Re: [cas-user] Error SAML 2.0 + Access Strategy
Sorry, I'm missing add our version of CAS. It is 5.2.8
El 30/10/18 a las 13:18, Alexi Pascual escribió:
hi,
We have a SAML 2.0 integration with Coursera and it works well.
However, when I add an access rule, the following error appears:
URL:
https://server.cl/cas/idp/profile/SAML2/Callback.+?entityId=https%3A%2F%2Fshibboleth.coursera.org%2Fsp=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly93d3cuY291cnNlcmEub3JnL2FwaS9zYW1sTG9naW4udjEvbG9naW4iIERlc3RpbmF0aW9uPSJodHRwczovL3Nzby51Yy5jbC9jYXMvaWRwL3Byb2ZpbGUvU0FNTDIvUmVkaXJlY3QvU1NPIiBGb3JjZUF1dGhuPSIwIiBJRD0ieUhsVjEwYWVTOS14YjhQLW5sUVhkZyIgSXNzdWVJbnN0YW50PSIyMDE4LTEwLTMwVDE2OjA5OjA3WiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3NoaWJib2xldGguY291cnNlcmEub3JnL3NwPC9zYW1sOklzc3Vlcj48c2FtbHA6TmFtZUlEUG9saWN5IEFsbG93Q3JlYXRlPSIxIi8%2BPC9zYW1scDpBdXRoblJlcXVlc3Q%2B=ST-1586-5sU7YpMxhVf22toid1e1msEd8oM-sso-prod3
org.jasig.cas.client.validation.TicketValidationException: UNAUTHORIZED_SERVICE
at
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:84)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:201)
at
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.validateRequestAndBuildCasAssertion(SSOSamlProfileCallbackHandlerController.java:149)
at
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlProfileCallbackHandlerController.java:115)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:741)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$4a57c9b7.handleCallbackProfileRequest()
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
The rule is as follows:
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"employeeType" : [
"java.util.HashSet",
[
"1",
"2",
"3"
]
]
}
We can not continue with the integration without having resolved the
Access Strategy, so I would appreciate any help.
regards,
--
Alexi Pascual
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider
I think I'm not going to dig more into it. It looks too much like a rabbit hole. I was giving a thought to Fediz IDP from Apache. This is basically is used in CAS. I'm running out of time to prove this one out, and I'm going to leave it. thank you for your reply. On Tuesday, October 30, 2018 at 9:28:52 AM UTC-7, Alin Tomoiaga wrote: > > Hi Beni, > > This has been a very frustrating issue and I have never managed to get it > working correctly. > Interestingly, different cas versions error out but with different errors: > 5.1.9 seemed to get past this cxf error but had another problem. > (on the other hand, saml support worked like a charm with various cas > versions) > I generated the keystore using keytool, but at this point, I am pretty > sure this cxf error is a bug... > > I would still like to get it working so still open to suggestions. > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dbec2930-727f-45e7-8750-ba888ad266c2%40apereo.org.
[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider
Hi Beni, This has been a very frustrating issue and I have never managed to get it working correctly. Interestingly, different cas versions error out but with different errors: 5.1.9 seemed to get past this cxf error but had another problem. (on the other hand, saml support worked like a charm with various cas versions) I generated the keystore using keytool, but at this point, I am pretty sure this cxf error is a bug... I would still like to get it working so still open to suggestions. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1075d165-cadd-4244-b991-8b3632b97333%40apereo.org.
Re: [cas-user] Pac4j Retrieve attribute and passing to CAS client
Hi,
By nature, pac4j is written in Java language. In any case, data are passed
via the CAS assertion.
For simple types, things should be straightforward. For more complex types,
you many need some manual/custom adjustments.
Thanks.
Best regards,
Jérôme
On Mon, Oct 29, 2018 at 7:14 PM uvaraj s wrote:
> Hi Jerome,
>
> Thanks a lot. I was able to retrieve the attributes in JAVA as given
> below. We have CAS client which is developed in Python. How do I get that
> CasProfile in Python?. Do pac4j support Python?. When we try Django-cas-ng
> it is giving AnonymousUser.
