date:20200708

Re: [cas-user] Re: Issue with cas 6 password managenment

2020-07-08 Thread indiandefence

SHA is pretty simple algorithm, but weak too, if you are testing its fine,
but not good for production.
Yes, you should give a try with 636 and as new browsers are pushing towards
https, using encrypted connection should become default.



On Wed, Jul 8, 2020 at 8:27 PM arti wavale  wrote:

> Hello root,
>
> Thanks for quick response
>
> i have used SHA format for LDAP password.
>
> and also tried below properties in cas.properties file but still problem
> is same which is "could not update account password"
>
> # LDAP Password Encoding
> cas.authn.ldap[0].passwordEncoder.type=DEFAULT
> cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8
> cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA
>
> I have a one doubt, right now I am using simple ldap database connection
> means url=ldap://localhost:389 so is it a reason password management not
> working?
> is there any complusion to use ssl ldap connection means
> url=ldaps://localhost:636 then and oly then password management work?
>
> Thanks and Regards
> Arti
>
> On Wednesday, July 8, 2020 at 5:10:33 PM UTC+5:30, Root wrote:
>>
>> Log is too much, but i can see the error is related  to storing the LDAP
>> password type, what type of algorithm is used to store password?, (SSHA
>> ,SHA-512, scrypt, MD5.etc) and the character encoding, the default
>> should be UTF-8
>>
>> Try to keep default and try or just don't specify too much variables
>> relating to this  in the cas properties.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Wednesday, July 8, 2020 at 10:03:18 AM UTC+5:30 arti wavale wrote:
>>
>>> Hello,
>>>
>>> I am providing cas.log file, please once check it and if got any idea to
>>> resolve password managemnt problem then please guide me
>>>
>>> On Tuesday, June 23, 2020 at 4:01:08 PM UTC+5:30, Root wrote:


 OK, but what about the logs?, looking at logs you can get some hint,
 have you enabled CAS debug mode  ( )  in cas-log4j2.xml
 file?, and also in your LDAP server some option to enable debug/verbose
 mode,  after enable and restarting the services,  tail both the logs and
 try to change the LDAP password, and see what error you get in logs.




 On Tuesday, June 23, 2020 at 2:28:14 PM UTC+5:30, arti wavale wrote:
>
> Hello Root,
>
> First of all,
> Thank you so much for your reply..
>
> I'm using CAS v5.2 in which I have used "cas.authn.pm.ldap.userFilter=
> cn={user}" in cas.properties file. The userFilter attribute was
> renamed to searchFilter in CAS v5.3 but Still I have tried "
> cas.authn.pm.ldap.searchFilter=cn={user}" in cas.properties file and
> check it but same error occurred.
>
> Thanks and Regards
> Arti
>
> On Tuesday, June 23, 2020 at 11:58:16 AM UTC+5:30, Root wrote:
>>
>>
>> @Arthi,
>>
>> Have you included "cas.authn.pm.ldap.searchFilter=cn={user}"  in
>> cas.properties?, and you should enable debug mode in both CAS and LDAP
>> server side and check both logs to get more detail.
>>
>>
>>
>>
>>
>> On Tuesday, June 23, 2020 at 11:14:12 AM UTC+5:30, arti wavale wrote:
>>>
>>> All detail information provided in a document . Please find the
>>> attachment
>>>
>>> I am facing error such as "could not update the account password "
>>>
>>> If anyone can help to resolve this issue
>>>
>>>
>>> -
>>>
>>> *Pom.xml:*
>>> org.apereo.cas
>>> cas-server-support-pm-ldap
>>> ${cas.version}
>>>
>>>
>>>
>>>
>>>
>>> 
>>> 
>>> 
>>> 
>>>
>>> *cas.properties:*
>>>
>>>
>>> cas.authn.accept.users= cas.authn.ldap[0].order=0 
>>> cas.authn.ldap[0].name=LDAP
>>> Server cas.authn.ldap[0].type=AUTHENTICATED
>>> cas.authn.ldap[0].ldapUrl=ldap://localhost
>>> cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false
>>> cas.authn.ldap[0].connectTimeout=5
>>> cas.authn.ldap[0].subtreeSearch=true
>>> cas.authn.ldap[0].validatePeriod=270
>>> cas.authn.ldap[0].userFilter=cn={user}
>>> #cas.authn.ldap[0].userFilter=(|(uid={user})(cn={user})(mail={user}))
>>> cas.authn.ldap[0].baseDn=dc=example,dc=com
>>> #cas.authn.ldap[0].enhanceWithEntryResolver=true
>>> #cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com
>>> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com
>>> cas.authn.ldap[0].bindCredential=administrator
>>> cas.authn.ldap[0].enhanceWithEntryResolver=true
>>> cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com
>>> cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail
>>> cas.authn.ldap[0].collectDnAttribute=false
>>>
>>>
>>> cas.authn.ldap[0].principalAttributeId=cncas.authn.ldap[0].principalAttributePassword=userPassword#

