Re: [cas-user] CAS 5.2.6 + Delegated Authentication + Microsoft Azure AD + How to map attributes

2018-10-08 Thread Łukasz Woźniak 
Hi,

I'm working on integration with Azure AD too. I was able to connect wia
OpenID. To map attribute You need to define default attribute. Example
below:

cas.authn.attributeRepository.merger=REPLACE
cas.authn.releaseProtocolAttributes=true
cas.authn.attributeRepository.defaultAttributesToRelease=email,given_name,family_name,name

After that Attribute mapping start working for me.

Can You share configuration how integration with Saml Ip working for You ?
With oAuth 2.0 and OpenID I had problem with Azure AD. Redirect_url
parameter does not redirect with get parameters, and I had to override
default Pac4j configuration.

Thanks,
Lukas



pt., 5 paź 2018 o 23:15 Raghavan TV  napisał(a):

> Hi All
>
> We were able to successfully integrate CAS 5.2.6 using delegated
> authentication agianst Azure AD (SAML Idp)
>
> We are now looking to map the SAML (claims) attributes to more meaningful
> names
>
> Azure SAML Response
>
>  Destination="
> https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML;
> ID="_6a00b756-53f4-4702-b329-7a6af0145fa0"
> InResponseTo="_d5nkosrzkcj29rlldngsuozq3uwtb5znanfm616"
> IssueInstant="2018-10-04T13:22:05.275Z" Version="2.0"
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
> 
> https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
>  Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
>  IssueInstant="2018-10-04T13:22:05.275Z"
> Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
> 
> https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
> http://www.w3.org/2000/09/xmldsig#;>
> http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> 
> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> BkenglDOQwAFlKJ3hLrZ4vUzAg9gOD9EFUjGKH9hsI4=
> 
> 
>
> HAKazQ1ApJ5w0NtxJs5E/qECDRz8C5xYjHtGDJtuuuULrM07HUjkoenQ4L34UhSO4qm6Jgo0roIP1bQAGDlq0DWmPu7P9nyPSaQbKiBMtDAO759rM/g0neTWWfYYuNfDFauA+CBuu1N2W15h/oYU85z2D//W8RJQDMB7JvkycPgKF9BY0RON+Rlo2qOFsZ8Z6TxNJgyDxPCQG5natKgVoAZ57lC4+giarBQJQgCFGjy5uckKx4tq2qDuSGnyxqpxqSSm0WNhRR4AqY+kMtNLvEv0aimLX5ezzeOTy7yGmnWNf+l8+FAai2US19Fu/G9xeMH9c3MjZ69MujIkFGqc3A==
> 
> 
>
> MIIDBTCCAe2gAwIBAgIQWOnQG5bZiIFAbuSzrxjvbDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE4MDgwMTAwMDAwMFoXDTIwMDgwMTAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM5fWyNaHwYqnCfxVBEqhfDHKWnNhqmVHH9McYM+bsRs9xl7DkuwsbvD6vOb4rANtVOuly+Eiv/fYhhwn8UFE4kzTRXWREIH+uoFCUDyItwtT8vNn253XzXuFiIeHEkSoHM4vckdP+G7lPEQRZtQjV2TTB/76eBrtnLdP/AAgp4KE4/kjSuKEvn4lwiKtQWYPmCBPh18erwmIFwBramK5CzNKT31ycTYpi3LZpjbIljzW7gzvX9P6/U+dmTmpOufKzJbAnnXKveMcRUZl7wXWxQpyKGAZ0q+8FKIcVbrO0mlbyPuQGynAOofsnhqPQVeO4lbsEgcmL9QXWdxdn6kYsCAwEAAaMhMB8wHQYDVR0OBBYEFMXZ+lF0trQrd4uWs+lQ7h0mls63MA0GCSqGSIb3DQEBCwUAA4IBAQAA/TRp5Cx6WWA04dCvoJNTd80KSO8uGrM2V4VhTlIU1zf8cjMocmBXSA0v+P3onkBHHwnMJs6fWuwcBL4vhqZ4jonPcgl3tUIGgDwywM3V4mC1JLZJXlBZASsAuKmHm6qwge6RVs+Ub1fcpOIViMgW/1Wj1tZm/v/NGHQ+EEJV1UXtE5OnFnzD+9TrfOTI/l855ryKNS6I+XNbtcIJUL87OWkMRgNgjOhBnmldA27sWWkFWfvxB0J7FvOkyWaLlyNe/jqCL3jYXzz0XBNGMbatmeKS3fgIihVUJ32Vt7GXI4ed0HuvhhZ6d+fvMnBPWdfteu018YHKeXyk/c2aegcj
> 
> 
> 
> 
>  Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">nX16LJA-9igFhluTHQGlDUOK0CNPy_XfliMDJ3iud88
>  Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> InResponseTo="_d5nkosrzkcj29rlldngsuozq3uwtb5znanfm616"
> NotOnOrAfter="2018-10-04T13:27:05.275Z"
> Recipient="
> https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML
> "/>
> 
>  NotOnOrAfter="2018-10-04T14:17:05.275Z">
> 
>
> spn:8b4fcc4d-6781-4da0-acc9-0c28a3317695
> 
> 
> 
> http://schemas.microsoft.com/identity/claims/tenantid;>
>
> 522b3803-a001-4675-b3b5-1d727d43585a
> 
> http://schemas.microsoft.com/identity/claims/objectidentifier;>
>
> 8fa1e8a3-41b8-440e-91cf-fafa246ab571
> 
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name;>
> xx...@.onmicrosoft.com
> 
> 
> http://schemas.microsoft.com/identity/claims/displayname;>
> Firstname Lastname
> 
> http://schemas.microsoft.com/identity/claims/identityprovider;>
> 
> https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/
> 
> 
> http://schemas.microsoft.com/claims/authnmethodsreferences;>
> 
> http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
> 
> 
>