>
> public CasProfile validateServiceTicket(final String serviceURL, final
> TokenCredentials ticket) {
> try {
> final Assertion assertion =
> getCasRestAuthenticator().getTicketValidator()
> .validate(ticket.getToken(), serviceURL);
> final AttributePrincipal principal = assertion.getPrincipal();
> final CasProfile casProfile = new CasProfile();
> casProfile.setId(principal.getName());
> casProfile.addAttributes(principal.getAttributes());
> return casProfile;
> } catch (final TicketValidationException e) {
> throw new TechnicalException(e);
> }
> }
>
> public CasRestAuthenticator getCasRestAuthenticator() {
> Authenticator authenticator = getAuthenticator();
> if (authenticator instanceof LocalCachingAuthenticator) {
> authenticator = ((LocalCachingAuthenticator)
> authenticator).getDelegate();
> }
> if (authenticator instanceof CasRestAuthenticator) {
> return (CasRestAuthenticator) authenticator;
> }
> throw new TechnicalException("authenticator must be a
> CasRestAuthenticator (or via a LocalCachingAuthenticator)");
> }
>
>
>
> On Friday, 16 March 2018 11:34:51 UTC-4, leleuj wrote:
>>
>> Hi,
>>
>> This documentation should help you:
>> https://apereo.github.io/cas/4.2.x/integration/Delegate-Authentication.html#how-to-use-this-support-on-cas-applications-side
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> On Thu, Mar 15, 2018 at 3:31 AM, uvaraj s wrote:
>>
>>> Hi,
>>>
>>> We are using CAS 4.1.2 and pac4j 1.7 version. We are making SAML2Client
>>> call to shibboleth. These question might look like very basic ones. But the
>>> answer to these will help us a lot.
>>>
>>> 1.On the logs, I am able to see the attribute details getting printed.
>>> But wanted to know how we can able to retrieve user profile details in the
>>> code?.
>>> 2.How does client application who uses this CAS server will be able to
>>> get these attribute details?
>>>
>>> Thanks a lot in Advance.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7aee0ca9-4edd-48af-848f-c9cc7206cd58%40apereo.org
>>>
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/02f98c1d-8cd4-42b6-b028-15b276865cb0%40apereo.org
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyBsdmbvFtGzDn99QUUvRUpw0Y2xqBaffuy5WJObXEQ9w%40mail.gmail.com.
[cas-user] Error SAML 2.0 + Access Strategy
hi,
We have a SAML 2.0 integration with Coursera and it works well. However,
when I add an access rule, the following error appears:
URL:
https://server.cl/cas/idp/profile/SAML2/Callback.+?entityId=https%3A%2F%2Fshibboleth.coursera.org%2Fsp=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly93d3cuY291cnNlcmEub3JnL2FwaS9zYW1sTG9naW4udjEvbG9naW4iIERlc3RpbmF0aW9uPSJodHRwczovL3Nzby51Yy5jbC9jYXMvaWRwL3Byb2ZpbGUvU0FNTDIvUmVkaXJlY3QvU1NPIiBGb3JjZUF1dGhuPSIwIiBJRD0ieUhsVjEwYWVTOS14YjhQLW5sUVhkZyIgSXNzdWVJbnN0YW50PSIyMDE4LTEwLTMwVDE2OjA5OjA3WiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3NoaWJib2xldGguY291cnNlcmEub3JnL3NwPC9zYW1sOklzc3Vlcj48c2FtbHA6TmFtZUlEUG9saWN5IEFsbG93Q3JlYXRlPSIxIi8%2BPC9zYW1scDpBdXRoblJlcXVlc3Q%2B=ST-1586-5sU7YpMxhVf22toid1e1msEd8oM-sso-prod3
org.jasig.cas.client.validation.TicketValidationException: UNAUTHORIZED_SERVICE
at
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:84)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:201)
at
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.validateRequestAndBuildCasAssertion(SSOSamlProfileCallbackHandlerController.java:149)
at
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlProfileCallbackHandlerController.java:115)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:741)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$4a57c9b7.handleCallbackProfileRequest()
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
The rule is as follows:
"requiredAttributes" : {
"@class" : "java.util.HashMap",
"employeeType" : [
"java.util.HashSet",
[
"1",
"2",
"3"
]
]
}
We can not continue with the integration without having resolved the
Access Strategy, so I would appreciate any help.