Re: [cas-user] cas-managent app again.

2020-07-08 Thread Ray Bon

Bryan,

That message means that you have added those properties to your config but they 
do not exist.

The link that Molly Kewl provided shows all variables that can be set at 
mgmt.xxx
Notice versionControl is a class, so properties there will be, 
mgmt.versionControl.xxx

Finally, case matters for variable names; userReposDir != userreposdir

Ray

On Wed, 2020-07-08 at 14:16 -0600, Bryan Wooten wrote:
So when we load the app on the same Tomcat as the CAS server itself we get this 
error:

***
APPLICATION FAILED TO START
***

Description:

Binding to target [Bindable@1471d5e6 type = 
org.apereo.cas.configuration.CasManagementConfigurationProperties, value = 'pro
vided', annotations = 
array[@org.springframework.boot.context.properties.ConfigurationProperties(ignoreInvalidF
ields=false, ignoreUnknownFields=false, prefix=mgmt, value=mgmt)]] failed:

Property: mgmt.enabledelegatedmgmt
Value: false
Origin: "mgmt.enableDelegatedMgmt" from property source 
"bootstrapProperties"
Reason: The elements 
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
 were left
 unbound.
Property: mgmt.enableversioncontrol
Value: false
Origin: "mgmt.enableVersionControl" from property source 
"bootstrapProperties"
Reason: The elements 
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
 were left
 unbound.
Property: mgmt.servicesrepo
Value: /etc/cas/config/services/servicesRepo
Origin: "mgmt.servicesRepo" from property source "bootstrapProperties"
Reason: The elements 
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
 were left
 unbound.
Property: mgmt.userreposdir
Value: /etc/cas/config/userRepo
Origin: "mgmt.userreposdir" from property source "bootstrapProperties"
Reason: The elements 
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
 were left
 unbound.

Action:

Update your application's configuration

We have tried adding unbound to management.properties, adding directly to 
bootstrap.properties in the exploded war file and putting a copy of 
bootstrap.properties in /etc/cas/config.

But I always get the error.

We are building the Master branch from: 
https://github.com/apereo/cas-management-overlay/

Any help appreciated.

-Bryan

University of Utah

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e45ed68907667665d5ec6ceb0e5cb193091e3423.camel%40uvic.ca.

Re: [cas-user] Is it possible to use different delegated authentication for different services?

2020-07-08 Thread 'Molly Kewl' via CAS Community

https://apereo.github.io/2019/02/25/cas61-delegate-authn-saml2-idp/#identity-provider-authorization

‐‐‐ Original Message ‐‐‐
On Wednesday, July 8, 2020 12:00 AM, Mark Klinchin  wrote:

> Hi there,
>
> Does anyone knows whether it is possible to use different delegated 
> authentication for different services? For example, when accessing CAS as 
> https://cas.company.com/cas/login?service=https://app-abc.company.com CAS 
> login page will display Office 365 and Twitter buttons but when accessing CAS 
> as https://cas.company.com/cas/login?service=https://app-dfe.company.com CAS 
> login page will display Okta and Facebook buttons?
>
> It sort of works for LDAP authentication when it is possible to limit LDAP 
> connect to pattern entered to the user field such as one LDAP will check 
> checked for u...@company-abc.com and another one for u...@company-cde.com . 
> It is not exactly the same but service-based filtering of delegated auth 
> buttons looks like a good option when there are different authentication 
> realms for different apps or companies.
>
> Thank you,
> Mark
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> [https://groups.google.com/a/apereo.org/d/msgid/cas-user/65f94e2c-a075-4e3c-b84f-f89f11422e90o%40apereo.org](https://groups.google.com/a/apereo.org/d/msgid/cas-user/65f94e2c-a075-4e3c-b84f-f89f11422e90o%40apereo.org?utm_medium=email_source=footer).

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7QrqnbX3fPz1iqoAVAwvtWpuXvmIovGyr2osrZJGXBssoG-pzb_9TGbGGsc2g8QnkwvqcQVH0IfaWcGIuthQ3FPUWlbpswqzljOdWDnv8TY%3D%40protonmail.com.

Re: [cas-user] cas-managent app again.

2020-07-08 Thread 'Molly Kewl' via CAS Community

Check 
https://github.com/apereo/cas-management/blob/master/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java

‐‐‐ Original Message ‐‐‐
On Thursday, July 9, 2020 12:46 AM, Bryan Wooten  wrote:

> So when we load the app on the same Tomcat as the CAS server itself we get 
> this error:
>
> ***
> APPLICATION FAILED TO START
> ***
>
> Description:
>
> Binding to target [Bindable@1471d5e6 type = 
> org.apereo.cas.configuration.CasManagementConfigurationProperties, value = 
> 'pro
> vided', annotations = 
> array[@org.springframework.boot.context.properties.ConfigurationProperties(ignoreInvalidF
> ields=false, ignoreUnknownFields=false, prefix=mgmt, value=mgmt)]] failed:
>
> Property: mgmt.enabledelegatedmgmt
> Value: false
> Origin: "mgmt.enableDelegatedMgmt" from property source "bootstrapProperties"
> Reason: The elements 
> [mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
>  were left
> unbound.
> Property: mgmt.enableversioncontrol
> Value: false
> Origin: "mgmt.enableVersionControl" from property source "bootstrapProperties"
> Reason: The elements 
> [mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
>  were left
> unbound.
> Property: mgmt.servicesrepo
> Value: /etc/cas/config/services/servicesRepo
> Origin: "mgmt.servicesRepo" from property source "bootstrapProperties"
> Reason: The elements 
> [mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
>  were left
> unbound.
> Property: mgmt.userreposdir
> Value: /etc/cas/config/userRepo
> Origin: "mgmt.userreposdir" from property source "bootstrapProperties"
> Reason: The elements 
> [mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
>  were left
> unbound.
>
> Action:
>
> Update your application's configuration
>
> We have tried adding unbound to management.properties, adding directly to 
> bootstrap.properties in the exploded war file and putting a copy of 
> bootstrap.properties in /etc/cas/config.
>
> But I always get the error.
>
> We are building the Master branch from: 
> https://github.com/apereo/cas-management-overlay/
>
> Any help appreciated.
>
> -Bryan
>
> University of Utah
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> [https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GW96WP21GoC5yDQYMht%3D-z%2BLD4591-6E24rYgWzT1tomg%40mail.gmail.com](https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GW96WP21GoC5yDQYMht%3D-z%2BLD4591-6E24rYgWzT1tomg%40mail.gmail.com?utm_medium=email_source=footer).

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CRrD5t0AB-6KC_MC1QoqOwauJoHfDZ-twgLGRNaEzwv7r2B_13lQoQxNdjmyjeyHuD1VBrgmNAWUBiAUmPdjOWgRUC8uHBNdef5omSkIRhA%3D%40protonmail.com.

[cas-user] cas-managent app again.