[cas-user] CAS 5.3.x/5.2.x Release Announcements

2018-10-08 Thread Misagh Moayyed 
CAS 5.3.4 is released: 
https://github.com/apereo/cas/releases/tag/v5.3.4 

CAS 5.2.8 is released: 
https://github.com/apereo/cas/releases/tag/v5.2.8 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/246599216.12269499.1539034213033.JavaMail.zimbra%40unicon.net.

[cas-user] Logout - PGT not removed from ticket registry

2018-10-08 Thread David Wise 
Hi Everyone,

I have an application that makes heavy use of Proxy Tickets and am using 
Redis as a ticket registry.  When my user logs out of CAS, the PGT does not 
get destroyed but what I assume to be the parent TGT does.  I get the same 
behavior using Hazelcast.  When I use the DefaultTicketRegistry, it appears 
that both the TGT and PGT are destroyed.

Does anyone have an idea why the PGT is being cleaned up with the 
DefaultTicketRegistry but not with Redis/Hazelcast?


I've tried CAS 5.2.6 and 5.3.3 with the same results.

When the maxTimeToLiveInSeconds value expires, both the parent TGT and 
child PGT are destroyed.


I pulled down the 5.2.6 source, set the log level to DEBUG and was able to 
trace some of the flow.  Here are my findings:

AbstractTicketRegistry.deleteTicket() – handles the removal of all of the 
tickets.  If a TGT is passed in, this will look for child, PGTs and clean 
them up first.  In a CAS-only session, this got a TGT, found a PGT and 
deleted them both.  In a CAS/Redis session, this only got a TGT – no PGT.  
I’m guessing that this means that either the PGT was never added to the 
parent, TGT or that the reference to it was cleared out before the 
deleteTicket() call.

 

ServiceTicketImpl.grantProxyGrantingTicket() – creates the PGT and adds it 
to the TGT’s getProxyGrantingTickets() Map.  There wasn’t much logging 
here.  I know the PGT was created but I don’t know if it was actually 
assigned to its parent.  I didn’t see any Exceptions.  So, I assume the 
child-to-parent assignment was made.

 
RedisTicketRegistry – uses an 
org.springframework.data.redis.core.RedisTemplate  – to set and get 
entries.  This differs with DefaultTicketRegistry that simply uses a 
ConcurrentHashMap to handle the tickets.  It kind of makes me wonder 
whether there’s an issue with the spring data component.

I'm not able to build CAS from source - running as a normal user or 
administrator.  So, I haven't managed to add more logging statements.  This 
is my build environment:
Windows 7 
CAS 5.2.6
Gradle 4.10.2
Java 1.8.0_144
gradle -DskipFindbugs=true -DskipCheckstyle=true -DskipTests=true 
--stacktrace --debug clean build

18:03:57.304 [ERROR] 
[org.gradle.internal.buildevents.BuildExceptionReporter] Caused by: 
org.gradle.process.internal.ExecException: Process 'command 
'C:\sandbox\cas\webapp\cas-server-webapp-jetty\.gradle\nodejs\node-v7.10.0-win-x64\npm.cmd''
 
finished with non-zero exit value -4048
18:03:57.305 [ERROR] 
[org.gradle.internal.buildevents.BuildExceptionReporter] at 
org.gradle.process.internal.DefaultExecHandle$ExecResultImpl.assertNormalExitValue(DefaultExecHandle.java:395)
18:03:57.305 [ERROR] 
[org.gradle.internal.buildevents.BuildExceptionReporter] at 
org.gradle.process.internal.DefaultExecAction.execute(DefaultExecAction.java:37)
18:03:57.306 [ERROR] 
[org.gradle.internal.buildevents.BuildExceptionReporter] at 
org.gradle.api.internal.file.DefaultFileOperations.exec(DefaultFileOperations.java:232)
...

