[cas-user] ERROR: import org.apereo.cas.authentication.HandlerResul

[Fernando Gómez]

Hello, we are handling a custom handler to acredit us by database, but when 
importing:* import org.apereo.cas.authentication.HandlerResult;* when it 
compiles I get:


[ERROR] Failed to execute goal org.apache.maven.plugins: 
maven-compiler-plugin: 3.3: compile (default-compile) on project 
cas-overlay: Compilation failure
[ERROR] 
/opt/workspace/cas-overlay-template/src/main/java/com/elpais/cas/ClientAuthenticationHandler.java:[47,37]
 
can not find symbol
[ERROR] symbol: class HandlerResult
[ERROR] location: package org.apereo.cas.authentication

Please can guide me how I can solve it?

Thanks in advance

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8191a624-d2bc-4e29-a6a4-f4d9d7c92e9c%40apereo.org.

Re: [cas-user] CAS SLO, how does it terminate session on App if in a cluster environment?

[Ray Bon]

Yan,

I modified CAS-php files provided by vendor.

1. After ST is validated, app session id is written to redis with ST as key.
2. On logout, ST is used to get session id from redis (any host can do this).
3. Session id is sent to application's log out routine.

For this to work, all hosts must use a common session store (database, redis, 
network file system) or somehow share the session.
The application must regularly check the store for a valid session (vendor app 
does this for every page request).

Ray

On Thu, 2019-04-04 at 06:56 -0700, Yan Zhou wrote:
Hi Ray,

Can you elaborate on your approach when session is stored in Redis?   You need 
the key to invalidate session in Redis, how does your CAS client know the Radis 
key?   Is that the same as the app. session id?

Thx!
Yan

On Tuesday, April 2, 2019 at 11:22:24 AM UTC-4, rbon wrote:
Yan,

We use two different approaches. Some apps have a common session store like 
redis. Other applications are configured to propagate the log out to all 
members of the cluster, but this is only practical for a small cluster.

If your application runs in a container, maybe it can manage session 
replication (tomcat can do this).
Another, maybe less desirable option, perhaps the load balancer can look for 
/logout and broadcast to all members of the cluster.

Ray

On Tue, 2019-04-02 at 07:53 -0700, Yan Zhou wrote:
Hello!

CAS4, for SLO,  CAS server POSTs (back-channel SLO) to each service to perform 
SLO.  It works because there is a CAS client in the application that intercepts 
such SLO requests, it can find the app. session Id based on the CAS service 
ticket Id.

Is there any requirement on the part of Application to support SLO in a cluster 
environment?  Our app. runs on multiple servers behind a load balancer, it uses 
CAS for authN.

The problem, I run into, is that when App /logout endpoint gets called, it does 
not know where App Session is, the load balancer may direct the app /logout on 
the server not having the application session.

Am I missing something?

Thx!
Yan

--

Ray Bon

Programmer analyst

Development Services, University Systems

2507218831 | CLE 019 |



rb...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/914f124b458bb130a60d3680ecd5846c743df451.camel%40uvic.ca.

[cas-user] CAS 5.3.9 ADFS redirect issue

[Dan Roque]

I have CAS 5.3.9 configured with ADFS for our users. I followed the config 
template showno here

https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#ws-fed-delegated-authentication

Upon testing login, I get redirected to ADFS properly but I always see the 
CAS login page flash before redirecting to ADFS. I did not have this issue 
in CAS 4.2.X. Is there a config I need to set somewhere to avoid this from 
happening?

Thanks!

Dan

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/118dbaa7-8d86-4249-bf89-efff503bf38e%40apereo.org.

[cas-user] CAS 5.1.9 Mongodb ticket cleanup

[Juan Quintanilla]

Hi,


We are testing CAS 5.1.9 with mongodb for the ticket registry and wanted know 
if someone can provide some guidance on how your are performing ticket cleanup.


Appreciate any suggestions on this setup.


Thanks!


___
Juan Quintanilla
jquin...@fiu.edu

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR05MB5182704CB9156950025D0C7386500%40SN6PR05MB5182.namprd05.prod.outlook.com.

