Re: [cas-user] Redirection after authentication from https to http
Hi,
In fact, I meant that you should set the *Proxy* in a specific
JDKHttpClientConfig and instantiate a specific JDKHttpClient with that.
Instead of using it directly for the *HttpURLConnection*.
This may not be possible though... I haven't tested it...
Thanks.
Best regards,
Jérôme
Le mar. 15 sept. 2020 à 18:28, Joe Manavalan a
écrit :
> Hi Jerome,
>
> For some reason
> com.github.scribejava.core.httpclient.jdk.JDKHttpClient.java is not using
> the proxy from jvm arguments even though the arguments are reaching the
> class.
>
> Finally when I explicitly use a proxy in the connection, everything
> works. Do you think this is the right approach ? Or am I missing any
> properties which is causing the client not to use proxy ?
>
> final Proxy proxy = new Proxy(Proxy.Type.HTTP, new
> InetSocketAddress("proxy", 80));
> final HttpURLConnection connection = (HttpURLConnection) new
> URL(completeUrl).openConnection(proxy);
>
> Thanks again for your tips.
> Joe
>
> On Thursday, September 10, 2020 at 1:06:01 AM UTC-5 leleuj wrote:
>
>> Hi,
>>
>> pac4j relies on ScribeJava to handle the OAuth protocol communications.
>> This library itself relies on an internal HTTP client for HTTP calls: by
>> default, it's the JDKHttpClient.
>> And you can set a Proxy at this level. But this must be done
>> programmatically.
>> You should put some breakpoint in the OAuth20Authenticator.
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> Le jeu. 10 sept. 2020 à 05:30, Joe Manavalan a
>> écrit :
>>
>>> Unfortunately I did not get any additional logs from either of the
>>> packages.
>>>
>>> On Wednesday, September 9, 2020 at 5:45:55 AM UTC-5 leleuj wrote:
>>>
Hi,
You should turn on DEBUG logs on org.pac4j and com.github.scribejava.
Thanks.
Best regards,
Jérôme
Le mer. 9 sept. 2020 à 06:42, Joe Manavalan a
écrit :
>
> Hi Jerome,
> Are there any logs we can get to see the timed out request url?
> btw I tried adding the proxy host and port as jvm arguments with the
> same connection timed out error.
>
> Thanks
> Joe
> On Tuesday, September 8, 2020 at 7:49:32 PM UTC-5 Joe Manavalan wrote:
>
>>
>> HiJerome,
>>
>> It appears that the token server cannot be reached directly but has
>> to go via a proxy.
>> Is there a property in cas to specify the proxy url and port ? or
>> this has to be a network settings on the server ?
>>
>> Thanks
>> Joe
>> On Tuesday, September 8, 2020 at 1:00:12 AM UTC-5 leleuj wrote:
>>
>>> Hi,
>>>
>>> During the authentication process, CAS via pac4j tries to directly
>>> contact the identity provider to retrieve the access token.
>>> The "connection timeout" means that the identity provider is not
>>> directly reachable from the CAS server. Maybe a mismatch in the URL
>>> definition or a proxy setting on the CAS server.
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> Le mar. 8 sept. 2020 à 03:34, Joe Manavalan a
>>> écrit :
>>>
Hi Jerome,
For testing I set up the server name as the url. And now I have the
redirect url coming correctly but its timing out when getting
authentication Object. since the error is from pac4j, I also posted a
message in pac4j group too..
Following is the trace from log. Would it help trying a different
version of pac4j ?
