[cas-user] CAS 7 bug? /cas/login recalls previous specific service registration

2023-09-11 Thread Baron Fujimoto 
While testing CAS 7 (RC7), we encountered either a puzzling bug, or some
configuration effect we don't understand.

Normally, if we don't specify an application with for /cas/login, after
authentication we expect to be directed to a "Log In Successful" page for
an unknown target destination that displays the attributes and their values
for the user. We've found however, that once we've successfully logged in
for a target destination we actually have a service registration for (e.g.
"/cas/login?renew=true=https%3A%2F%2Fexample%2Ecom" [*], any
subsequent attempts to use /cas/login without a target destination always
redirects us to the first successful target destination we successfully log
in to (e.g., example.com in this case). This even happens after
/cas/logout, a new private/incognito browser window, or even a different
browser, so it seems to be tied to the CAS server itself.

[*] For example, with the following JSON service registration for
example.com:

{
  "@class" : "org.apereo.cas.services.CasRegisteredService",
  "name" : "Example_Default_MFA",
  "serviceId" : "^https://example\\.com(/.*)*",
  "description" : "Default MFA Test example.com",
  "id" : 20230720150127,
  "evaluationOrder" : 1009,
  "multifactorPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [
"mfa-duo" ] ],
"failureMode" : "OPEN"
  }
}

If we restart CAS, and try just "/cas/login", we get the expected
attributes results page. If we then try
"/cas/login?renew=true=https%3A%2F%2Fexample%2Ecom", we get the
expected example.com page. But if we then try just "/cas/login" again, we
are only directed back to example.com as previously described.

Only restarting CAS seems to clear the condition. After restart, if we
first try it with the example.com target, then without logging out try it
without a target using just "/cas/login" we get the expected attributes
page. However, if we then logout with "/cas/logout" and then once again use
just the target-less  "/cas/login", we get directed back to example.com
rather than the attributes page.

-- 
Baron Fujimoto  ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0mezA%3D_xUakzM6GXTAwLEjpVc5K_Q3KOgvnh%3D3%3DSQvaw%40mail.gmail.com.

Re: [cas-user] SAML delegated authN in CAS 6.6.x, SLO has no signature element to external IDP?

2023-09-11 Thread Yan Zhou 
HI,

Looks like CAS already performed logout (TGC cookie is already removed) 
before it redirect to Okta doing Logout, but it does not have a signature 
element in Logout request sent to Okta.

Would that be a problem, even if Okta would recognize and log user out, it 
will redirect back to CAS, now that SSO session is already destroyed, CAS 
would not know how to handle Okta response. I did see this message in Log, 
but it is not marked as error:  Can not evaluate delegated authentication 
policy without a service

Yan

2023-09-11 13:12:17,154 DEBUG [https-jsse-nio-8443-exec-7] 
[org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientFinishLogoutAction]
 
- https://localhost:8443/cas/login | urlResolver: 
org.pac4j.core.http.url.DefaultUrlResolver@47cf3a3b | callbackUrlResolver: 
org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@c83ed77 | 
ajaxRequestResolver: 
org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@69099dc8 | 
redirectionActionBuilder: 
org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@23a7d2b8 | 
credentialsExtractor: 
org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@40492ade | 
authenticator: 
org.pac4j.saml.credentials.authenticator.SAML2Authenticator@7ee9de0e | 
profileCreator: 
org.pac4j.core.profile.creator.AuthenticatorProfileCreator@d271a54 | 
logoutActionBuilder: 
org.pac4j.saml.logout.SAML2LogoutActionBuilder@5b2bfbc6 | 
authorizationGenerators: [] | checkAuthenticationAttempt: true |]>
2023-09-11 13:12:17,154 DEBUG [https-jsse-nio-8443-exec-7] 
[org.apereo.cas.web.flow.actions.DelegatedAuthenticationClientFinishLogoutAction]
 
- http://localhost:8081/saml/logout?SAMLResponse=pZI%2Fb8IwEMX3forI...bELxwQ%3D%3D]>
2023-09-11 13:12:18,950 INFO [scheduling-1] 
[org.apereo.cas.services.AbstractServicesManager] - 
2023-09-11 13:12:19,887 INFO [https-jsse-nio-8443-exec-3] [Spring Security 
Debugger] - <



Request received for POST '/login?client_name=bootsp2=true':
.. 



