[cas-user] Re: Error parsing incommon metadata
080 WARN >>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] >>>> - >>> https://pa4078.peopleadmin.com/shibboleth]> >>>> >>>> 2024-02-02 11:49:43,080 WARN >>>> [org.apereo.cas.util.function.FunctionUtils] - >>> to https://pa4078.peopleadmin.com/shibboleth >>>> >>>> >>>> AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:493 >>>> >>>> >>>> AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:311 >>>> >>>> >>>> AbstractSamlIdPProfileHandlerController.java:lambda$handleSsoPostProfileRequest$4:648 >>>> >>>> > >>>> >>>> *2024-02-02 11:49:43,081 ERROR [org.apereo.cas.web.support.WebUtils] - >>>> https://pa4078.peopleadmin.com/shibboleth >>>> <https://pa4078.peopleadmin.com/shibboleth>* >>>> >>>> * >>>> AbstractSamlIdPProfileHandlerController.java:verifySamlAuthenticationRequest:493* >>>> >>>> * >>>> AbstractSamlIdPProfileHandlerController.java:initiateAuthenticationRequest:311* >>>> >>>> * >>>> AbstractSamlIdPProfileHandlerController.java:lambda$handleSsoPostProfileRequest$4:648* >>>> >>>> *>* >>>> >>>> >>>> Also have the entry in cas.properties for: >>>> >>>> cas.saml-sp.in-common.metadata= >>>> https://md.incommon.org/InCommon/InCommon-metadata.xml >>>> >>>> service json looks like this >>>> >>>> { >>>> @class: org.apereo.cas.support.saml.services.SamlRegisteredService >>>> serviceId: https://pa4078.peopleadmin.com/shibboleth >>>> name: PeopleAdmin >>>> id: 1706734145472 >>>> description: InCommon SAML SP Integration for PeopleAdmin >>>> evaluationOrder: 2147483642 <(214)%20748-3642> >>>> usernameAttributeProvider: >>>> { >>>> @class: >>>> org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider >>>> usernameAttribute: eduPersonPrincipalName >>>> } >>>> attributeReleasePolicy: >>>> { >>>> @class: org.apereo.cas.services.ChainingAttributeReleasePolicy >>>> policies: >>>> [ >>>> java.util.ArrayList >>>> [ >>>> { >>>> @class: >>>> org.apereo.cas.services.ReturnMappedAttributeReleasePolicy >>>> allowedAttributes: >>>> { >>>> @class: java.util.TreeMap >>>> displayName: >>>> [ >>>> java.util.ArrayList >>>> [ >>>> urn:oid:2.16.840.1.113730.3.1.241 >>>> ] >>>> ] >>>> eduPersonPrimaryAffiliation: >>>> [ >>>> java.util.ArrayList >>>> [ >>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.5 >>>> ] >>>> ] >>>> eduPersonPrincipalName: >>>> [ >>>> java.util.ArrayList >>>> [ >>>> urn:oid:1.3.6.1.4.1.5923.1.1.1.6 >>>> emailaddress >>>> ] >>>> ] >>>> givenName: >>>> [ >>>> java.util.ArrayList >>>> [ >>>> givenname >>>> ] >>>> ] >>>> sn: >>>> [ >>>> java.util.ArrayList >>>> [ >>>> surname >>>> ] >>>> ] >>>> } >>>> } >>>> ] >>>> ] >>>> mergingPolicy: REPLACE >>>> principalAttributesRepository: >>>> { >>>> @class: >>>> org.apereo.cas.authentication.principal.ChainingPrincipalAttributesRepository >>>> } >>>> consentPolicy: >>>> { >>>> @class: >>>> org.apereo.cas.services.consent.ChainingRegisteredServiceConsentPolicy >>>> } >>>> authorizedToReleaseAuthenticationAttributes: true >>>> } >>>> metadataLocation: >>>> https://md.incommon.org/InCommon/InCommon-metadata.xml >>>> metadataCriteriaDirection: INCLUDE >>>> metadataCriteriaPattern: https://authproxy.conity.com/saml2 >>>> signingCredentialType: BASIC >>>> } >>>> >>>> >>>> cas.saml-sp.in-common.metadata= >>>> >>> -- Andrew Tillinghast Sr. Tech Lead Identity and Access Management atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_m12Bp%3Dw6bRDV%2BxLuopQ3py-pR-QyR%2BaDHcXPcjeX7DSw%40mail.gmail.com.