2020-09-07 18:47:30,765 DEBUG
[org.springframework.security.web.FilterChainProxy] -
>>> reached end of additional filter chain; proceeding with original chain>
2020-09-07 18:47:30,772 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - >>> "/codesESSO/login/a204264-CodesESSO_DevDomain?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8",
parameters={masked}>
2020-09-07 18:47:30,774 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
- >>> org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String,
HttpServletRequest, HttpServletResponse)>
2020-09-07 18:47:30,775 DEBUG
[org.apereo.cas.web.BaseDelegatedAuthenticationController] - >>> a
response for client [a204264-CodesESSO_DevDomain], redirecting the
login
flow [
https://mycompanydomain.com:8445/codesESSO/login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain
]>
2020-09-07 18:47:30,786 DEBUG
[org.springframework.web.servlet.view.RedirectView] - >>> [RedirectView],
model {}>
2020-09-07 18:47:30,787 DEBUG
[org.springframework.security.web.context.HttpSessionSecurityContextRepository]
- >>> not be
>
Re: [cas-user] Redirection after authentication from https to http
Hi Jerome,
For some reason
com.github.scribejava.core.httpclient.jdk.JDKHttpClient.java is not using
the proxy from jvm arguments even though the arguments are reaching the
class.
Finally when I explicitly use a proxy in the connection, everything works.
Do you think this is the right approach ? Or am I missing any properties
which is causing the client not to use proxy ?
final Proxy proxy = new Proxy(Proxy.Type.HTTP, new
InetSocketAddress("proxy", 80));
final HttpURLConnection connection = (HttpURLConnection) new
URL(completeUrl).openConnection(proxy);
Thanks again for your tips.
Joe
On Thursday, September 10, 2020 at 1:06:01 AM UTC-5 leleuj wrote:
> Hi,
>
> pac4j relies on ScribeJava to handle the OAuth protocol communications.
> This library itself relies on an internal HTTP client for HTTP calls: by
> default, it's the JDKHttpClient.
> And you can set a Proxy at this level. But this must be done
> programmatically.
> You should put some breakpoint in the OAuth20Authenticator.
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 10 sept. 2020 à 05:30, Joe Manavalan a
> écrit :
>
>> Unfortunately I did not get any additional logs from either of the
>> packages.
>>
>> On Wednesday, September 9, 2020 at 5:45:55 AM UTC-5 leleuj wrote:
>>
>>> Hi,
>>>
>>> You should turn on DEBUG logs on org.pac4j and com.github.scribejava.
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> Le mer. 9 sept. 2020 à 06:42, Joe Manavalan a
>>> écrit :
>>>
Hi Jerome,
Are there any logs we can get to see the timed out request url?
btw I tried adding the proxy host and port as jvm arguments with the
same connection timed out error.
Thanks
Joe
On Tuesday, September 8, 2020 at 7:49:32 PM UTC-5 Joe Manavalan wrote:
>
> HiJerome,
>
> It appears that the token server cannot be reached directly but has to
> go via a proxy.
> Is there a property in cas to specify the proxy url and port ? or this
> has to be a network settings on the server ?
>
> Thanks
> Joe
> On Tuesday, September 8, 2020 at 1:00:12 AM UTC-5 leleuj wrote:
>
>> Hi,
>>
>> During the authentication process, CAS via pac4j tries to directly
>> contact the identity provider to retrieve the access token.
>> The "connection timeout" means that the identity provider is not
>> directly reachable from the CAS server. Maybe a mismatch in the URL
>> definition or a proxy setting on the CAS server.
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> Le mar. 8 sept. 2020 à 03:34, Joe Manavalan a
>> écrit :
>>
>>> Hi Jerome,
>>>
>>> For testing I set up the server name as the url. And now I have the
>>> redirect url coming correctly but its timing out when getting
>>> authentication Object. since the error is from pac4j, I also posted a
>>> message in pac4j group too..
>>>
>>> Following is the trace from log. Would it help trying a different
>>> version of pac4j ?
