[cas-user] CAS 5.3.9 various WsFederation errors
Since upgrading CAS to 5.3.9, we are now seeing various WsFederation errors in logs. 2019-04-19 11:55:43,708 ERROR [org.apereo.cas.web.flow.WsFederationAction] - java.lang.NullPointerException: null at org.apereo.cas.support.wsfederation.web.WsFederationCookieManager.retrieve(WsFederationCookieManager.java:60) ~[cas-server-support-wsfederation-5.3.9.jar:5.3.9] at org.apereo.cas.web.flow.WsFederationResponseValidator.validateWsFederationAuthenticationRequest(WsFederationResponseValidator.java:45) ~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9] at sun.reflect.GeneratedMethodAccessor314.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_191] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671) ~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.apereo.cas.web.flow.WsFederationResponseValidator$$EnhancerBySpringCGLIB$$636f8757.validateWsFederationAuthenticationRequest() ~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9] at org.apereo.cas.web.flow.WsFederationAction.doExecute(WsFederationAction.java:57) ~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9] at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] 2019-04-19 12:29:07,926 ERROR [org.apereo.cas.support.wsfederation.web.WsFederationCookieManager] - 2019-04-19 12:29:07,926 ERROR [org.apereo.cas.web.flow.WsFederationAction] - java.lang.IllegalArgumentException: No cookie could be found to determine session state at org.apereo.cas.support.wsfederation.web.WsFederationCookieManager.retrieve(WsFederationCookieManager.java:64) ~[cas-server-support-wsfederation-5.3.9.jar:5.3.9] at org.apereo.cas.web.flow.WsFederationResponseValidator.validateWsFederationAuthenticationRequest(WsFederationResponseValidator.java:45) ~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9] at sun.reflect.GeneratedMethodAccessor314.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_191] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671) ~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.apereo.cas.web.flow.WsFederationResponseValidator$$EnhancerBySpringCGLIB$$636f8757.validateWsFederationAuthenticationRequest() ~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9] at org.apereo.cas.web.flow.WsFederationAction.doExecute(WsFederationAction.java:57) ~[cas-server-support-wsfederation-webflow-5.3.9.jar:5.3.9] at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.0.RELEASE.jar:2.5.0.RELEASE] at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_191] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_191] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.20.RELEASE.jar:4.3.20.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
[cas-user] CAS 5.3.9 ADFS redirect issue
I have CAS 5.3.9 configured with ADFS for our users. I followed the config template showno here https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#ws-fed-delegated-authentication Upon testing login, I get redirected to ADFS properly but I always see the CAS login page flash before redirecting to ADFS. I did not have this issue in CAS 4.2.X. Is there a config I need to set somewhere to avoid this from happening? Thanks! Dan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/118dbaa7-8d86-4249-bf89-efff503bf38e%40apereo.org.
[cas-user] Re: CAS 5.2.4 unable to post params back to service
I am still unable to POST any parameters to my service using 5.1.9, 5.2.X builds. I have no issues with CAS 4.2.6. Any help would be appreciated. On Sunday, April 29, 2018 at 6:05:15 PM UTC-4, Dan Roque wrote: > > I'm trying to upgrade CAS 4.2.6 to 5.2.4 but cannot get 'method=POST' to > work properly. All service responses end up with a redirect to my > application. > > I was able to find a new service option in latest master docs here : > https://github.com/apereo/cas/blob/master/docs/cas-server-documentation/installation/Configuring-Service-Response-Type.md > > However, I see this is not available in 5.2.X. Do I need to update to > 5.3.0 in order to use POST? > > Also, I came across the following property > "cas.httpWebRequest.onlyPostParams=username,password". The service I am > using does not use these param names, do I need to set this to the params > to match what the service expects? > > Thanks, Dan > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5a35d53-8174-4b45-bc20-1e6ffc182f7c%40apereo.org.