[cas-user] CAS OIDC: Configure different scope with different claims

[Devendra Sisodia]

Hello all,

I have configured CAS 5.3.6 with protocol OpenId Connect protocol for
authentication.
Issue 1:
Each scope should map to at least one or more claims. Right now it doesn’t
matter which scope is chosen, always same set of claims is returned. Even
if you provide no claims at all it still works, but should result in an
error.

Issue 2:
https://cas.example.org:8443/sso/oidc/.well-known/  =>
"id_token_signing_alg_values_supported":["none","RS256"],

alg for signing jwt returns both valid value and "none". How to avoid
"none" ?


cas.properties:
#OIDC
cas.authn.oidc.scopes=openid,profile,email,roles
cas.authn.oidc.claims = sub,email,givenName,isImpersonating, impersonator,
firstName, lastName, roles, name
cas.authn.oidc.userDefinedScopes.profile=isImpersonating, impersonator,
firstName, lastName, roles
cas.authn.oidc.userDefinedScopes.email=email
cas.authn.oidc.userDefinedScopes.roles=roles
cas.authn.oidc.issuer=http://cas.example.org:8443/cas/oidc
# Map predefined OIDC claims to our principal (user) attributes
cas.authn.oidc.claimsMap.givenName=firstName
cas.authn.oidc.claimsMap.lastName=lastName
cas.authn.oidc.claimsMap.mail=email
cas.authn.oidc.claimsMap.authorites=roles
cas.authn.oidc.claimsMap.name=name

-- 
Thanks & regards,
Devendra
Mobile: +49 1748437888

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACE83cXti3mvOA_PxwuOQtZdALfW6SUQW5yS70PGhe9SXgbtUg%40mail.gmail.com.

[cas-user] CAS 5.3.5 delegated authentication with saml invalid assertion?

[Tobias Johansson]

Hi!

Is there a way to exclude the NameQualifier from the issuer-tag in a saml2 
assertion in CAS 5.3.5?
My issuer-tag looks like this:

urn:mace:saml:pac4j.org

And my saml2 idp does not allow it, because it violates the saml-specs. 
I know it can be done in 6.x, but upgrading is not an easy option at this 
time.

Any help would be greatly appreciated!


Best Regards
Tobias Johansson

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b95a62b3-83c8-44f2-9ceb-e6a31f8b793a%40apereo.org.

Re: [cas-user] CAS SLO, how does it terminate session on App if in a cluster environment?

[Yan Zhou]

Hi Ray,

Can you elaborate on your approach when session is stored in Redis?   You 
need the key to invalidate session in Redis, how does your CAS client know 
the Radis key?   Is that the same as the app. session id?

Thx!
Yan

On Tuesday, April 2, 2019 at 11:22:24 AM UTC-4, rbon wrote:
>
> Yan,
>
> We use two different approaches. Some apps have a common session store 
> like redis. Other applications are configured to propagate the log out to 
> all members of the cluster, but this is only practical for a small cluster.
>
> If your application runs in a container, maybe it can manage session 
> replication (tomcat can do this).
> Another, maybe less desirable option, perhaps the load balancer can look 
> for /logout and broadcast to all members of the cluster.
>
> Ray
>
> On Tue, 2019-04-02 at 07:53 -0700, Yan Zhou wrote:
>
> Hello! 
>
> CAS4, for SLO,  CAS server POSTs (back-channel SLO) to each service to 
> perform SLO.  It works because there is a CAS client in the application 
> that intercepts such SLO requests, it can find the app. session Id based on 
> the CAS service ticket Id.  
>
> Is there any requirement on the part of Application to support SLO in a 
> cluster environment?  Our app. runs on multiple servers behind a load 
> balancer, it uses CAS for authN.
>
> The problem, I run into, is that when App /logout endpoint gets called, it 
> does not know where App Session is, the load balancer may direct the app 
> /logout on the server not having the application session.
>
> Am I missing something? 
>
> Thx!
> Yan
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0aec37e4-f951-49c0-95ad-826808aa8789%40apereo.org.