>>>
>>>
>>> 2020-09-07 18:47:30,765 DEBUG
>>> [org.springframework.security.web.FilterChainProxy] -
>>> >>
>>> reached end of additional filter chain; proceeding with original chain>
>>> 2020-09-07 18:47:30,772 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet] - >> "/codesESSO/login/a204264-CodesESSO_DevDomain?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8",
>>>
>>> parameters={masked}>
>>> 2020-09-07 18:47:30,774 DEBUG
>>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>>>
>>> - >> org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String,
>>>
>>> HttpServletRequest, HttpServletResponse)>
>>> 2020-09-07 18:47:30,775 DEBUG
>>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - >> a
>>> response for client [a204264-CodesESSO_DevDomain], redirecting the
>>> login
>>> flow [
>>> https://mycompanydomain.com:8445/codesESSO/login?code=Fvyu6ywosaL8ym8wbzsdjBWy23mu__38eEgzxxse&state=TST-4-RfkeExouV9CAQXsjUlhRAXgZ84QdVGF8&client_name=a204264-CodesESSO_DevDomain
>>> ]>
>>> 2020-09-07 18:47:30,786 DEBUG
>>> [org.springframework.web.servlet.view.RedirectView] - >> [RedirectView],
>>> model {}>
>>> 2020-09-07 18:47:30,787 DEBUG
>>> [org.springframework.security.web.context.HttpSessionSecurityContextRepository]
>>>
>>> - >> not be
>>> stored in HttpSession.>
>>> 2020-09-07 18:47:30,787 DEBUG
>>> [org.springframework.web.servlet.DispatcherServlet] - >> FOUND>
>>> 2020-09-07 18:47:30,787 DEBUG
>>> [org.springframework.security.web.access.ExceptionTranslationFilter] -
>>>
>>> 2020-09-07 18:47:30,788 DEBUG
>>> [org.springframework.security.web.context.SecurityContextPersistenceFilter]
>>>
[cas-user] Select SMS or Email method on Single MFA (mfa-simple)
Hello, I have configured mfa-simple, and it works both sms method and e-mail method. is there any way to select sms or email method based on principal atrribute? cas.authn.accept.users=xx:yy cas.authn.attributeRepository.stub.attributes.home=*a* for example, if "home" attribute is equal to "a", then select *sms*. if not, the select *email*. thanks. (ps: i am using 6.2.0 cas overlay template) -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eddb4fef-7831-4801-898d-dd0b4474cdbao%40apereo.org.
[cas-user] CAS 6.2.x tickets meters and counters
Hello, With 5.3.x version, we can get from "/cas/status/metrics" some TGT and PGT statistics ( for example, CREATE_TICKET_GRANTING_TICKET_METER-m1_rate and CREATE_TICKET_GRANTING_TICKET_COUNTER-count ). We couldn't find these in /cas/actuator/metrics ( CAS 6.2.x ). Any suggestion to get them back ? Regards. Jerome NENERT. Service Systèmes et Réseaux. Direction des systèmes d'information. Université Panthéon-Assas ( Paris 2 ) -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5db0ade0-0324-44df-5e1b-f2b9640a4a4b%40u-paris2.fr.
Re: [cas-user] [CAS As Authorization Server Problem]
On 2020-09-14 17:57, Ray Bon wrote:
Nguyen,
Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F
Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login
Ray
Hi!
I should not write stuff on mondays.
If URL-Encoding is needed, then rather use curl for it:
curl --get --insecure
"https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize";
--data-urlencode "response_type=code" --data-urlencode
"clientid=clientid" --data-urlencode 'redirect_uri=https://hello.*'
That should make sure everything is properly encoded.
Otherwise, it might be a hiccup in CAS itself as was already mentioned.
Since you get an answer, network stuff should not be a direct issue, imho.
Best regards,
Sven Specker
--
__
*** Sven Specker -- University of Frankfurt Computing Center ***
*** UNIX System Administration (Auth/IDM)
* spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
**
__
Johann Wolfgang Goethe Universitaet
- Hochschulrechenzentrum -
Theodor W. Adorno-Platz 1 (PA-1P16)
D-60323 Frankfurt/Main
__
__ TeX-users do it in {groups}
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2f176693-0dc4-770d-6423-397aa2173b48%40rz.uni-frankfurt.de.
smime.p7s
Description: S/MIME Cryptographic Signature
