aurelio Osorio De León

Thanks Song, Doe-Hyun for your answer.

I have been able to solve the problem of recognition of the application by
CAS manager.
Now I have the problem with the redirection to the SP, I do not know if it
is a problem of the JIRA plugin itself or it is a SP metadata problem.
The problem is that when doing the authentication does not redirect to the
SP, it stays in the page of CAS indicating that the authentication has been
correct.

Thanks again


2017-07-05 20:25 GMT+02:00 Song, Doe-Hyun :

> Look at Servie Registry. I used json to set up service for SAML. See the
> following links.
>
>
>
> https://apereo.github.io/cas/5.0.x/installation/Configuring-SAML2-
> Authentication.html#saml-services
>
>
>
> https://apereo.github.io/cas/5.0.x/installation/JSON-
> Service-Management.html
>
> https://apereo.github.io/cas/5.0.x/installation/Service-Management.html
>
>
>
>
>
> https://apereo.github.io/cas/5.0.x/installation/
> Configuration-Properties.html#service-registry
>
> https://apereo.github.io/cas/5.0.x/installation/
> Configuration-Properties.html#resource-based-service-registry
>
>
>
>
>
>
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Marco
> Osorio
> *Sent:* Thursday, June 29, 2017 5:32 AM
> *To:* CAS Community
> *Subject:* [cas-user] SAML Authentication. Application can't authorize to
> use cas
>
>
>
> Hello everyone,
>
> I have managed to configure SAML2 and load the Idp-metadata, which
> generates it automatically and the sp-metadata generated by the SP plugin.
>
> I have entered the CAS manager and added the SP, but when I try to
> authenticate, CAS tells me that the application is not authorized to use
> cas.
>
> I loaded the idp-metadata into the plugin to render the parameters and ok.
>
>
>
> My question is what do I need to be able to authenticate correctly?
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/9798020d-443f-4f30-8ba1-
> 4dce12864a05%40apereo.org
> 
> .
>
>
> The information contained in this e-mail and any attachments is confidential 
> and
> intended only for the recipient. If you are not the intended recipient, the
> information contained in this message may not be used, copied, or forwarded to
> third parties or otherwise distributed for any other purpose. Please notify 
> the
> sender if you received this e-mail in error and delete the e-mail and its
> attachments promptly.  Nothing in this e-mail may be used or deemed to form 
> the
> basis of a contractual or any other legally binding obligation unless 
> separately
> confirmed in writing by an authorized representative of ARMADA.
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/7C27C94EB0F1AD41BB2FA62533E661
> E201DA80898D%40MailS01P.hub1.com
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEKXz6tf8Tf-syKfkJnybQ31LvXxiJdFtqWgV%2BQfQWKSXoM8vg%40mail.gmail.com.

Re: [cas-user] SAML Authentication. Application can't authorize to use cas

2017-07-06 Thread Marco Osorio

Hi,
This is the trace after authentication process

2017-07-06 09:52:35,951 DEBUG 
[org.apereo.cas.web.support.DefaultCasCookieValueManager] - 
2017-07-06 09:52:35,951 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,951 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,956 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,956 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,956 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,975 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,976 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,979 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,980 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:52:35,980 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

*2017-07-06 09:52:35,982 DEBUG 
[org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory] - 
*
2017-07-06 09:52:35,982 DEBUG 
[org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - 

2017-07-06 09:52:35,982 DEBUG 
[org.apereo.cas.web.support.DefaultArgumentExtractor] - 
2017-07-06 09:52:35,983 DEBUG 
[org.apereo.cas.web.support.AbstractArgumentExtractor] - 
2017-07-06 09:53:02,655 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2017-07-06 09:53:02,655 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 



I do not know if something is missing to configure.

Thanks a lot!!



El miércoles, 5 de julio de 2017, 20:36:34 (UTC+2), Song, Doe-Hyun escribió:
>
> Look at Servie Registry. I used json to set up service for SAML. See the 
> following links. 
>
>  
>
>
> https://apereo.github.io/cas/5.0.x/installation/Configuring-SAML2-Authentication.html#saml-services
>
>  
>
>
> https://apereo.github.io/cas/5.0.x/installation/JSON-Service-Management.html
>
> https://apereo.github.io/cas/5.0.x/installation/Service-Management.html
>
>  
>
>  
>
>
> https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#service-registry
>
>
> https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#resource-based-service-registry
>
>  
>
>  
>
>  
>
>  
>
> *From:* cas-...@apereo.org  [mailto:cas-...@apereo.org 
> ] *On Behalf Of *Marco Osorio
> *Sent:* Thursday, June 29, 2017 5:32 AM
> *To:* CAS Community
> *Subject:* [cas-user] SAML Authentication. Application can't authorize to 
> use cas
>
>  
>
> Hello everyone,
>
> I have managed to configure SAML2 and load the Idp-metadata, which 
> generates it automatically and the sp-metadata generated by the SP plugin.
>
> I have entered the CAS manager and added the SP, but when I try to 
> authenticate, CAS tells me that the application is not authorized to use 
> cas.
>
> I loaded the idp-metadata into the plugin to render the parameters and ok.
>
>  
>
> My question is what do I need to be able to authenticate correctly?
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9798020d-443f-4f30-8ba1-4dce12864a05%40apereo.org
>  
> 
> .
>
> The information contained in this e-mail and any attachments is confidential 
> and
> intended only for the recipient. If you are not the intended recipient, the
> information contained in this message may not be used, copied, or forwarded to
> third parties or otherwise distributed for any other purpose. Please notify 
> the
> sender if you received this e-mail in error and delete the e-mail and its
> attachments promptly.  Nothing in this e-mail may be used or deemed to form 
> the
> basis of a contractual or any other legally binding obligation unless 
> separately
> confirmed in writing by an authorized representative of ARMADA.
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the

Re: [cas-user] Re: Password Management Assistance

Re: [cas-user] Re: Password Management Assistance

Re: [cas-user] Need help setting up LDAP Authentication

Re: [cas-user] Re: Password Management Assistance

[cas-user] SAML IdP Response Configurations

[cas-user] Spring Boot Dev Tools with CAS

Re: [cas-user] Need help setting up LDAP Authentication

[cas-user] Need help setting up LDAP Authentication

Re: [cas-user] Managing access to which services/websites users have access to when using SSO

[cas-user] Managing access to which services/websites users have access to when using SSO

[cas-user] Roles attribute does not get set in the custom AuthenticationHandler.

[cas-user] CAS proxy and uPortal

[cas-user] Re: Metadata resolver could not be located from metadata

Re: [cas-user] SAML Authentication. Application can't authorize to use cas

Re: [cas-user] SAML Authentication. Application can't authorize to use cas

15 matches

Site Navigation

Mail list logo

Footer information