[cas-user] Re: Basic Example of CAS of Overlay Implementing OAuth2.0
Try "^https://localhost:8443/oauth_client; as your serviceId regex. You can even start with the default IMAPS/HTTPS service for testing. On Tuesday, May 1, 2018 at 3:03:47 PM UTC-4, John D Giotta wrote: > > Greetings, > I'm attempting to use CAS as an OAuth2.0 server. I've read the > documentation here: > https://apereo.github.io/cas/5.2.x/installation/OAuth-OpenId-Authentication.html > > but I just can't seem to get it work > > My oauth-1001.json in /etc/cas/service > > { > "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService", > "clientId": "oauth_client", > "clientSecret": "secret", > "bypassApprovalPrompt": false, > "serviceId" : "^https:\\/\\/localhost:8443\\/oauth_client", > "name" : "OAuthTest", > "id" : 1001, > "evaluationOrder" : 1, > } > > > And I added the following dependencies to the pom.xml > > > > org.apereo.cas > cas-server-support-oauth-webflow > ${cas.version} > > > org.apereo.cas > cas-server-support-rest-authentication > ${cas.version} > > > > > > The problem is that if I attempt to curl the authorize endpoint I get a > error "Application Not Authorized to Use CAS" HTML page as response. Am I > missing something? Does an example exist? > > I want to use CAS for web logins and rest Oauth requests. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f364357-ef03-462a-8509-f2df9c12bd72%40apereo.org.
[cas-user] Re: CAS 5.3.X unable to run
Looks like the war file that was built contains both the 5.2.4 libs and 5.3.0-RC3 libs which is causing all the dependency conflicts. Any idea why this is happening? On Sunday, April 29, 2018 at 8:21:53 PM UTC-4, Dan Roque wrote: > > I just attempted to run the latest 5.3.0-RC3 and tomcat crashes and burns > with bean/dependency errors. This also happened with 5.3.0-RC2 and > 5.3.0-RC3-SNAPSHOT. However, if I revert my overlay to 5.2.4, everything > works as expected. Has anyone been able to run the latest 5.3.X builds ? > > I built the war files from both cas-overlay-template and > cas-gradle-overlay-template which resulted in same errors. Also, the gradle > war file is double the size of the maven war file. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5349f8c-4b60-4435-9a3d-45d3ac843bba%40apereo.org.
[cas-user] CAS 5.3.X unable to run
I just attempted to run the latest 5.3.0-RC3 and tomcat crashes and burns with bean/dependency errors. This also happened with 5.3.0-RC2 and 5.3.0-RC3-SNAPSHOT. However, if I revert my overlay to 5.2.4, everything works as expected. Has anyone been able to run the latest 5.3.X builds ? I built the war files from both cas-overlay-template and cas-gradle-overlay-template which resulted in same errors. Also, the gradle war file is double the size of the maven war file. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1c8011d-6601-4fce-9245-73f4ac81a805%40apereo.org.
[cas-user] CAS 5.2.4 unable to post params back to service
I'm trying to upgrade CAS 4.2.6 to 5.2.4 but cannot get 'method=POST' to work properly. All service responses end up with a redirect to my application. I was able to find a new service option in latest master docs here : https://github.com/apereo/cas/blob/master/docs/cas-server-documentation/installation/Configuring-Service-Response-Type.md However, I see this is not available in 5.2.X. Do I need to update to 5.3.0 in order to use POST? Also, I came across the following property "cas.httpWebRequest.onlyPostParams=username,password". The service I am using does not use these param names, do I need to set this to the params to match what the service expects? Thanks, Dan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4b07c91-f345-4cd7-8081-79d5c7b9bea3%40apereo.org.