[cas-user] No CAS logs
We're going to be moving from cas 5.1.5 to cas 7 and I'm starting with cas 7 vanilla to get used to the new changes and using gradle for overlay instead of maven. I started a project with the Initializr and I'm deploying to Apache Tomcat 9. I made the logging change as per https://apereo.github.io/cas/6.6.x/installation/Configuring-Servlet-Container-External.html and did gradle build form the command line. copied the cas.war from build/lib and the tomcat logs show that cas deployed (I can browse through and see my changes) but when I try localhost:8080/cas or localhost:8080/cas/login I'm just getting a 404 error message and there is no cas.log file on the system. I looked and the log4j2.xml in the /etc/cas/config and I changed the base.dir value to /var/log/tomcat restarted tomcat and no change still 404 and no cas.log I'm not sure if I'm missing something with gradle or the changes to cas, if someone could point me in the right direction I'd appreciate it. -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_mLCuxPc6s4_WtEmMu0tag1xMvOJ0gmPNdSGcCZ7jG84Q%40mail.gmail.com.
[cas-user] Cumulative release notes
Is there a utility to process the through the various release notes to produce a single document of all changes between two versions? Say everything new between CAS 5.1.x and CAS 6.5.x ? -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_nM0L%3D1%2B1R4hzP%2Brt6M4CrK2Vdo_a5YPQdrp9nT9c6Srw%40mail.gmail.com.
Re: [cas-user] Having issues w/ trustedDevice in 5.1.2
We're having the same issue with DUO MFA and remember device. Is there a work around? I checked in GitHub, it appears this issue was never entered in GitHub so I did that: https://github.com/apereo/cas/issues/2998 Can anyone provide us with a work around, or at least the list of classes to be updated? On Tue, Aug 22, 2017 at 6:16 AM, Jurica Juren <jurica.ju...@gmail.com> wrote: > Can you tell me which class need to be changed so that right queries are > send to MySQL? > I manually created table in database but now when CAS want's to insert I > received error because of reserved words in MySQL (key and date). > > Jurica > > > On Wednesday, 16 August 2017 12:55:30 UTC+2, Matt Elson wrote: > >> On 08/15/2017 04:47 PM, Matt Elson wrote: >> >> > Both look like the SQL statements are getting incorrectly formed or >> > truncated in some format; going to be firing up more debugging on >> > mariadb/mysql side of things and will try other DBs later. >> > >> > Just figured I'd throw it out there in case the underlying cause of >> this >> > new issue of mine is a really obvious one. >> >> Turns out it's pretty simple. >> >> The fields "date" and "key" are reserved words in mysql/mariadb and >> aren't being quoted/backticked properly so causing the SQL errors. >> Changing the names to something like trustedDate and trustedKey in >> MultiFactorAuthenticationRecord and altering the explicit SQL queries >> in JpaMultifactorAuthenticationTrustStorage accordingly causes the DDL >> and subsequent inserts to succeed in my brief testing. >> >> While playing with that, a length of 255 isn't sufficient for the key >> value once encryption takes place; had to bump it up to 1000 or so. >> >> Not familiar with hibernate so not sure if it's supposed to take care of >> this sort of quoting/escaping, so not sure who to report this seeming >> bug to. >> >> Matt >> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: https://apereo.github.io/cas/M >> ailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/458110c3-b065-e8a2-052f-1400257812 >> 24%40fastmail.net. >> > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/7b52c270-4db1-49bf-adb0- > e9b9d4167ddc%40googlegroups.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7b52c270-4db1-49bf-adb0-e9b9d4167ddc%40googlegroups.com?utm_medium=email_source=footer> > . > -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DKo29jFdLN%2By6%3DdfuUHva6Z-ovryY_ybRFeYe%2BPL0yHw%40mail.gmail.com.
Re: [cas-user] how to upgradation from CAS 3.5.2 to CAS 5.0.
