[cas-user] How to develop new module
Hi all, I'm trying to develop a new module authentication for CAS 5.3.x. This new module supports to authenticate by Face Recoginition which is existing services. I'm developing this module "cas-server-support-face" by copy source code "cas\cas-server-support-ldap" and modify it. I don't know how the cas will call this module "cas-server-support-face". I have been studied the configuration file "application.properties" of the cas but I don't know when the module "cas-server-support-ldap" is called. Please help to configure the cas to allow the new module " cas-server-support-face" is called! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ab863ad5-2939-4dfb-8637-154fb2c95e37%40apereo.org.
[cas-user] Create new module in cas server 5.3
Everyone let me ask. How to add a new module to authenticate to cas server 5.3? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e8fedf6e-6814-40e2-9526-90fbfaeeeccf%40apereo.org.
[cas-user] Question on AD memberOf CAS multiple attributes
Question on AD memberOf CAS multiple attributes: We are configuring CAS 5.3. In a service registry .json file, within the "ReturnMappedAttributeReleasePolicy" allowed attributes, the memberOf array comes across from AD where each of the multiple attributes are enclosed in separated tags: membership1 Name membership2 Name membership3 Name membership4 Name Can anyone tell me how to prevent this and to basically get memberOf to come accross similar to how it used to in CAS 3 as just an array containing attributes? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0780761-8162-4327-9edd-5d53a94fa075%40apereo.org.
Re: [cas-user] Mandatory entry point before authentication
Hi,
I'm not sure it helps in your case, but we had a similar issue with
some applications:
- the application creates a session and store information before going to CAS
- the application redirects to CAS which asks password
- CAS redirects to the application
- the user clicks on "back" button
- CAS session is valid, so it goes back to the application again. In
some cases, the application is not happy to receive an expected ticket
[*]. And even if it works, the user wonders why "back" did not work
The solution we used:
- on CAS form asking for login, we added
onsubmit="ignore_on_history_back()"
function ignore_on_history_back() {
// on back, do not autolog nor prompt, go back to the app
try { window.history.replaceState({}, null,
location.href.replace('/cas/login',
'/cas/authentification-en-cours.html')) } catch (e) {}
}
- we added a static page authentification-en-cours.html
var isForward = (history.state || {}).isForward;
try {
history.replaceState({ isForward: !isForward }, null, null);
} catch (e) {}
history.go(isForward ? 1 : -1);
Page temporaire d'authentification. Nous vous redirigeons vers la
page précédente...
(cf https://cas.univ-paris1.fr/cas/authentification-en-cours.html)
[*] we have this issue with shibboleth-idp that is configured to
delegate to CAS
Julien Gribonvald a écrit :
Hi,
Is there a simple way to force user to come from a service before to
authenticate ?
I mean before accessing to some services (not all) a user should
come from an entry point (a service on which he will be
authenticated after, like a portal), if not he should be redirected
to this entry point.
If not is it the a thing to define a service policy from the service
management to do that ? Or are you seing a better way ?
Thanks,
--
Julien Gribonvald
--
Pascal Rigaux
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190417213915.Horde.oRKdexLMMXnxHD47I0NICSS%40courrier.univ-paris1.fr.
Re: [cas-user] Mandatory entry point before authentication
Julien,
Check this setting:
cas.view.defaultRedirectUrl=https://${cas.server.name}/mypage
If user goes to CAS first (without a service), they get redirected to
defaultRedirectUrl.
Ray
On Wed, 2019-04-17 at 16:56 +0200, Julien Gribonvald wrote:
Hi,
Is there a simple way to force user to come from a service before to
authenticate ?
I mean before accessing to some services (not all) a user should come
from an entry point (a service on which he will be authenticated after,
like a portal), if not he should be redirected to this entry point.
If not is it the a thing to define a service policy from the service
management to do that ? Or are you seing a better way ?
Thanks,
--
Julien Gribonvald
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f6cdffc229472b76ba097cf453afd8990093e18.camel%40uvic.ca.
[cas-user] Mandatory entry point before authentication
Hi, Is there a simple way to force user to come from a service before to authenticate ? I mean before accessing to some services (not all) a user should come from an entry point (a service on which he will be authenticated after, like a portal), if not he should be redirected to this entry point. If not is it the a thing to define a service policy from the service management to do that ? Or are you seing a better way ? Thanks, -- Julien Gribonvald -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fff077c2-94b4-7c1e-e6f0-be4284a412f5%40recia.fr.