[cas-user] Re: Issues getting LDAP going - CAS 4.2.5
Actually, I understand now... You mean the environment variables you are using within your POM file for maven. Which variables are you using? I can look for the corresponding gradle ones. Dan On Wednesday, October 5, 2016 at 3:16:12 PM UTC-4, Dan Roque wrote: > > Do you mean the cas.properties? If so then yes it is identical. The only > difference between gradle and maven is the build process. The instructions > for building the war file can be found here > > https://github.com/apereo/cas-gradle-overlay-template/blob/master/README.md > > Make sure you replaced the default deployerConfigContext.xml and > cas.properties before you attempt to build. > > As for LDAPS, It is up to you really. We use LDAPS to secure LDAP traffic > over SSL but you can start with LDAP for now and move to LDAPS when you > have time to configure everything required for it. > > Dan > > On Wednesday, October 5, 2016 at 1:38:11 PM UTC-4, Hank Foss wrote: >> >> Hi Dan, >> >> I'm hoping the environmental variables are identical with gradle as with >> maven, because it's looking like we'll have to recompile. >> >> Question, does CAS need to be running over LDAPS or is LDAP fine? >> >> Thanks, >> Hank >> >> >> On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote: >>> >>> Thanks to the documentation, I've been able to get far with the CAS >>> build so far, but LDAP has been a bit of a challenge so far. >>> >>> I followed this link to the letter: >>> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html >>> Then I re-ran maven by running* mvn install package*, reloaded WAR >>> file, and restarted Tomcat - not much luck so far. >>> >>> What is good is that the log file cas.log has shown the source IP and >>> attempting logon username. So that's a step in the right direction: at >>> least it's showing the failure! >>> >>> The local user casuser / Mellon logons are successful, and the cas.log >>> shows that too. >>> >>> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated. >>> >>> >>> Thanks, >>> Hank >>> >> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/48911d67-0202-4d27-bfcc-ccf9f26dff9f%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Re: Issues getting LDAP going - CAS 4.2.5
Do you mean the cas.properties? If so then yes it is identical. The only difference between gradle and maven is the build process. The instructions for building the war file can be found here https://github.com/apereo/cas-gradle-overlay-template/blob/master/README.md Make sure you replaced the default deployerConfigContext.xml and cas.properties before you attempt to build. As for LDAPS, It is up to you really. We use LDAPS to secure LDAP traffic over SSL but you can start with LDAP for now and move to LDAPS when you have time to configure everything required for it. Dan On Wednesday, October 5, 2016 at 1:38:11 PM UTC-4, Hank Foss wrote: > > Hi Dan, > > I'm hoping the environmental variables are identical with gradle as with > maven, because it's looking like we'll have to recompile. > > Question, does CAS need to be running over LDAPS or is LDAP fine? > > Thanks, > Hank > > > On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote: >> >> Thanks to the documentation, I've been able to get far with the CAS build >> so far, but LDAP has been a bit of a challenge so far. >> >> I followed this link to the letter: >> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html >> Then I re-ran maven by running* mvn install package*, reloaded WAR >> file, and restarted Tomcat - not much luck so far. >> >> What is good is that the log file cas.log has shown the source IP and >> attempting logon username. So that's a step in the right direction: at >> least it's showing the failure! >> >> The local user casuser / Mellon logons are successful, and the cas.log >> shows that too. >> >> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated. >> >> >> Thanks, >> Hank >> > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ced2c5a3-fe69-4c6a-ae52-62043b56030f%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Re: Issues getting LDAP going - CAS 4.2.5
Hi Hank, For the CAS login page, we only use username/password (no Domain required). As for 'casuser', this is the user that will search the directory for the login user. As for the POM, I generated the war file using the gradle overlay template instead of maven. In order to run correctly, you need to add the following dependencies to the build.gradle file runtime 'org.jasig.cas:cas-server-support-ldap:4.2.6' runtime 'org.ldaptive:ldaptive:1.2.0' Here is the complete build.gradle just in case http://pastebin.com/RtwrpLjm Note: This is not the overlay build.gradle file, it's the main CAS one. If you still want to use maven then you would need to add the following to the CAS POM file (untested) org.ldaptive ldaptive 1.2.0 org.jasig.cas cas-server-support-ldap 4.2.6 To verify it worked properly, the libraries should show up under WEB-INF/lib