2020-07-08 Thread Bryan Wooten

So when we load the app on the same Tomcat as the CAS server itself we get
this error:

***
APPLICATION FAILED TO START
***

Description:

Binding to target [Bindable@1471d5e6 type =
org.apereo.cas.configuration.CasManagementConfigurationProperties, value =
'pro
vided', annotations =
array[@org.springframework.boot.context.properties.ConfigurationProperties(ignoreInvalidF
ields=false, ignoreUnknownFields=false, prefix=mgmt, value=mgmt)]] failed:

Property: mgmt.enabledelegatedmgmt
Value: false
Origin: "mgmt.enableDelegatedMgmt" from property source
"bootstrapProperties"
Reason: The elements
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
were left
 unbound.
Property: mgmt.enableversioncontrol
Value: false
Origin: "mgmt.enableVersionControl" from property source
"bootstrapProperties"
Reason: The elements
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
were left
 unbound.
Property: mgmt.servicesrepo
Value: /etc/cas/config/services/servicesRepo
Origin: "mgmt.servicesRepo" from property source "bootstrapProperties"
Reason: The elements
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
were left
 unbound.
Property: mgmt.userreposdir
Value: /etc/cas/config/userRepo
Origin: "mgmt.userreposdir" from property source "bootstrapProperties"
Reason: The elements
[mgmt.enabledelegatedmgmt,mgmt.enableversioncontrol,mgmt.servicesrepo,mgmt.userreposdir]
were left
 unbound.

Action:

Update your application's configuration

We have tried adding unbound to management.properties, adding directly to
bootstrap.properties in the exploded war file and putting a copy of
bootstrap.properties in /etc/cas/config.

But I always get the error.

We are building the Master branch from:
https://github.com/apereo/cas-management-overlay/

Any help appreciated.

-Bryan

University of Utah

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GW96WP21GoC5yDQYMht%3D-z%2BLD4591-6E24rYgWzT1tomg%40mail.gmail.com.

Re: [cas-user] CAS 6.1 - Browser Issue

2020-07-08 Thread Ray Bon

Emre,

If you start with private/incognito windows, do you get the same behaviour? It 
is possible that chrome and ie are holding on to prior cas sessions.

Check your cas cookie settings, cas.tgc.xxx. Browsers are becoming more strict 
with the cookie settings.

Not related to browsers, but do you have multiple cas hosts? If so, are your 
cas sessions being shared (ticket storage)?

Try turning up the logging level in cas to see if it provides some clues.

Ray

On Wed, 2020-07-08 at 09:42 -0700, Emre Ermişoğlu wrote:
Hello,

I installed CAS 6.1 and we are currently testing this instance. We are only 
using LDAP and Database authentication. When we test the CAS with Firefox, it 
works fine. After we enter correct credentials, it redirects user to 
applications (Expected behavior).

However when we test it with IE or Chrome, we get a different behavior. After 
entering correct credentials, most of the time , it refreshes the login page 
instead of redirecting user to application and it is not creating any ticket. 
(When I check the logs, I dont see any LDAP connection or Database connection 
).  And when we restart the application server, it works fine for couple tries. 
Then it starts refreshing the login page again.

I dont see any error in the log files. Did anyone have the similar issue? Any 
idea?


Browsers that I use:

Firefox 78.0.1

IE  11.1932.16299.0CO

Chrome  83.0.4103.116



Regards,
Emre

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec0fb306c8d680e046ba6f37ecfa4130bb753811.camel%40uvic.ca.

[cas-user] CAS 6.1 - Browser Issue

2020-07-08 Thread Emre Ermişoğlu

Hello,

I installed CAS 6.1 and we are currently testing this instance. We are only 
using LDAP and Database authentication. When we test the CAS with Firefox, 
it works fine. After we enter correct credentials, it redirects user to 
applications (Expected behavior). 

However when we test it with IE or Chrome, we get a different behavior. 
After entering correct credentials, most of the time , it refreshes the 
login page instead of redirecting user to application and it is not 
creating any ticket. (When I check the logs, I dont see any LDAP connection 
or Database connection ).  And when we restart the application server, it 
works fine for couple tries. Then it starts refreshing the login page 
again. 

I dont see any error in the log files. Did anyone have the similar issue? 
Any idea?