cas.properties:
logging.config: file:/etc/cas/config/log4j2.xml

server.contextPath=/cas
server.port=8443
server.ssl.keyStore=file:/etc/cas/keystore.jks
server.ssl.keyStorePassword=myPassword
server.ssl.keyPassword=myPassword

#Disable default casuser
cas.authn.accept.users=

cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://LDAPBOX:636
cas.authn.ldap[0].baseDn=OU=TAP,DC=tap,DC=test
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].usePasswordPolicy=true
cas.authn.ldap[0].bindDn=CN=USER1,OU=Service,OU=Users,OU=ABC,DC=abc,DC=test
cas.authn.ldap[0].bindCredential=myCredential
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,memberOf
cas.authn.ldap[0].trustCertificates=file:/etc/cas/cert.cer

# IP address may be enough to protect all endpoints.
cas.adminPagesSecurity.ip=0\.0\.0\.0
cas.adminPagesSecurity.loginUrl=https://CASMACHINE:8443/cas/login
cas.adminPagesSecurity.service=https://CASMACHINE:8443/cas/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true

cas.serviceRegistry.json.location=file:/etc/cas/config

# Sessions are terminated if no new tickets are requested in 15 minutes
cas.ticket.tgt.timeToKillInSeconds=900

# Sessions are never allowed to last longer than 8 hours (default)
cas.ticket.tgt.maxTimeToLiveInSeconds=28800

#Redis 
cas.ticket.registry.redis.host=CASMACHINE
cas.ticket.registry.redis.port=6379
cas.ticket.registry.redis.database=0


Thanks,

d


 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to

Re: [cas-user] CAS 5.3.3 management failed to save edits

2018-10-08 Thread Travis Schmidt 
Try this against 5.3.4-SNAPSHOT

On Mon, Oct 8, 2018 at 1:20 PM Travis Schmidt 
wrote:

> Not sure about the problem with creating the repository on Windows.  Never
> tried to run on a windows machine, so maybe someone else can help witnh
> that.
>
> As for not being able to save, that is a bug that you have uncovered. If
> you switch back to only use JPA, you should be able to make edits in any
> other field besides Service Name.  This will get fixed in the next release
> for sure and you may be able to use a -SNAPSHOT instance before then.
>
> Travis
>
> On Mon, Oct 8, 2018 at 12:43 PM Yan Zhou  wrote:
>
>> Hello,
>>
>> CAS 5.3.3 management app is loading service registry in database. That
>> works correctly. But when edit and save, got error.
>>
>> this is my management.properties.
>>
>> mgmt.enableVersionControl=false
>> mgmt.enableDiscoveryEndpointCall=false
>> cas.serviceRegistry.initFromJson=false
>> cas.serviceRegistry.jpa...
>>
>> I do not understand why the app. is trying to access directory, when my
>> service registry is in database and I have version control set to false?
>>
>>
>> 2018-10-08 15:28:56,436 DEBUG
>> [org.apereo.cas.mgmt.authentication.CasUserProfileFactory] - > user profile [#CasUserProfile# | id: testuser1 | attributes:
>> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
>> authenticationDate=2018-10-08T15:28:35.293-04:00[America/New_York],
>> authenticationMethod=questAuthHandler,
>> successfulAuthenticationHandlers=questAuthHandler,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
>> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
>> null |]>
>> 2018-10-08 15:28:56,436 DEBUG
>> [org.apereo.cas.mgmt.services.web.factory.RepositoryFactory] - > [#CasUserProfile# | id: testuser1 | attributes:
>> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
>> authenticationDate=2018-10-08T15:28:35.293-04:00[America/New_York],
>> authenticationMethod=questAuthHandler,
>> successfulAuthenticationHandlers=questAuthHandler,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
>> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
>> null |] is not an administrator. Loading objects from master repository>
>> 2018-10-08 15:28:56,438 DEBUG [org.apereo.cas.mgmt.GitUtil] -
>> > with strict path checking [on]>
>> 2018-10-08 15:28:59,109 DEBUG [org.apereo.cas.mgmt.GitUtil] - > to move [ssv-1.json] to [ssv2-1.json]>
>> 2018-10-08 15:28:59,109 DEBUG [org.apereo.cas.mgmt.GitUtil] - > [\etc\cas\services-repo\ssv-1.json] to [\etc\cas\services-repo\ssv2-1.json]>
>> 2018-10-08 15:28:59,111 ERROR
>> [org.apereo.cas.mgmt.services.web.AbstractManagementController] -
>> <\etc\cas\services-repo\ssv-1.json>
>> java.nio.file.NoSuchFileException: \etc\cas\services-repo\ssv-1.json
>>
>>
>> Anyway, I tried defining serviceRepo like below, but it fails as well.
>>  I am on windows.
>>
>>
>> mgmt.servicesRepo=file:///c:/gitworkspace/quest-cas5/cas5-server/etc/cas/services
>>
>> why does it say Repository not found?
>>
>> 018-10-08 15:41:27,658 DEBUG
>> [org.apereo.cas.mgmt.authentication.CasUserProfileFactory] - > user profile [#CasUserProfile# | id: testuser1 | attributes:
>> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
>> authenticationDate=2018-10-08T15:41:19.484-04:00[America/New_York],
>> authenticationMethod=questAuthHandler,
>> successfulAuthenticationHandlers=questAuthHandler,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
>> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
>> null |]>
>> 2018-10-08 15:41:27,658 DEBUG
>> [org.apereo.cas.mgmt.services.web.factory.RepositoryFactory] - > [#CasUserProfile# | id: testuser1 | attributes:
>> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
>> authenticationDate=2018-10-08T15:41:19.484-04:00[America/New_York],
>> authenticationMethod=questAuthHandler,
>> successfulAuthenticationHandlers=questAuthHandler,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
>> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
>> null |] is not an administrator. Loading objects from master repository>
>> 2018-10-08 15:41:27,658 DEBUG [org.apereo.cas.mgmt.GitUtil] - > git repository directory at
>> [c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git]>
>> 2018-10-08 15:41:27,660 DEBUG [org.apereo.cas.mgmt.GitUtil] -
>> > [c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git] with strict
>> path checking [on]>
>> 2018-10-08 15:41:30,199 ERROR [org.apereo.cas.mgmt.GitUtil] - > repository not found/initialized at
>> [C:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git]>
>> 2018-10-08 15:41:30,200 ERROR
>> [org.apereo.cas.mgmt.services.web.AbstractManagementController] -
>> > c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git>
>> java.lang.RuntimeException: repository not found:
>>