Re: [cas-user] Not a logout request
Hi,
After investigations, it seems that it's an issue on the CAS Client side
(owncloud CAS client)
CAS Client response to the SLO BACK_CHANNEL resquest is 405 Method not
allowed
[09/Apr/2019:00:05:57 +0200] "POST /cloud/index.php/apps/user_cas/login
> HTTP/1.1" 405 - "-" "Apache-HttpClient/4.5.6 (Java/11.0.2)"
>
There is indeed not POST route in the Owncloud CAS client
$application->registerRoutes($this, array(
> 'routes' => [
> array('name' => 'settings#saveSettings', 'url' => '/settings/save',
> 'verb' => 'POST'),
> array('name' => 'authentication#casLogin', 'url' => '/login', 'verb'
> => 'GET')
> ]
> ));
>
>
In order to have SLO with Owncloud CAS client, I believe some tunning has
to be made on the CAS client.
Thanks for your help
Baso
Le lundi 8 avril 2019 18:21:03 UTC+2, rbon a écrit :
>
> Baso,
>
> Add some of your own debug statements to CASphp where it processes the log
> out request.
>
> Ray
>
> On Sat, 2019-04-06 at 10:17 -0700, Baso Dupond wrote:
>
> Hi,
>
> The Single Log Out is not working on my basic implementation
>
> I obtain a "Not a logout request" in the Cas-client Log
>
>
> 0A53 .START (2019-04-06 16:15:42) phpCAS-1.3.6 ** [CAS.php
> :468]
> 0A53 .=> phpCAS::client('3.0', 'cas.xx.fr', 443, '/cas') [
> AppService.php:275]
> 0A53 .|=> CAS_Client::__construct('3.0', false, 'cas.x.fr'
> , 443, '/cas', true) [CAS.php:359]
> 0A53 .||Session is not authenticated [Client.php:938]
> 0A53 .|<= ''
> 0A53 .<= ''
> 0A53 .=> CAS_Client::handleLogoutRequests(true, array ( 0 =>
> '51.68.xx.xx',)) [CAS.php:1276]
> 0A53 .|Not a logout request [Client.php:1739]
> 0A53 .<= ''
>
>
> The CAS log show that logout request is sent
>
> 2019-04-06 18:15:10,832 DEBUG [org.apereo.cas.logout.slo.
> DefaultSingleLogoutServiceLogoutUrlBuilder] - sent to [http://
> extranet.xx.fr/cloud/index.php/apps/user_cas/login] for
> service [AbstractWebApplicationService(id=
> https://extranet.xx.fr/cloud/index.php/apps/user_cas/login,
> originalUrl=
> https://extranet.x.fr/cloud/index.pxxhp/apps/user_cas/login,
> artifactId=null, principal=basil...@x.fr ,
> source=service, loggedOutAlready=false, format=XML, attributes={})]>
> 2019-04-06 18:15:10,833 DEBUG [org.apereo.cas.logout.slo.
> BaseSingleLogoutServiceMessageHandler] - .cas.logout.slo.SingleLogoutUrl@ae1f72ee]] for service [
> AbstractWebApplicationService(id=https://
> extranet.xx.fr/cloud/index.php/apps/user_cas/login,
> originalUrl=
> https://extranet.x.fr/cloud/index.php/apps/user_cas/login,
> artifactId=null, principal=basil...@xx.fr ,
> source=service, loggedOutAlready=false, format=XML, attributes={})]>
> 2019-04-06 18:15:10,835 DEBUG [org.apereo.cas.logout.slo.