Browsers that I use:

Firefox 78.0.1

IE  11.1932.16299.0CO

Chrome  83.0.4103.116



Regards,
Emre

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/11216b4d-4cb8-4d82-b4cb-40df557fa839o%40apereo.org.

Re: [cas-user] Re: Issue with cas 6 password managenment

2020-07-08 Thread arti wavale

Hello root,

Thanks for quick response

i have used SHA format for LDAP password.

and also tried below properties in cas.properties file but still problem is 
same which is "could not update account password"

# LDAP Password Encoding
cas.authn.ldap[0].passwordEncoder.type=DEFAULT
cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA

I have a one doubt, right now I am using simple ldap database connection 
means url=ldap://localhost:389 so is it a reason password management not 
working?
is there any complusion to use ssl ldap connection means 
url=ldaps://localhost:636 then and oly then password management work?

Thanks and Regards
Arti

On Wednesday, July 8, 2020 at 5:10:33 PM UTC+5:30, Root wrote:
>
> Log is too much, but i can see the error is related  to storing the LDAP 
> password type, what type of algorithm is used to store password?, (SSHA 
> ,SHA-512, scrypt, MD5.etc) and the character encoding, the default 
> should be UTF-8
>
> Try to keep default and try or just don't specify too much variables 
> relating to this  in the cas properties.
>
>
>
>
>
>
>
>
>
>
> On Wednesday, July 8, 2020 at 10:03:18 AM UTC+5:30 arti wavale wrote:
>
>> Hello,
>>
>> I am providing cas.log file, please once check it and if got any idea to 
>> resolve password managemnt problem then please guide me
>>
>> On Tuesday, June 23, 2020 at 4:01:08 PM UTC+5:30, Root wrote:
>>>
>>>
>>> OK, but what about the logs?, looking at logs you can get some hint,  
>>> have you enabled CAS debug mode  ( )  in cas-log4j2.xml 
>>> file?, and also in your LDAP server some option to enable debug/verbose 
>>> mode,  after enable and restarting the services,  tail both the logs and 
>>> try to change the LDAP password, and see what error you get in logs.
>>>
>>>
>>>
>>>
>>> On Tuesday, June 23, 2020 at 2:28:14 PM UTC+5:30, arti wavale wrote:

 Hello Root,

 First of all,
 Thank you so much for your reply..

 I'm using CAS v5.2 in which I have used "cas.authn.pm.ldap.userFilter=
 cn={user}" in cas.properties file. The userFilter attribute was 
 renamed to searchFilter in CAS v5.3 but Still I have tried "
 cas.authn.pm.ldap.searchFilter=cn={user}" in cas.properties file and 
 check it but same error occurred.

 Thanks and Regards
 Arti

 On Tuesday, June 23, 2020 at 11:58:16 AM UTC+5:30, Root wrote:
>
>
> @Arthi,
>
> Have you included "cas.authn.pm.ldap.searchFilter=cn={user}"  in 
> cas.properties?, and you should enable debug mode in both CAS and LDAP 
> server side and check both logs to get more detail.
>
>
>
>
>
> On Tuesday, June 23, 2020 at 11:14:12 AM UTC+5:30, arti wavale wrote:
>>
>> All detail information provided in a document . Please find the 
>> attachment
>>
>> I am facing error such as "could not update the account password "
>>
>> If anyone can help to resolve this issue
>>
>>
>> -
>>
>> *Pom.xml:*
>> org.apereo.cas
>> cas-server-support-pm-ldap
>> ${cas.version}
>>
>>
>>
>>
>>
>>  
>>  
>>  
>>  
>>
>> *cas.properties:*
>>
>>
>> cas.authn.accept.users= cas.authn.ldap[0].order=0 
>> cas.authn.ldap[0].name=LDAP 
>> Server cas.authn.ldap[0].type=AUTHENTICATED 
>> cas.authn.ldap[0].ldapUrl=ldap://localhost 
>> cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false 
>> cas.authn.ldap[0].connectTimeout=5 
>> cas.authn.ldap[0].subtreeSearch=true 
>> cas.authn.ldap[0].validatePeriod=270 
>> cas.authn.ldap[0].userFilter=cn={user} 
>> #cas.authn.ldap[0].userFilter=(|(uid={user})(cn={user})(mail={user})) 
>> cas.authn.ldap[0].baseDn=dc=example,dc=com 
>> #cas.authn.ldap[0].enhanceWithEntryResolver=true 
>> #cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com 
>> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com 
>> cas.authn.ldap[0].bindCredential=administrator 
>> cas.authn.ldap[0].enhanceWithEntryResolver=true 
>> cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com 
>> cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail 
>> cas.authn.ldap[0].collectDnAttribute=false 
>>
>>
>> cas.authn.ldap[0].principalAttributeId=cncas.authn.ldap[0].principalAttributePassword=userPassword#
>>  attributes to be retrieved from LDAP 
>> userPassword#cas.authn.ldap[0].principalAttributeList=uid,cn,mail#cas.authn.ldap[0].collectDnAttribute=falsecas.authn.ldap[0].principalDnAttributeName=principalLdapDncas.authn.ldap[0].allowMultiplePrincipalAttributeValues=truecas.authn.ldap[0].allowMissingPrincipalAttributeValue=true#
>>  cas.authn.ldap[0].credentialCriteria=# LDAP Password Encoding# 
>>