Re: [cas-user] CAS 5.3.3 management failed to save edits

2018-10-08 Thread Travis Schmidt 
Not sure about the problem with creating the repository on Windows.  Never
tried to run on a windows machine, so maybe someone else can help witnh
that.

As for not being able to save, that is a bug that you have uncovered. If
you switch back to only use JPA, you should be able to make edits in any
other field besides Service Name.  This will get fixed in the next release
for sure and you may be able to use a -SNAPSHOT instance before then.

Travis

On Mon, Oct 8, 2018 at 12:43 PM Yan Zhou  wrote:

> Hello,
>
> CAS 5.3.3 management app is loading service registry in database. That
> works correctly. But when edit and save, got error.
>
> this is my management.properties.
>
> mgmt.enableVersionControl=false
> mgmt.enableDiscoveryEndpointCall=false
> cas.serviceRegistry.initFromJson=false
> cas.serviceRegistry.jpa...
>
> I do not understand why the app. is trying to access directory, when my
> service registry is in database and I have version control set to false?
>
>
> 2018-10-08 15:28:56,436 DEBUG
> [org.apereo.cas.mgmt.authentication.CasUserProfileFactory] -  user profile [#CasUserProfile# | id: testuser1 | attributes:
> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
> authenticationDate=2018-10-08T15:28:35.293-04:00[America/New_York],
> authenticationMethod=questAuthHandler,
> successfulAuthenticationHandlers=questAuthHandler,
> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
> null |]>
> 2018-10-08 15:28:56,436 DEBUG
> [org.apereo.cas.mgmt.services.web.factory.RepositoryFactory] -  [#CasUserProfile# | id: testuser1 | attributes:
> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
> authenticationDate=2018-10-08T15:28:35.293-04:00[America/New_York],
> authenticationMethod=questAuthHandler,
> successfulAuthenticationHandlers=questAuthHandler,
> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
> null |] is not an administrator. Loading objects from master repository>
> 2018-10-08 15:28:56,438 DEBUG [org.apereo.cas.mgmt.GitUtil] -
>  with strict path checking [on]>
> 2018-10-08 15:28:59,109 DEBUG [org.apereo.cas.mgmt.GitUtil] -  to move [ssv-1.json] to [ssv2-1.json]>
> 2018-10-08 15:28:59,109 DEBUG [org.apereo.cas.mgmt.GitUtil] -  [\etc\cas\services-repo\ssv-1.json] to [\etc\cas\services-repo\ssv2-1.json]>
> 2018-10-08 15:28:59,111 ERROR
> [org.apereo.cas.mgmt.services.web.AbstractManagementController] -
> <\etc\cas\services-repo\ssv-1.json>
> java.nio.file.NoSuchFileException: \etc\cas\services-repo\ssv-1.json
>
>
> Anyway, I tried defining serviceRepo like below, but it fails as well.   I
> am on windows.
>
>
> mgmt.servicesRepo=file:///c:/gitworkspace/quest-cas5/cas5-server/etc/cas/services
>
> why does it say Repository not found?
>
> 018-10-08 15:41:27,658 DEBUG
> [org.apereo.cas.mgmt.authentication.CasUserProfileFactory] -  user profile [#CasUserProfile# | id: testuser1 | attributes:
> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