regards,
--
Alexi Pascual
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions:
[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider
Hi Alin, Have you been able to start CAS server with the generated keys? How did you manage to generate the required keyStore files and the stscasrealm.jks in the end? Please advice. I am dealing with this for over a week and I'm not able to start CAS server with WS Fed support. thank you so much. Beni On Thursday, May 3, 2018 at 8:43:18 AM UTC-7, Alin Tomoiaga wrote: > > There are some encryption parameters that I have tried, but I am not sure >> what they do. I generated my own jks with the java keytool and placed them >> at the specified locations. Do these settings have anything to do with the >> cxf error above? Maybe, I tried to generate jks files with keytool, >> otherwise the server does not start, but am I doing it wrong? >> > > > keytool -genkey -alias realmcas -keyalg RSA -validity 10800 -keystore > stscasrealm.jks > keytool -export -alias ralmcas -keystore stscasrealm.jks -rfc -file > X509_certificate.cer > > > > cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS > cas.authn.wsfedIdp.idp.realmName=CAS > > cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks > cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass > > cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks > cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass > > # cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified > # cas.authn.wsfedIdp.sts.encryptTokens=true > > # cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks > # cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass > # cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas > # cas.authn.wsfedIdp.sts.realm.keyPassword=cas > # cas.authn.wsfedIdp.sts.realm.issuer=CAS > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/32a90cb8-f564-4837-ba6b-213500e2da32%40apereo.org.
Re: [cas-user] CAS for Jira 7
Hey Ashis, did you solve this issue? I'm facing the same problem right now. Could you may share the configs needed to fix this issue? Thanks in advance! Am Mittwoch, 25. Oktober 2017 09:30:55 UTC+2 schrieb Ashis: > > Micheal can you please help.. > > I have integrated CAS with JIRA. But when I open jira, user redirected > to /secure/Dashboard.jspa which has jira login page, On clicking login from > top right corner, cas page is opening and after successful logged in user > is redirected back to CAS but again i see JIRA login page and user not > logged in? > > Have you also faced this issue? > > > I have also checked > http://www.ascendintegrated.com/integrating-jira-sso-using-cas/ but no > success in integration > > On Monday, October 2, 2017 at 12:24:07 AM UTC+5:30, Michael Brown wrote: >> >> Also, I found a workaround for the Login gadget appearing at times. You >> can simply hide it: >> https://confluence.atlassian.com/jirakb/howto-hide-the-login-gadget-from-the-system-dashboard-in-jira-5-1-305037906.html >> >> Mike >> >> On Saturday, September 30, 2017 at 4:47:44 PM UTC-4, Michael Brown wrote: >>> >>> Hi Marco, We are experience the same issues with the CAS integration as >>> well. >>> >>> We did put together some instructions on modifying / updating the >>> seraph-config.xml and web.xml files, and you can download the .JAR files we >>> used here: >>> https://bitbucket.org/mbrown_ascend/jira-cas-integration/downloads/. >>> Although I'm not sure how to fix those issues other than adding "/*" >>> instead of default.jsp in the filter mapping for the >>> CasSingleSignOutFilter, >>> CasAuthenticationFilter, and CasValidationFilter. >>> >>> By adding /* though, it breaks the Dashboard all over again and the _MSG >>> error appear. >>> >>> Hope this helps a little, but we are also experiencing the same issue. >>> >>> Mike >>> >>> On Thursday, April 27, 2017 at 5:09:59 AM UTC-4, Marco Osorio wrote: Hello, I have a problem with jira + cas authentication. I've followed the setup instructions that come up with two things. 1. In the web.xml configuration, if I comment the CasValidationFilter filter, JIRA v7.3.1 starts correctly if errors. When authentic with CAS takes me to the DashBoard but the login widget keeps appearing without content and does not allow me to visualize anything else, as if I was waiting to validate the login. 2. If I activate the CasValidationFilter filter, when authenticating with CAS, it generates a double ticket validation error with this trace: Org.jasig.cas.client.validation.TicketValidationException: Ticket 'ST-380-eMVDywffQFkJ0W6DYY5f-DVMAPL207' not recognized The versions of cas-client-core-3.2.1.jar and cas-client-integration-atlassian-3.4.2.jar libraries Is there any missing configuration changes to avoid this double ticket validation? Thank you El viernes, 9 de diciembre de 2016, 23:04:05 (UTC+1), Jason Hitt escribió: > > I've created a pull request for a new Jira7CasAuthenticator at > https://github.com/apereo/java-cas-client/pull/197 > > There is example seraph-config.xml code in the comment. Using this > authenticator, you do not need any servlet filter updates in web.xml to > get > SSO. > > If you want single sign-out support you should still include those > filters and handlers. > If you want transparent SSO at your default URL (instead of seeing the > login page and having to click 'Login'), use the CasAuthenticationFilter > i > listed previously, but change the filter mapping from /* to /default.jsp. > > This configuration is working 100% with JIRA 7 for us on our test > server. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/35af4393-c42f-4b19-ab80-7634ff768302%40apereo.org.