[cas-user] Apereo CAS - Delegated Authentication to SAML2 Identity Providers callback URL (from Okta)

2020-07-08 Thread Arman Jalili

hello,
i am trying to configure our cas as described in this post:

https://apereo.github.io/2019/02/25/cas61-delegate-authn-saml2-idp/

the problem is ther eis no information on how to config the okta 
application, i found the older similar post:

https://apereo.github.io/2017/03/22/cas51-delauthn-tutorial/

and configuerd my Okta.

i can see the SAML2Client button in user interface, i can click on that, 
and land in okta, when i give my okta cridentials, it redirects me to the 
SSO url : "https://localhost:8443/cas/login?client_name=SAML2Client; which 
is not correct,
i also tried 
"https://localhost:8443/cas/clientredirect?client_name=SAML2Client; 
without any success.

then i wrote a simple saml spring boot app, and it worked with a url 
similar to this: "
http://localhost:8082/sp-app/saml/sp/SSO/alias/sp-entity-id;


does any body have any experience here? 
what is the saml callback url so i can be redirected to cas from an idp and 
read the attributs that are sent from idp (like how misagh did in above 
post)


thanks
arman

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/91d30c7a-b6b3-4660-80e6-7d9aeeba0c68o%40apereo.org.

Re: [cas-user] Re: Issue with cas 6 password managenment

2020-07-08 Thread Root

Log is too much, but i can see the error is related  to storing the LDAP 
password type, what type of algorithm is used to store password?, (SSHA 
,SHA-512, scrypt, MD5.etc) and the character encoding, the default 
should be UTF-8

Try to keep default and try or just don't specify too much variables 
relating to this  in the cas properties.










On Wednesday, July 8, 2020 at 10:03:18 AM UTC+5:30 arti wavale wrote:

> Hello,
>
> I am providing cas.log file, please once check it and if got any idea to 
> resolve password managemnt problem then please guide me
>
> On Tuesday, June 23, 2020 at 4:01:08 PM UTC+5:30, Root wrote:
>>
>>
>> OK, but what about the logs?, looking at logs you can get some hint,  
>> have you enabled CAS debug mode  ( )  in cas-log4j2.xml 
>> file?, and also in your LDAP server some option to enable debug/verbose 
>> mode,  after enable and restarting the services,  tail both the logs and 
>> try to change the LDAP password, and see what error you get in logs.
>>
>>
>>
>>
>> On Tuesday, June 23, 2020 at 2:28:14 PM UTC+5:30, arti wavale wrote:
>>>
>>> Hello Root,
>>>
>>> First of all,
>>> Thank you so much for your reply..
>>>
>>> I'm using CAS v5.2 in which I have used "cas.authn.pm.ldap.userFilter=cn
>>> ={user}" in cas.properties file. The userFilter attribute was renamed 
>>> to searchFilter in CAS v5.3 but Still I have tried "
>>> cas.authn.pm.ldap.searchFilter=cn={user}" in cas.properties file and 
>>> check it but same error occurred.
>>>
>>> Thanks and Regards
>>> Arti
>>>
>>> On Tuesday, June 23, 2020 at 11:58:16 AM UTC+5:30, Root wrote:


 @Arthi,

 Have you included "cas.authn.pm.ldap.searchFilter=cn={user}"  in 
 cas.properties?, and you should enable debug mode in both CAS and LDAP 
 server side and check both logs to get more detail.