> authenticationDate=2018-10-08T15:41:19.484-04:00[America/New_York],
> authenticationMethod=questAuthHandler,
> successfulAuthenticationHandlers=questAuthHandler,
> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
> null |]>
> 2018-10-08 15:41:27,658 DEBUG
> [org.apereo.cas.mgmt.services.web.factory.RepositoryFactory] -  [#CasUserProfile# | id: testuser1 | attributes:
> {credentialType=UsernamePasswordCredential, isFromNewLogin=true,
> authenticationDate=2018-10-08T15:41:19.484-04:00[America/New_York],
> authenticationMethod=questAuthHandler,
> successfulAuthenticationHandlers=questAuthHandler,
> longTermAuthenticationRequestTokenUsed=false} | roles: [ROLE_ADMIN] |
> permissions: [] | isRemembered: false | clientName: CasClient | linkedId:
> null |] is not an administrator. Loading objects from master repository>
> 2018-10-08 15:41:27,658 DEBUG [org.apereo.cas.mgmt.GitUtil] -  git repository directory at
> [c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git]>
> 2018-10-08 15:41:27,660 DEBUG [org.apereo.cas.mgmt.GitUtil] -
>  [c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git] with strict
> path checking [on]>
> 2018-10-08 15:41:30,199 ERROR [org.apereo.cas.mgmt.GitUtil] -  repository not found/initialized at
> [C:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git]>
> 2018-10-08 15:41:30,200 ERROR
> [org.apereo.cas.mgmt.services.web.AbstractManagementController] -
>  c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git>
> java.lang.RuntimeException: repository not found:
> c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git
> at org.apereo.cas.mgmt.GitUtil.initializeGitRepository(GitUtil.java:1225)
> ~[cas-management-webapp-support-5.3.3.jar:5.3.3]
> at

[cas-user] CAS 5.3.3 management failed to save edits

2018-10-08 Thread Yan Zhou 
Hello,

CAS 5.3.3 management app is loading service registry in database. That 
works correctly. But when edit and save, got error.

this is my management.properties. 

mgmt.enableVersionControl=false
mgmt.enableDiscoveryEndpointCall=false
cas.serviceRegistry.initFromJson=false
cas.serviceRegistry.jpa...

I do not understand why the app. is trying to access directory, when my 
service registry is in database and I have version control set to false?


2018-10-08 15:28:56,436 DEBUG 
[org.apereo.cas.mgmt.authentication.CasUserProfileFactory] - 
2018-10-08 15:28:56,436 DEBUG 
[org.apereo.cas.mgmt.services.web.factory.RepositoryFactory] - 
2018-10-08 15:28:56,438 DEBUG [org.apereo.cas.mgmt.GitUtil] - 
2018-10-08 15:28:59,109 DEBUG [org.apereo.cas.mgmt.GitUtil] - 
2018-10-08 15:28:59,109 DEBUG [org.apereo.cas.mgmt.GitUtil] - 
2018-10-08 15:28:59,111 ERROR 
[org.apereo.cas.mgmt.services.web.AbstractManagementController] - 
<\etc\cas\services-repo\ssv-1.json>
java.nio.file.NoSuchFileException: \etc\cas\services-repo\ssv-1.json


Anyway, I tried defining serviceRepo like below, but it fails as well.   I 
am on windows.

mgmt.servicesRepo=file:///c:/gitworkspace/quest-cas5/cas5-server/etc/cas/services

why does it say Repository not found?

