[cas-user] Re: CAS 5.1.X - In Delegated authentication mode, 'service' is coming as null from the session

2023-08-10 Thread Sanjay Semwal 
To add more to it. i have been getting the below pop-up for quite some time 
intermittently when i get response back from Delegated authentication. Any 
help would be highly appreciated.

[image: Screenshot 2023-08-10 at 3.45.12 PM.png]

Thanks
Sanjay 

On Friday, June 9, 2023 at 9:01:44 PM UTC-7 sanjay...@rez1.mygbiz.com wrote:

Hello there, 
I am using CAS 5.1.X, and facing this problem intermittently. Can you 
please suggest some solution?

In my case CAS is working as SP in delegated auth mode  and Azure is as 
IDP.  So when authentication is done on Azure, i get the SAML response. 
After that the control flow goes to CAS library class 
"DelegatedClientAuthenticationAction" where it tries to fetch "service" 
from the session,  which is coming as null object.
Here is the code fragment from DelegatedClientAuthenticationAction: - 

--
// retrieve parameters from web session
final Service service = (Service) session.getAttribute(CasProtocolConstants.
PARAMETER_SERVICE);
context.getFlowScope().put(CasProtocolConstants.PARAMETER_SERVICE, service);
LOGGER.debug("Retrieve service: [{}]", service);


Any help would be appreciated on this. 

Thanks
Sanjay 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2b62e3c2-9c34-4ef2-acb9-c6c57c4dce38n%40apereo.org.

[cas-user] Re: CAS 5.1.X - In Delegated authentication mode, 'service' is coming as null from the session

2023-08-10 Thread Sanjay Semwal 
To add bit more to it; intermittently I have been getting the issue related 
to redirection in delegated authentication mode in CAS version 5.1.x. Pls 
see popup message attached. 
I am observing it coming more frequently in chrome than any other browser.

Any help would be highly appreciated.

Thanks
Sanjay

On Friday, June 9, 2023 at 9:01:44 PM UTC-7 sanjay...@rez1.mygbiz.com wrote:

> Hello there, 
> I am using CAS 5.1.X, and facing this problem intermittently. Can you 
> please suggest some solution?
>
> In my case CAS is working as SP in delegated auth mode  and Azure is as 
> IDP.  So when authentication is done on Azure, i get the SAML response. 
> After that the control flow goes to CAS library class 
> "DelegatedClientAuthenticationAction" where it tries to fetch "service" 
> from the session,  which is coming as null object.
> Here is the code fragment from DelegatedClientAuthenticationAction: - 
>
> --
> // retrieve parameters from web session
> final Service service = (Service) 
> session.getAttribute(CasProtocolConstants.PARAMETER_SERVICE);
> context.getFlowScope().put(CasProtocolConstants.PARAMETER_SERVICE, 
> service);
> LOGGER.debug("Retrieve service: [{}]", service);
> 
>
> Any help would be appreciated on this. 
>
> Thanks
> Sanjay 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fed751a6-0a64-4b94-ac36-ddb70018b80cn%40apereo.org.

[cas-user] CAS 7.0 potential release and when SPM 6.5, 6.6 will be EoL

2023-08-10 Thread John Bergant 
I'm looking at staying within the SPM for CAS. I'm a bit nervous as the EoL 
for 6.5.x is slated for the end of December. It looks like 7.0.0-RC9 is 
slated for 12/22. Is there any plans for extending the 6.6.x SPM date? How 
many releases are generally left in SPM after a new version of CAS is 
released?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a7db1281-a2c1-4673-89f8-15ac4d31e1a2n%40apereo.org.

[cas-user] who are using CAS, where can I find this?

2023-08-10 Thread Yan Zhou 
Hi there,

My organization is asking: who are using CAS out there?  that is one of the 
key factors for commercial companies to consider for adoption.

several years ago, we had a survey on this, is there a recent survey?  the 
survey I mentioned listed industries such as university, healthcare, etc., 
but did not have any specific names. I understand that companies may not 
want others to know they are using CAS for various reasons, but, do we have 
a sample of companies/organizations using CAS in production from different 
industries/sectors?

thanks,
yan

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f247cf63-0a55-45b0-9e34-00b82f1d5df8n%40apereo.org.

Re: [cas-user] login with valid service but not getting ticket query parameter on redirect

2023-08-10 Thread Pablo Vidaurri 
Thanks Ray, I owe you a case of what ever your vice is by now.

In retrospect it makes sense now. The service ticket was being searched for 
in the requestScope as the log reflects:
2023-08-08 15:25:26,057 DEBUG 
[org.apereo.cas.web.flow.GenerateServiceTicketAction] - https://localhost:8443] and added it to the 
request scope>

Since I was redirecting the user to a view, this triggered a new request 
which would lose the request scope including the service ticket.

So, right before I redirect the user to the view, I saved the requestScope 
object into flowScope, then after action was taken in the view I triggered 
another action that would put the temp requestScope object from the 
flowScope back into requestScope and finally removed the temp requestScope 
object from flowScope.