 On Tuesday, June 23, 2020 at 11:14:12 AM UTC+5:30, arti wavale wrote:
>
> All detail information provided in a document . Please find the 
> attachment
>
> I am facing error such as "could not update the account password "
>
> If anyone can help to resolve this issue
>
>
> -
>
> *Pom.xml:*
> org.apereo.cas
> cas-server-support-pm-ldap
> ${cas.version}
>
>
>
>
>
>   
>   
>   
>   
>
> *cas.properties:*
>
>
> cas.authn.accept.users= cas.authn.ldap[0].order=0 
> cas.authn.ldap[0].name=LDAP 
> Server cas.authn.ldap[0].type=AUTHENTICATED 
> cas.authn.ldap[0].ldapUrl=ldap://localhost 
> cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false 
> cas.authn.ldap[0].connectTimeout=5 
> cas.authn.ldap[0].subtreeSearch=true 
> cas.authn.ldap[0].validatePeriod=270 
> cas.authn.ldap[0].userFilter=cn={user} 
> #cas.authn.ldap[0].userFilter=(|(uid={user})(cn={user})(mail={user})) 
> cas.authn.ldap[0].baseDn=dc=example,dc=com 
> #cas.authn.ldap[0].enhanceWithEntryResolver=true 
> #cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com 
> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com 
> cas.authn.ldap[0].bindCredential=administrator 
> cas.authn.ldap[0].enhanceWithEntryResolver=true 
> cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com 
> cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail 
> cas.authn.ldap[0].collectDnAttribute=false 
>
>
> cas.authn.ldap[0].principalAttributeId=cncas.authn.ldap[0].principalAttributePassword=userPassword#
>  attributes to be retrieved from LDAP 
> userPassword#cas.authn.ldap[0].principalAttributeList=uid,cn,mail#cas.authn.ldap[0].collectDnAttribute=falsecas.authn.ldap[0].principalDnAttributeName=principalLdapDncas.authn.ldap[0].allowMultiplePrincipalAttributeValues=truecas.authn.ldap[0].allowMissingPrincipalAttributeValue=true#
>  cas.authn.ldap[0].credentialCriteria=# LDAP Password Encoding# 
> cas.authn.ldap[0].passwordEncoder.type=# 
> cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8# 
> cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA# LDAP 
> Poolingcas.authn.ldap[0].minPoolSize=3cas.authn.ldap[0].maxPoolSize=50cas.authn.ldap[0].validateOnCheckout=truecas.authn.ldap[0].validatePeriodically=truecas.authn.ldap[0].validatePeriod=600cas.authn.ldap[0].failFast=truecas.authn.ldap[0].idleTime=5000cas.authn.ldap[0].prunePeriod=5000cas.authn.ldap[0].blockWaitTime=5000
> cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvidercas.authn.ldap[0].allowMultipleDns=false
>
>
>
>
> #Password Management
>

Re: [cas-user] Re: Issue with cas 6 password managenment

Re: [cas-user] cas-managent app again.

Re: [cas-user] Is it possible to use different delegated authentication for different services?

Re: [cas-user] cas-managent app again.

[cas-user] cas-managent app again.

Re: [cas-user] CAS 6.1 - Browser Issue

[cas-user] CAS 6.1 - Browser Issue

Re: [cas-user] Re: Issue with cas 6 password managenment

[cas-user] Apereo CAS - Delegated Authentication to SAML2 Identity Providers callback URL (from Okta)

Re: [cas-user] Re: Issue with cas 6 password managenment

10 matches

Site Navigation

Mail list logo

Footer information