018-10-08 15:41:27,658 DEBUG 
[org.apereo.cas.mgmt.authentication.CasUserProfileFactory] - 
2018-10-08 15:41:27,658 DEBUG 
[org.apereo.cas.mgmt.services.web.factory.RepositoryFactory] - 
2018-10-08 15:41:27,658 DEBUG [org.apereo.cas.mgmt.GitUtil] - 
2018-10-08 15:41:27,660 DEBUG [org.apereo.cas.mgmt.GitUtil] - 
2018-10-08 15:41:30,199 ERROR [org.apereo.cas.mgmt.GitUtil] - 
2018-10-08 15:41:30,200 ERROR 
[org.apereo.cas.mgmt.services.web.AbstractManagementController] - 

java.lang.RuntimeException: repository not found: 
c:\gitworkspace\quest-cas5\cas5-server\etc\cas\services\.git
at org.apereo.cas.mgmt.GitUtil.initializeGitRepository(GitUtil.java:1225) 
~[cas-management-webapp-support-5.3.3.jar:5.3.3]
at org.apereo.cas.mgmt.GitUtil.(GitUtil.java:100) 
~[cas-management-webapp-support-5.3.3.jar:5.3.3]
at 
org.apereo.cas.mgmt.services.web.factory.RepositoryFactory.buildGitUtil(RepositoryFactory.java:81)
 
~[cas-management-webapp-support-5.3.3.jar:5.3.3]
at 
org.apereo.cas.mgmt.services.web.factory.RepositoryFactory.masterRepository(RepositoryFactory.java:70)
 
~[cas-management-webapp-support-5.3.3.jar:5.3.3]
at 
org.apereo.cas.mgmt.services.web.factory.RepositoryFactory.from(RepositoryFactory.java:53)
 
~[cas-management-webapp-support-5.3.3.jar:5.3.3]
at 
org.apereo.cas.mgmt.services.web.factory.RepositoryFactory.from(RepositoryFactory.java:40)
 
~[cas-management-webapp-support-5.3.3.jar:5.3.3]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:1.8.0_121]

Thx!
Yan


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac9f0009-c180-4e3e-b6dc-e83a0aab76d1%40apereo.org.

[cas-user] Re: Deadlocks and Uncommited Transaction

2018-10-08 Thread Trevor Fong 


Anyone have any ideas why we're getting deadlocks against the tables LOCKS, 
SERVICETICKET, TICKETGRANTINGTICKET?

Thanks a lot
Trev


On Friday, October 5, 2018 at 4:50:40 PM UTC-7, Trevor Fong wrote:
> Hi There, 
> 
> 
> We've trying out CAS 5.2.4 in a clustered environment with the ticket 
> registry in an Oracle 12c database.  We've been seeing tons of persistent 
> deadlock errors after a load test - you kill one locker and another deadlock 
> springs up.
> Our DBA tells us that deadlocks were seen against the tables LOCKS, 
> SERVICETICKET, TICKETGRANTINGTICKET
> Checking the catalina.out log, tons of messages like this:
> 
> 
> 
> 2018-10-04 22:45:06,347 WARN 
> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] -  SQLState: 61000>
> 2018-10-04 22:45:06,347 ERROR 
> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] -  detected while waiting for resource
> >
> 2018-10-04 22:45:06,347 ERROR 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
>  statement>
> javax.persistence.PersistenceException: 
> org.hibernate.exception.LockAcquisitionException: could not execute statement
>         at 
> org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:149)
>  ~[hibernate-core-5.2.13.Final.jar:5.2.13.Final]
>         at 
> org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:157)
>  ~[hibernate-core-5.2.13.Final.jar:5.2.13.Final]
>         at 
> org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1514)
>  ~[hibernate-core-5.2.13.Final.jar:5.2.13.Final]
>         at 
> org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteTicketGrantingTickets(JpaTicketRegistry.java:177)
>  ~[cas-server-support-jpa-ticket-registry-5.2.4.jar:5.2.4]
>         at 
> org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteSingleTicket(JpaTicketRegistry.java:145)
>  ~[cas-server-support-jpa-ticket-registry-5.2.4.jar:5.2.4]
>         at 
> org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:126)
>  ~[cas-server-core-tickets-5.2.4.jar:5.2.4]
>         at 
> org.apereo.cas.ticket.registry.AbstractTicketRegistry$$FastClassBySpringCGLIB$$d3c67a11.invoke()
>  ~[cas-server-core-tickets-5.2.4.jar:5.2.4]
>         at 
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
> ~[spring-core-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.apereo.cas.ticket.registry.JpaTicketRegistry$$EnhancerBySpringCGLIB$$45967896.deleteTicket()
>  ~[cas-server-support-jpa-ticket-registry-5.2.4.jar:5.2.4]
>         at sun.reflect.GeneratedMethodAccessor351.invoke(Unknown Source) 
> ~[?:?]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:1.8.0_172]
>         at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_172]
>         at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at 
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
>  ~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
>         at com.sun.proxy.$Proxy104.deleteTicket(Unknown Source) ~[?:?]
>         at 
> org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.cleanTicket(DefaultTicketRegistryCleaner.java:78)
>  ~[cas-server-core-tickets-5.2.4.jar:5.2.4]
>         at 
> java.util.stream.ReferencePipeline$4$1.accept(ReferencePipeline.java:210) 
> ~[?:1.8.0_172]
>         at 
> java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) 
> ~[?:1.8.0_172]
>         at java.util.Iterator.forEachRemaining(Iterator.java:116) 
> ~[?:1.8.0_172]
>         at 
> java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
>  ~[?:1.8.0_172]
>         at 
>