Re: [cas-user] CAS 5.3.5 Authorization Interrupt & REST
Dirk,
You are FABULOUS!!! That was exactly what it needed. Thank you for such a
quick response, too.
Shawn
On Monday, October 29, 2018 at 9:29:36 PM UTC-4, Dirk Tepe wrote:
>
> The interrupt JSON file contains a mapping of username to interrupt
> configuration. The REST response is the only the configuration block for
> the matched user. Drop the 'testuser' key and just return that block:
>
> {
> "autoRedirect": false,
> "autoRedirectAfterSeconds": -1,
> "block": false,
> "interrupt": true,
> "links": {
> "Google Link": "https://www.google.com;,
> "Yahoo Link": "https://www.yahoo.com;
> },
> "message": "This is the announcement message that will tell people
> what to do",
> "ssoEnabled": false
> }
>
> The 200 Ok response tells CAS to interrupt, but then it can't find the
> data elements it expects.
>
> -dirk
> On Mon, Oct 29, 2018 at 4:43 PM Shawn Cutting > wrote:
>
>> Greetings.
>>
>> I am looking for some sort of documentation or other source of help for
>> how to properly use the Authorization Interrupt with a REST page response.
>> I am able to see the CAS server calling my REST application, and I am able
>> to appropriately process the call on the application, and the result is a
>> straight JSON file in the exact same syntax as the interrupt.json file.
>>
>> If I use the same information that I am returning from my REST app in the
>> json file, everything works like I would expect. But the returned JSON
>> does NOT follow the rules that are set in the json code. It does recognize
>> the specific user and only processes that user, but the rest of the rules
>> are not followed.
>>
>> Here is what I am returning (with example 'testuser'):
>>
>> >
>> if ($_GET["username"] == "testuser"){
>> header("HTTP/1.1 200 OK");
>> header('Content-Type:application/json');
>>
>> $array = array("testuser" => array(
>> "message" => "This is the announcement message that will tell
>> people what to do",
>> "links" => array(
>> "Yahoo Link" => urlencode("https://www.yahoo.com;),
>> "Google Link" => urlencode("https://www.google.com;)
>> ),
>> "block" => false,
>> "ssoEnabled" => false,
>> "interrupt" => true,
>> "autoRedirect" => false,
>> "autoRedirectAfterSeconds" => -1
>> ));
>>
>> echo urldecode(json_encode($array));
>> }
>> ?>
>>
>> If I put this json layout into the interrupt.json file, it works as it
>> should (the message appears, the links appear, etc). But when I call this
>> php file, it sees that testuser is the user in play and it does interrupt
>> the login, but the content is the default interrupt information with no
>> custom message, no links.
>>
>>
>> Has anyone had any success with the interrupt settings and REST? Any
>> help would be fabulous!
>>
>> Shawn
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7329613a-c5f1-4a15-b9fd-340dfad68331%40apereo.org
>>
>>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/149ab0d4-6572-4bf4-95ee-fc6d0a5531f5%40apereo.org.