>
2023-09-11 13:12:19,888 DEBUG [https-jsse-nio-8443-exec-3] 
[org.apereo.cas.web.flow.CasFlowHandlerMapping] - 
2023-09-11 13:12:19,890 DEBUG [https-jsse-nio-8443-exec-3] 
[org.apereo.cas.support.pac4j.authentication.clients.RefreshableDelegatedClients]
 
- https://localhost:8443/cas/login | urlResolver: 
org.pac4j.core.http.url.DefaultUrlResolver@47cf3a3b | callbackUrlResolver: 
org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@c83ed77 | 
ajaxRequestResolver: 
org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@69099dc8 | 
redirectionActionBuilder: 
org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@23a7d2b8 | 
credentialsExtractor: 
org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@40492ade | 
authenticator: 
org.pac4j.saml.credentials.authenticator.SAML2Authenticator@7ee9de0e | 
profileCreator: 
org.pac4j.core.profile.creator.AuthenticatorProfileCreator@d271a54 | 
logoutActionBuilder: 
org.pac4j.saml.logout.SAML2LogoutActionBuilder@5b2bfbc6 | 
authorizationGenerators: [] | checkAuthenticationAttempt: true |]]>
2023-09-11 13:12:19,890 DEBUG [https-jsse-nio-8443-exec-3] 
[org.pac4j.core.client.Clients] - https://localhost:8443/cas/login | urlResolver: 
org.pac4j.core.http.url.DefaultUrlResolver@47cf3a3b | callbackUrlResolver: 
org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@c83ed77 | 
ajaxRequestResolver: 
org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@69099dc8 | 
redirectionActionBuilder: 
org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@23a7d2b8 | 
credentialsExtractor: 
org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@40492ade | 
authenticator: 
org.pac4j.saml.credentials.authenticator.SAML2Authenticator@7ee9de0e | 
profileCreator: 
org.pac4j.core.profile.creator.AuthenticatorProfileCreator@d271a54 | 
logoutActionBuilder: 
org.pac4j.saml.logout.SAML2LogoutActionBuilder@5b2bfbc6 | 
authorizationGenerators: [] | checkAuthenticationAttempt: true | for name: 
bootsp2>
2023-09-11 13:12:19,890 DEBUG [https-jsse-nio-8443-exec-3] 
[org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationAction] - 
https://localhost:8443/cas/login | urlResolver: 
org.pac4j.core.http.url.DefaultUrlResolver@47cf3a3b | callbackUrlResolver: 
org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@c83ed77 | 
ajaxRequestResolver: 
org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@69099dc8 | 
redirectionActionBuilder: 
org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@23a7d2b8 | 
credentialsExtractor: 
org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@40492ade | 
authenticator: 
org.pac4j.saml.credentials.authenticator.SAML2Authenticator@7ee9de0e | 
profileCreator: 
org.pac4j.core.profile.creator.AuthenticatorProfileCreator@d271a54 | 
logoutActionBuilder: 
org.pac4j.saml.logout.SAML2LogoutActionBuilder@5b2bfbc6 |

Re: [cas-user] Add a new controller to the CAS7 server

2023-09-11 Thread ztf863 

Just register the bean in Configuration

@Bean("authController")
public AuthController authController(){
return new AuthController();
}

在 2023/9/11 21:12, ztf863 写道:


Thank you very much for your reply. After my attempts, I found a 
solution. By adding the controller's package path address in the 
configuration file 
META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports, 
the controller can be identified.


在 2023/9/8 23:22, Ray Bon 写道:
See 
https://apereo.github.io/cas/6.6.x/webflow/Webflow-Customization-Extensions.html and 
https://fawnoos.com/2022/07/22/cas66-ui-themes/


Ray

On Fri, 2023-09-08 at 16:15 +0800, ztf863 wrote:
Notice: This message was sent from outside the University of 
Victoria email system. Please be cautious with links and sensitive 
information.


Hello, I am a beginner in CAS. I want to add a new controller to the 
CAS7 server, but it does not take effect. How should I implement 
it?Is there any documentation for this?Thanks




--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d2bd11d62bd88b45cb9cc5ff9477b55e2850ba6.camel%40uvic.ca 
.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f842b254-a7f2-4db6-9452-da5139434ac6%40gmail.com.