We're in the same process right now. Basic CAS hasn't been too much of a problem, some hitches with /samlValidate, attribute release and SSO but we've worked through them all and our solutions are documented in the mailing list. On Wed, Jun 28, 2017 at 3:41 PM, Richard Frovarp <richard.frov...@ndsu.edu> wrote: > Ours is going live tomorrow morning. This time with MFA, OpenID, and SAML > 2.0 support. Only pain was "migrating" the services which involved me > manually copy and pasting URLs and setting attribute return. > > > On 06/28/2017 10:00 AM, Carlos Fernandez wrote: > > I'm in the process of doing the same -- we have finished testing already > and will go live on Saturday. Since nothing carries over from the 3.5 > series to 5.0, you'll be better off starting a CAS 5.0 implementation from > scratch on a separate system and build it up to the necessary level of > functionality. > > Best regards, > -- > Carlos M. Fernández > Enterprise Systems Manager > *Saint Joseph’s University* > Philadelphia PA 19131 > T: +1 610 660 1501 > > On Wed, Jun 28, 2017 at 7:08 AM, Ravi Sharma <abes.r...@gmail.com> wrote: > >> Hi Team >> >> working on JASIG CAS upgradation from *CAS 3.5.2* to* CAS 5.0.* >> Did not find any link for this please provide help for this. >> >> reagrds >> ravi Prakash >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: https://apereo.github.io/cas/M >> ailing-Lists.html >> <http://spamburger.sju.edu/canit/urlproxy.php?_q=aHR0cHM6Ly9hcGVyZW8uZ2l0aHViLmlvL2Nhcy9NYWlsaW5nLUxpc3RzLmh0bWw%3D&_s=Y2Zlcm5hbmQ%3D&_c=77a03ca9> >> - CAS documentation website: https://apereo.github.io/cas >> <http://spamburger.sju.edu/canit/urlproxy.php?_q=aHR0cHM6Ly9hcGVyZW8uZ2l0aHViLmlvL2Nhcw%3D%3D&_s=Y2Zlcm5hbmQ%3D&_c=9d7960c0> >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/14d2eb3a-7f83-4efc-ae08-c3648c216b >> 3d%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/14d2eb3a-7f83-4efc-ae08-c3648c216b3d%40apereo.org?utm_medium=email_source=footer> >> . >> > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CAE7KU86iNFh01A3x4GY6mm- > 9FAXKHT4UsvwywKY4ghxOwRQW%3Dg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE7KU86iNFh01A3x4GY6mm-9FAXKHT4UsvwywKY4ghxOwRQW%3Dg%40mail.gmail.com?utm_medium=email_source=footer> > . > > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/1ec1dd18-0d0f-ee79-2f47- > bc41a967bc56%40ndsu.edu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1ec1dd18-0d0f-ee79-2f47-bc41a967bc56%40ndsu.edu?utm_medium=email_source=footer> > . > -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing
Re: [cas-user] Re: Clarification LPPE and AD on CAS 5
Sort of, the warnAll is not working but with the setting above if I lock or disable the account I get back that status. On Mon, Jun 19, 2017 at 9:26 AM, Rafa <rafael.marga...@beabloo.com> wrote: > Hi, > > Did you manage to set up the password policy? > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/c9527ce9-6067-427f-8f6e- > ffd93ac7346c%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9527ce9-6067-427f-8f6e-ffd93ac7346c%40apereo.org?utm_medium=email_source=footer> > . > -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DGbxCakr-YJuHYDmE4Z31Wz304qgditriEE6idXL8Nww%40mail.gmail.com.
Re: [cas-user] Different SSO behaviour in CAS 5.0.4?
I'm seeing the same effect in CAS 5.1.0 I have checked the properties for TGC and I have made sure that enable SSO is set in the service manager but every service still requires login. On Tue, Apr 11, 2017 at 5:21 PM, Manfredo Hopp <mhopp.coni...@gmail.com> wrote: > Hi, > > I recently installed cas 5.0.4 and tested SSO with 2 web applications > which are running under version 4.0.1 installed in production. > > The test sequence was the same as for 4.0.1 e.g. ( in chronological order): > > 1. Login to casified application A requires cas login > 2. Redirect to casified application B with SSO enabled does NOT require > signing in. > > but on 5.0.4 step 2. requires login in again. > > Through cas-management I can see that services have SSO enabled by > default. > > I made a revision of properties used but found no reason for this > different behaviour. > > Regards Manfredo > > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CAB623R_ShsHHJjObJ_9Bi0opwVRqLya-8SB8_ > xjQyAxNMaLCTQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAB623R_ShsHHJjObJ_9Bi0opwVRqLya-8SB8_xjQyAxNMaLCTQ%40mail.gmail.com?utm_medium=email_source=footer> > . > -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3D7sARskxqsR5DQ-5t18pi_O_HE0GwxVKi24EtvFWGXAQ%40mail.gmail.com.