> BaseSingleLogoutServiceMessageHandler] - is [HttpMessage(url=http://
> extranet.x.fr/cloud/index.php/apps/user_cas/login,
> message=logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-hTkl0dF8f4XPX9-8aeQoJIZY%22+Version%3D%222.0%22+IssueInstant%3D%222019-04-06T18%3A15%3A10Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3Ebasile.test%
> xx.fr%3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-zcTYW858ldyFLPeC9MZ2gL-fGoMvps641230%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E,
>
> asynchronous=true, responseCode=0,
> contentType=application/x-www-form-urlencoded)]. Sending...>
> 2019-04-06 18:15:10,835 DEBUG [org.apereo.cas.util.http.SimpleHttpClient]
> - extranet.xx.fr/cloud/index.php/apps/user_cas/login HTTP/1.1]>
> 2019-04-06 18:15:10,850 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> - <[2] logout requests were processed>
>
>
>
> TCPDump on the CAS clien shows that the cas client receives the logout
> Request
>
> 51.68.xx.xx.38168 > 37.187.xx.xx.http: Flags [P.], cksum 0x8209 (correct),
> seq 0:754, ack 1, win 229, options [nop,nop,TS val 2263944706 ecr
> 768689247], length 754: HTTP, length: 754
> POST /cloud/index.php/apps/user_cas/login HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 484
> Host: extranet.xxx.fr
> Connection: Keep-Alive
> User-Agent: Apache-HttpClient/4.5.6 (Java/11.0.2)
> Accept-Encoding: gzip,deflate
>
> logoutRequest=%3Csamlp%3ALogoutRequest+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprotocol%22+ID%3D%22LR-2-hTkl0dF8f4XPX9-8aeQoJIZY%22+Version%3D%222.0%22+IssueInstant%3D%222019-04-06T18%3A15%3A10Z%22%3E%3Csaml%3ANameID+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aassertion%22%3Ebasile.test%
> 40.fr
> %3C%2Fsaml%3ANameID%3E%3Csamlp%3ASessionIndex%3EST-2-zcTYW858ldyFLPeC9MZ2gL-fGoMvps641230%3C%2Fsamlp%3ASessionIndex%3E%3C%2Fsamlp%3ALogoutRequest%3E[!http]
> 18:15:14.642363 IP (tos 0x0,
Re: [cas-user] Migrating from file based service registry to DynamoDB service registry.
At least on CAS 5.2.x with a Mongo DB service registry, the way you did it
was:
1. Edit the dependencies in pom.xml and:
1. REMOVE the cas-server-support-json-service-registry dependency
2. ADD the cas-server-support-mongo-service-registry dependency
2. Rebuild the server.
3. Add the Mongo DB service registry configuration properties to
cas.properties.
4. Add the settings to cas.properties to tell it to *initialize* the
service registry from JSON:
cas.serviceRegistry.json.location: file:/etc/cas/services
cas.serviceRegistry.initFromJson: true
5. Start the new server built in Step 2. This should initialize the
service registry from the JSON files and create all the entries in the
Mongo DB service registry. (You only need to start one server; you don't
need to start all of them if you're in a pool.)
6. Use the MongoDB command line shell to check the database and verify
that the service registry entries have been created.
7. Shut down the server.
8. Remove the JSON service registry properties (added in Step 4) from
cas.properties.
9. Restart the server and now you're using a Mongo DB service registry.
10. Don't forget to make the dependency and property changes (Steps 1
and 3) to the management webapp as well.
See here
https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html
for
a more in-depth example.
No guarantees, but my guess is that something similar would/should work for
DynamoDB.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
On Wed, Apr 17, 2019 at 7:04 AM Richard Nicholas <
richardnichola...@gmail.com> wrote:
> I've got a demo cas instance which worked well using JSON service
> registries, but I want to migrate the registry to DynamoDB (among other
> things to deliver a HA solution.)
>
> What's not entirely clear is how I convert the JSON files into objects
> that can be put into the database.
>
> I see there is an id field, which is a string.
>
> I just need to know how a JSON file like below:
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "http://localhost:8080/.*;,
> "name" : "Jenkins",
> "id" : 1,
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
> "allowedAttributes" : [ "java.util.ArrayList", [ "name", "email",
> "groups" ] ]
> }
> }
>
> translates into an item in the dynamoDB table, so I can load in the
> services. I tried to see if loading the default service would cause it to
> be persisted into dynamoDB, but the database stays empty although the
> registry on cas shows one entry.
>
> Using the management console wasn't much help, as it wasn't clear to me
> how I create an object like the above (which also would not import).
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb887d94-d5c2-487c-a319-1cadda92e6c6%40apereo.org
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOyOGAfgOob6SpjLeYOpjPbSQ1aLaBvHUbB0APmKKYQ%3Dg%40mail.gmail.com.
[cas-user] Migrating from file based service registry to DynamoDB service registry.
I've got a demo cas instance which worked well using JSON service
registries, but I want to migrate the registry to DynamoDB (among other
things to deliver a HA solution.)
What's not entirely clear is how I convert the JSON files into objects that
can be put into the database.
I see there is an id field, which is a string.
I just need to know how a JSON file like below:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "http://localhost:8080/.*;,
"name" : "Jenkins",
"id" : 1,
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "name", "email",
"groups" ] ]
}
}
translates into an item in the dynamoDB table, so I can load in the
services. I tried to see if loading the default service would cause it to
be persisted into dynamoDB, but the database stays empty although the
registry on cas shows one entry.
Using the management console wasn't much help, as it wasn't clear to me how
I create an object like the above (which also would not import).
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb887d94-d5c2-487c-a319-1cadda92e6c6%40apereo.org.