Re: [cas-user] Customizing AUP Webflow Logic

2023-09-11 Thread Ray Bon 
Trevor,

Test classes are not part of packaged jars. If you want test classes, you have 
to copy them into your src directory.
Beware, you may have to copy in dependencies of the test classes too; and 
remember to update them when you upgrade.
Is it possible to rework your logic to extend the existing flow, instead of 
changing it?

Ray


On Fri, 2023-09-08 at 17:14 -0700, Trevor Fong wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi All,
I'm trying to customize the AUP template view and some of the logic behind its 
SUBMIT button. The problem is that I'm running into some compiler errors when I 
try to do a "./gradlew clean build":

$ ./gradlew clean build
Configuration on demand is an incubating feature.

> Task :compileTestJava FAILED
/Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:3:
 error: package org.apereo.cas.adaptors.ldap does not exist
import org.apereo.cas.adaptors.ldap.LdapIntegrationTestsOperations;
   ^
/Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:7:
 error: package org.apereo.cas.util.junit does not exist
import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
^
/Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:9:
 error: package com.unboundid.ldap.sdk does not exist
import com.unboundid.ldap.sdk.LDAPConnection;
 ^
/Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:52:
 error: cannot find symbol
public class LdapAcceptableUsagePolicyRepositoryTests extends 
BaseAcceptableUsagePolicyRepositoryTests {
  ^
  symbol: class BaseAcceptableUsagePolicyRepositoryTests
/Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:41:
 error: cannot find symbol
@EnabledIfListeningOnPort(port = 10389)
 ^
  symbol: class EnabledIfListeningOnPort
5 errors

FAILURE: Build failed with an exception.


Would someone be able to tell me if I'm following the right path (see below) or 
tell me what I'm doing wrong?  Presumably I need to add extra 'implementation 
"org.apereo.cas:blah"' references to build.gradle - how do I find out what to 
add?

Here's what I did to get thus far:

cd /opt/cas/workspace/
git clone https://github.com/apereo/cas.git
## There doesn't seem to be a v6.6.11 tag?
git checkout v6.6.10

cd /opt/cas/workspace/cas-6.6.11-dev
getcas --directory cas-overlay-template-6.6.11 --type cas-overlay --casVersion 
6.6.11 --modules 
support-jpa-ticket-registry,support-jpa-service-registry,support-ldap,support-saml,support-duo,support-audit-jdbc,support-aup-ldap,support-aup-webflow

## Copy files that we want to customize from cas to the overlay
cp -prnv /opt/cas/workspace/cas/support/cas-server-support-aup-ldap/src/* 
/opt/cas/workspace/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/

## Customize:
# 
cas-overlay-template-6.6.11/src/main/resources/templates/aup/casAcceptableUsagePolicyView.html
# 
cas-overlay-template-6.6.11/src/main/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepository.java

## Add additional implementations to build.gradle to get rid of "class not 
found" type build errors
#implementation "org.apereo.cas:cas-server-support-aup-core"
#implementation "org.apereo.cas:cas-server-support-ldap-core"
#implementation "org.apereo.cas:cas-server-core-util"
#implementation "org.apereo.cas:cas-server-core-web-api"

cd /opt/cas/workspace
cd cas-6.6.11-dev/cas-overlay-template*
./gradlew clean build

See build errors above.

Thanks a lot,
Trev


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c4de80d79889315b8bf0c700b84f1f66de2c114a.camel%40uvic.ca.

Re: [cas-user] Add a new controller to the CAS7 server

2023-09-11 Thread ztf863 
Thank you very much for your reply. After my attempts, I found a 
solution. By adding the controller's package path address in the 
configuration file 
META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports, 
the controller can be identified.


在 2023/9/8 23:22, Ray Bon 写道:
See 
https://apereo.github.io/cas/6.6.x/webflow/Webflow-Customization-Extensions.html and 
https://fawnoos.com/2022/07/22/cas66-ui-themes/


Ray

On Fri, 2023-09-08 at 16:15 +0800, ztf863 wrote:
Notice: This message was sent from outside the University of Victoria 
email system. Please be cautious with links and sensitive information.