[cas-user] Re: param.service in templates changes between versions

2018-10-08 Thread Andy Ng 
Hi Ian,

I don't have an answer for your question, but since nobody is commenting so 
I thought I will give it a try :)

CAS 5.3 is using *Thymeleaf *instead of jsp in CAS 4.x, so you need some 
changes before making the jsp works again... 

If I am not misunderstanded, *param.service* in jsp means you want to get 
the *paramter service* right (I mean this service "https://www.example.com?
*service=ST-ASDA11C2KESAFD32*")

If true, then you can try something like the following to get the service 
parameter
*https://stackoverflow.com/questions/14513662/thymeleaf-how-to-get-url-attribute-value*

You might encounter some problem with Spring Boot not allowing your 
param.service, in that case this might helps too:
*https://stackoverflow.com/questions/52592892/workaround-for-request-getparameters-in-thymeleaf/52621695*

Again, not so familiar with this topic, so my answer are probably off, but 
hopefully it might give your some idea.

Cheers!
- Andy


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/70a8255d-23bc-4f59-af15-a5f345095156%40apereo.org.

Re: [cas-user] CAS 5.3, where is LOGGER defined with @Slf4j?

2018-10-08 Thread jaya swamy 
How to check whether default authentication configuration is
casuser::Mellon or taking from configured database
Using logs

On Mon 8 Oct, 2018, 8:26 PM Robert Oschwald, 
wrote:

> https://github.com/apereo/cas/blob/5.3.x/lombok.config
>
>
>
> Am 08.10.2018 um 16:53 schrieb Robert Oschwald :
>
> https://projectlombok.org/features/log
>
>
> See lombok.config file
> You need this file in your overlay project.
>
>
>
>
> Am 08.10.2018 um 16:32 schrieb Yan Zhou :
>
> Hello,
>
> Looking at CAS 5.3 source code,   I need to customize action class, so I
> create a class with the same name/package in my overlay, but I cannot
> resolve compile error on LOGGER.
>
> I understand with Lombok and @Slf4j, I get object: log  for free. But, I
> do not know how LOGGER is defined in CAS code.
>
> Thx!
> Yan
>
>
> in action classes, I see this:
>
>
> @Slf4j
> public class SendPasswordResetInstructionsAction extends AbstractAction {
>
> LOGGER.debug(...)   <== this is how logging is done, is this referring to
> the same logger object in parent?
>
> In AbstractAction, i see this.
>
> protected final Log logger = LogFactory.getLog(getClass());
>
> Thanks,
> Yan
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce7fb5fb-4cfe-4926-a14c-be5a18cb44b1%40apereo.org
> 
> .
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6D509FDE-F4E6-4564-98F0-BEFAE1F8CB4F%40gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6eDNhNteeohu9z_bToT%3DHy2fEfPDNtJkOQ%3DAhs-0%3D11gMyGg%40mail.gmail.com.

Re: [cas-user] CAS 5.3, where is LOGGER defined with @Slf4j?

2018-10-08 Thread Robert Oschwald 
https://github.com/apereo/cas/blob/5.3.x/lombok.config 