-psv

On Wednesday, August 9, 2023 at 9:09:00 PM UTC-5 Ray Bon wrote:

> Pablo,
>
>
> There are a number of maps associated with the web flow. 
> You can put to one of the maps, if needed. From your action class you can 
> see their contents:
>
> // authn attributes contains encrypted credential
> // LOGGER.debug("auth attribs Map: " + 
> WebUtils.getAuthentication(requestContext).getAttributes());
> // printMap("attributes Map", requestContext.getAttributes().asMap());
> // printMap("conversation Map", 
> requestContext.getConversationScope().asMap());
> // printMap("flash Map", requestContext.getFlashScope().asMap());
> // printMap("flow scope Map", requestContext.getFlowScope().asMap());
> // printMap("request Map", requestContext.getRequestScope().asMap());
> // printMap("parameter Map", 
> requestContext.getRequestParameters().asMap());
>
>
> private void printMap(String identifier, Map mam) {
> LOGGER.trace(identifier + ": [" + mam.keySet().size() + "]:");
> for (String key : mam.keySet()) {
> LOGGER.trace("\t" + key + " : " + mam.get(key));
> }
> }
>
> Ray
>
> On Wed, 2023-08-09 at 17:23 -0700, Pablo Vidaurri wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information.
>
> It looks like I'm losing the request scope, or at least the service 
> ticket: 
>
>
> 2023-08-08 15:25:26,057 DEBUG 
> [org.apereo.cas.web.flow.GenerateServiceTicketAction] -  ticket [ST-2-9u96HVcbf8-https://localhost:8443] and added it to 
> the request scope>
> 2023-08-08 15:25:26,057 DEBUG [org.apereo.cas.web.flow.MyCustomAction] - 
> 
> ...
> 2023-08-08 15:25:27,186 DEBUG 
> [org.apereo.cas.web.flow.actions.RedirectToServiceAction] -  service ticket [null] from the context>
>
> Inside MyCustomAction.java, I can confirm I have a requestScope with ST. 
> My customAction will trigger a redirect to a view. After my view it seems I 
> lose the ST.
>
> Do I need to pass my requestscope or ST along with my form inside my view 
> via an input form parameter?
>
> -psv
>
>
> On Wednesday, August 9, 2023 at 2:50:18 PM UTC-5 Pablo Vidaurri wrote:
>
> Hi Ray, looks to be a self inflicted issue.
>
> We have a custom login webflow and have injected as view between 
> generateServiceTicket and Redirect action/view states. When I disable this 
> custom step all works fine. I haven't been able to trace my issue but it is 
> my issue.
>
> -psv
>
> On Thursday, August 3, 2023 at 9:24:17 AM UTC-5 Ray Bon wrote:
>
> Pablo,
>
> What version of Cas is this?
>
> Check your logs. The audit log records the authentication events, 
> including ticket creation.
>
> Ray
>
> On Wed, 2023-08-02 at 14:39 -0700, Pablo Vidaurri wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information.
>
>
> I am seeing a problem where after a successful login a redirect is happing 
> back to the service URL but does not have a ticket=ST- query parameter. 
> This of course means that the service has no ticket to go validate. But if 
> I hit the login page again, i get the ticket on the 2nd try. 
>
> 1) https://www.xxx.com/cas/login?service=https://myapp.xxx.com/cas/login
> 2) after login redirects to https://myapp.newco.com/cas/login, with no 
> ticket
> 3) since no ticket, login to the app fails.
> 4) I go to 
> https://www.xxx.com/cas/login?service=https://myapp.xxx.com/cas/login 
> again
> 5) immediately redirects back to 
> https://myapp.xxx.com/cas/login?ticket=ST-
> 6) now logged into the app
>
> Why would ticket not be sent the first time?
>
> -psv
>
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b9a850fb-dd71-48e2-a0d3-7ada7f703911n%40apereo.org.

Re: [cas-user] Radius -MFA in cas 6.6.8

2023-08-10 Thread Vikash Chandra Ansh 
Hi Ray,

We have NW change in place. There is UDP connectivity from my cas server to
radius server(unidirectional ) on port 1812 and 1813 .


On Wed, Aug 9, 2023, 10:29 PM Ray Bon  wrote:

> Vikash,
>
> Is it possible there is a network issue?
>
> Ray
>
> On Tue, 2023-08-08 at 17:20 +0530, Vikash Chandra Ansh wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Everyone,
>
> We are trying to implement radius MFA in CAS. In our case our primary
> authentication will be LDAP and then for MFA we need RSA.
>
> I have also added dependency as cas-server-support-radius-mfa.
>
> I have added the required properties like client.inet-address and
> shared-secert.
> But still I can not see any hit on the radius server.
> Can anyone please help here.
>
> Cas version I am using is 6.6.8.
>
> Thanks and regards
> Vikash Chandra
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebab25780f77a0697d2191e2fc4e466d00d59f56.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxjBojzLjm%3DzzHHWOcSSqRjkv24tNzR-8JmBL0N%3DuFdg%3DQ%40mail.gmail.com.