Hello, I am a beginner in CAS. I want to add a new controller to the 
CAS7 server, but it does not take effect. How should I implement 
it?Is there any documentation for this?Thanks




--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d2bd11d62bd88b45cb9cc5ff9477b55e2850ba6.camel%40uvic.ca 
.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf14f871-02c4-4f90-bb5e-433ca588721a%40gmail.com.

Re: [cas-user] Customizing AUP Webflow Logic

2023-09-11 Thread Trevor Fong 
Hi All,
Just wondering if anyone has any ideas about the build errors?
Thanks
Trev

.
On Sep 8, 2023 at 9:48 PM -0700, Trevor Fong , wrote:
> Hi All,
> I'm trying to customize the AUP template view and some of the logic behind 
> its SUBMIT button. The problem is that I'm running into some compiler errors 
> when I try to do a "./gradlew clean build":
>
> $ ./gradlew clean build
> Configuration on demand is an incubating feature.
>
> > Task :compileTestJava FAILED
> /Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:3:
>  error: package org.apereo.cas.adaptors.ldap does not exist
> import org.apereo.cas.adaptors.ldap.LdapIntegrationTestsOperations;
>                                    ^
> /Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:7:
>  error: package org.apereo.cas.util.junit does not exist
> import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
>                                 ^
> /Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:9:
>  error: package com.unboundid.ldap.sdk does not exist
> import com.unboundid.ldap.sdk.LDAPConnection;
>                              ^
> /Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:52:
>  error: cannot find symbol
> public class LdapAcceptableUsagePolicyRepositoryTests extends 
> BaseAcceptableUsagePolicyRepositoryTests {
>                                                               ^
>   symbol: class BaseAcceptableUsagePolicyRepositoryTests
> /Users/tjfong/git/aws-setup/cas6/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/test/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepositoryTests.java:41:
>  error: cannot find symbol
> @EnabledIfListeningOnPort(port = 10389)
>  ^
>   symbol: class EnabledIfListeningOnPort
> 5 errors
>
> FAILURE: Build failed with an exception.
>
>
> Would someone be able to tell me if I'm following the right path (see below) 
> or tell me what I'm doing wrong?  Presumably I need to add extra 
> 'implementation "org.apereo.cas:blah"' references to build.gradle - how do I 
> find out what to add?
>
> Here's what I did to get thus far:
>
> cd /opt/cas/workspace/
> git clone https://github.com/apereo/cas.git
> ## There doesn't seem to be a v6.6.11 tag?
> git checkout v6.6.10
>
> cd /opt/cas/workspace/cas-6.6.11-dev
> getcas --directory cas-overlay-template-6.6.11 --type cas-overlay 
> --casVersion 6.6.11 --modules 
> support-jpa-ticket-registry,support-jpa-service-registry,support-ldap,support-saml,support-duo,support-audit-jdbc,support-aup-ldap,support-aup-webflow
>
> ## Copy files that we want to customize from cas to the overlay
> cp -prnv /opt/cas/workspace/cas/support/cas-server-support-aup-ldap/src/* 
> /opt/cas/workspace/cas-6.6.11-dev/cas-overlay-template-6.6.11/src/
>
> ## Customize:
> # 
> cas-overlay-template-6.6.11/src/main/resources/templates/aup/casAcceptableUsagePolicyView.html
> # 
> cas-overlay-template-6.6.11/src/main/java/org/apereo/cas/aup/LdapAcceptableUsagePolicyRepository.java
>
> ## Add additional implementations to build.gradle to get rid of "class not 
> found" type build errors
> #    implementation "org.apereo.cas:cas-server-support-aup-core"
> #    implementation "org.apereo.cas:cas-server-support-ldap-core"
> #    implementation "org.apereo.cas:cas-server-core-util"
> #    implementation "org.apereo.cas:cas-server-core-web-api"
>
> cd /opt/cas/workspace
> cd cas-6.6.11-dev/cas-overlay-template*
> ./gradlew clean build
>
> See build errors above.
>
> Thanks a lot,
> Trev
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9a56978-7838-40dc-88e0-d60c4a8e5556n%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/098b22e1-1e68-42bb-8a4a-5af8b4f65f76%40Spark.