> Am 08.10.2018 um 16:53 schrieb Robert Oschwald :
> 
> https://projectlombok.org/features/log 
> 
> 
> 
> See lombok.config file
> You need this file in your overlay project.
> 
> 
> 
> 
>> Am 08.10.2018 um 16:32 schrieb Yan Zhou > >:
>> 
>> Hello,
>> 
>> Looking at CAS 5.3 source code,   I need to customize action class, so I 
>> create a class with the same name/package in my overlay, but I cannot 
>> resolve compile error on LOGGER.
>> 
>> I understand with Lombok and @Slf4j, I get object: log  for free. But, I do 
>> not know how LOGGER is defined in CAS code.
>> 
>> Thx!
>> Yan
>> 
>> 
>> in action classes, I see this:
>> 
>> 
>> @Slf4j
>> public class SendPasswordResetInstructionsAction extends AbstractAction {
>> 
>> LOGGER.debug(...)   <== this is how logging is done, is this referring to 
>> the same logger object in parent?
>> 
>> In AbstractAction, i see this.
>> 
>> protected final Log logger = LogFactory.getLog(getClass());
>> 
>> Thanks,
>> Yan
>> 
>> --
>> - Website: https://apereo.github.io/cas 
>> - Gitter Chatroom: https://gitter.im/apereo/cas 
>> 
>> - List Guidelines: https://goo.gl/1VRrw7 
>> - Contributions: https://goo.gl/mh7qDG 
>> ---
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce7fb5fb-4cfe-4926-a14c-be5a18cb44b1%40apereo.org
>>  
>> .
> 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6D509FDE-F4E6-4564-98F0-BEFAE1F8CB4F%40gmail.com.


signature.asc
Description: Message signed with OpenPGP

Re: [cas-user] CAS 5.3, where is LOGGER defined with @Slf4j?

2018-10-08 Thread Robert Oschwald 
https://projectlombok.org/features/log 


See lombok.config file
You need this file in your overlay project.




> Am 08.10.2018 um 16:32 schrieb Yan Zhou :
> 
> Hello,
> 
> Looking at CAS 5.3 source code,   I need to customize action class, so I 
> create a class with the same name/package in my overlay, but I cannot resolve 
> compile error on LOGGER.
> 
> I understand with Lombok and @Slf4j, I get object: log  for free. But, I do 
> not know how LOGGER is defined in CAS code.
> 
> Thx!
> Yan
> 
> 
> in action classes, I see this:
> 
> 
> @Slf4j
> public class SendPasswordResetInstructionsAction extends AbstractAction {
> 
> LOGGER.debug(...)   <== this is how logging is done, is this referring to the 
> same logger object in parent?
> 
> In AbstractAction, i see this.
> 
> protected final Log logger = LogFactory.getLog(getClass());
> 
> Thanks,
> Yan
> 
> --
> - Website: https://apereo.github.io/cas 
> - Gitter Chatroom: https://gitter.im/apereo/cas 
> - List Guidelines: https://goo.gl/1VRrw7 
> - Contributions: https://goo.gl/mh7qDG 
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce7fb5fb-4cfe-4926-a14c-be5a18cb44b1%40apereo.org
>  
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/40EDA1E7-C119-4546-A6E4-426502168A09%40gmail.com.


signature.asc
Description: Message signed with OpenPGP

[cas-user] Re: CAS 5.3, where is LOGGER defined with @Slf4j?

2018-10-08 Thread Andy Ng 
Hi Yan,

To make @Slf4j works, see 
"https://apereo.github.io/cas/developer/Build-Process-5X.html#plugins; the 
*Lombok 
plugin *is what you want to look at.

Alternatively, going back in time to *CAS 5.2.x* and you will see how 
LOGGER is originally implemented. Your cited class 
"SendPasswordResetInstructionAction" is not a very good example, since it 
is inconsistent  with other similar classes (in CAS 5.2.x that is~).

When you look at most other classes that implement LOGGER, like this:
https://github.com/apereo/cas/blob/5.2.x/support/cas-server-support-oidc/src/main/java/org/apereo/cas/oidc/web/controllers/OidcAuthorizeEndpointController.java
https://github.com/apereo/cas/blob/5.3.x/support/cas-server-support-oidc/src/main/java/org/apereo/cas/oidc/web/controllers/OidcAuthorizeEndpointController.java

And only looking at the part about LOGGER and @Slf4j. You will see how the 
LOGGER evolve into @Slf4j :) 

Hope that make sense to you!

Cheers!
- Andy


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4becf34-87d8-42c5-8c1d-d55a969bb496%40apereo.org.

[cas-user] CAS 5.3, where is LOGGER defined with @Slf4j?

2018-10-08 Thread Yan Zhou 
Hello,

Looking at CAS 5.3 source code,   I need to customize action class, so I 
create a class with the same name/package in my overlay, but I cannot 
resolve compile error on LOGGER.

I understand with Lombok and @Slf4j, I get object: log  for free. But, I do 
not know how LOGGER is defined in CAS code.

Thx!
Yan


in action classes, I see this:


@Slf4j
public class SendPasswordResetInstructionsAction extends AbstractAction {

LOGGER.debug(...)   <== this is how logging is done, is this referring to 
the same logger object in parent?

In AbstractAction, i see this.

protected final Log logger = LogFactory.getLog(getClass());

Thanks,
Yan

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce7fb5fb-4cfe-4926-a14c-be5a18cb44b1%40apereo.org.