[cas-user] Configuration Security
I'm working on encrypting passwords before I put our overlay up on github. I built my keystore as per the spring cloud document: https://cloud.spring.io/spring-cloud-config/spring-cloud-config.html Added the properties: spring.cloud.config.server.encrypt.enabled=true encrypt.keyStore.location=file:///etc/cas/config/casconfigserver.jks encrypt.keyStore.password=SecretPass encrypt.keyStore.alias=dakey encrypt.keyStore.secret=changeme When I execute the Curl Statement I get a response $ CURL http://casdev1.conncoll.edu:8080/cas/status/configserver/encrypt --data-urlencode Secret! AQASDk01S0m3vTjgxpXQBhQC4OOeEmEmBvw9Dgs7DijOM37tJle68IG8c56YGmX8jzHIXIepBdMXTjh6IL8HqijIZgHESRrCiD5IYC2ZKS9h7tKRw1tqWcDfb37cRbgpp2AphFVDQn114PI7bekRBDcBS1Hqd/sdAj6gDalPZ0mTXhqNiRnbognVG/xuWGvn5aFPKTV+OBtKY8eFlsVqkQiF4PgbIjXsbhGnGTTuWtIqojuuHDIzviaJZyUDO7eSPlMno6StXHGYM8IpkTXEzM0zpwbNZGK5GAdcYLwyc5W4iFKG+9RColVzBe2kKwvu1NcaylovTTPsasIUxi0v2Lx1v5MsR+aX4YzSIWZQOOUvtSWddmeBzWkZmr+1WAHgGCM= I then update properties cas.authn.ldap[0].bindCredential= {cipher}AQASDk01S0m3vTjgxpXQBhQC4OOeEmEmBvw9Dgs7DijOM37tJle68IG8c56YGmX8jzHIXIepBdMXTjh6IL8HqijIZgHESRrCiD5IYC2ZKS9h7tKRw1tqWcDfb37cRbgpp2AphFVDQn114PI7bekRBDcBS1Hqd/sdAj6gDalPZ0mTXhqNiRnbognVG/xuWGvn5aFPKTV+OBtKY8eFlsVqkQiF4PgbIjXsbhGnGTTuWtIqojuuHDIzviaJZyUDO7eSPlMno6StXHGYM8IpkTXEzM0zpwbNZGK5GAdcYLwyc5W4iFKG+9RColVzBe2kKwvu1NcaylovTTPsasIUxi0v2Lx1v5MsR+aX4YzSIWZQOOUvtSWddmeBzWkZmr+1WAHgGCM= And CAS fails to start with: May 08, 2017 10:56:24 AM org.apache.catalina.core.ContainerBase addChildInternal SEVERE: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas]] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:153) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1092) at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1984) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalStateException: Cannot decrypt: key=cas.authn.ldap[0].bindCredential at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:201) at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:165) at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:95) at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:635) at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:349) at org.springframework.boot.SpringApplication.run(SpringApplication.java:313) at org.springframework.boot.web.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:151) at org.springframework.boot.web.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:131) at org.springframework.boot.web.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:86) at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:169) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5573) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) ... 10 more Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly? at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:152) at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:193) ... 21 more If the keystore isn't configured correctly how am I getting an encrypt response from the the admin endpoint? -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from
[cas-user] Clarification LPPE and AD on CAS 5
Hi everyone I'n coming back to CAS after a long break and looking to implement CAS 5 in our environment but I need clarification on some properties. I'm setting cas.authn.ldap[0].type=AD But I see two Properties that both seem to enable LPPE cas.authn.ldap[0].usePasswordPolicy=true cas.authn.ldap[0].passwordPolicy.enabled=true Is there a reason it's enabled twice? with the LPPE properties: #Password Policy enforcement cas.authn.ldap[0].passwordPolicy.enabled=true cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked= javax.security.auth.login.AccountLockedException cas.authn.ldap[0].passwordPolicy.loginFailures=5 cas.authn.ldap[0].passwordPolicy.warningAttributeValue= cas.authn.ldap[0].passwordPolicy.warningAttributeName= cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true cas.authn.ldap[0].passwordPolicy.warnAll=true cas.authn.ldap[0].passwordPolicy.warningDays=300 cas.authn.ldap[0].passwordPolicy.url=https://password.conncoll.edu I expected to see two attribute values, one for the attribute to check for password age and one to check for not displaying the warning (aka attribute that indicates an account's password doesn't expire) Taking a quick look at the code it looks like warningAttributeName is the attribute to check for not displaying a warning, what property sets the attribute to check for the password age? -- Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DiWn7FAp1_ACrV%3D2BBJqbugOQYKMgXkZ0noAA8i_DZDg%40mail.gmail.com.