within the war file. Hope that helps, Dan On Wednesday, October 5, 2016 at 9:05:41 AM UTC-4, Hank Foss wrote: > > Dan, > > Can you provide a copy of your POM also? > > Also, when logins are made to the CAS server ( > https://cas-server:8443/cas/login) I'm guessing it's only username / > password, and then it takes you in like 'casuser' and 'Mellon'. Is this > correct? In other words, there is no need to type 'domain\sAMAccountName' > and 'password.' > > Thanks, > Hank > > > > On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote: >> >> Thanks to the documentation, I've been able to get far with the CAS build >> so far, but LDAP has been a bit of a challenge so far. >> >> I followed this link to the letter: >> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html >> Then I re-ran maven by running* mvn install package*, reloaded WAR >> file, and restarted Tomcat - not much luck so far. >> >> What is good is that the log file cas.log has shown the source IP and >> attempting logon username. So that's a step in the right direction: at >> least it's showing the failure! >> >> The local user casuser / Mellon logons are successful, and the cas.log >> shows that too. >> >> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated. >> >> >> Thanks, >> Hank >> > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f7c0bb4-3dd7-4b8c-ad8e-b5c79dc690f9%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Re: Issues getting LDAP going - CAS 4.2.5
Woops, I posted the same link twice My cas.properties file is here http://pastebin.com/zZJ8B66x On Tuesday, October 4, 2016 at 6:26:52 PM UTC-4, Dan Roque wrote: > > Hi Hank, > >Here are my working files using CAS 4.2.6 and Active Directory LDAP > (domain info redacted) > > deployerConfigContext.xml - http://pastebin.com/AnZJRpSw > cas.properties - http://pastebin.com/AnZJRpSw > > Note: This requires the ldaptive libraries in order to work properly. > > http://www.ldaptive.org/download.html > > Dan > > On Tuesday, October 4, 2016 at 5:48:35 PM UTC-4, Hank Foss wrote: >> >> Also, there was no response when I ran: >> >> $ netstat -c -t | grep -e $NAME_OF_YOUR_DIRECTORY_HOST >> >> >> >> On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote: >>> >>> Thanks to the documentation, I've been able to get far with the CAS >>> build so far, but LDAP has been a bit of a challenge so far. >>> >>> I followed this link to the letter: >>> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html >>> Then I re-ran maven by running* mvn install package*, reloaded WAR >>> file, and restarted Tomcat - not much luck so far. >>> >>> What is good is that the log file cas.log has shown the source IP and >>> attempting logon username. So that's a step in the right direction: at >>> least it's showing the failure! >>> >>> The local user casuser / Mellon logons are successful, and the cas.log >>> shows that too. >>> >>> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated. >>> >>> >>> Thanks, >>> Hank >>> >> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2a51e94-655e-4776-953b-fb5438db23b8%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Re: Issues getting LDAP going - CAS 4.2.5
Hi Hank, Here are my working files using CAS 4.2.6 and Active Directory LDAP (domain info redacted) deployerConfigContext.xml - http://pastebin.com/AnZJRpSw cas.properties - http://pastebin.com/AnZJRpSw Note: This requires the ldaptive libraries in order to work properly. http://www.ldaptive.org/download.html Dan On Tuesday, October 4, 2016 at 5:48:35 PM UTC-4, Hank Foss wrote: > > Also, there was no response when I ran: > > $ netstat -c -t | grep -e $NAME_OF_YOUR_DIRECTORY_HOST > > > > On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote: >> >> Thanks to the documentation, I've been able to get far with the CAS build >> so far, but LDAP has been a bit of a challenge so far. >> >> I followed this link to the letter: >> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html >> Then I re-ran maven by running* mvn install package*, reloaded WAR >> file, and restarted Tomcat - not much luck so far. >> >> What is good is that the log file cas.log has shown the source IP and >> attempting logon username. So that's a step in the right direction: at >> least it's showing the failure! >> >> The local user casuser / Mellon logons are successful, and the cas.log >> shows that too. >> >> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated. >> >> >> Thanks, >> Hank >> > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/84e73c75-5184-4f97-9460-5e1618cf368f%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] Re: Possible to auto-encode a request url passed to CAS?
Thanks for the response. I'll work on submitting a PR soon. Dan On Monday, September 26, 2016 at 3:28:56 PM UTC-4, Misagh Moayyed wrote: > > Thanks for the walkthrough. I realize your predicament, but just for the > sake completeness I should point out that the per the protocol, service > urls are required to be encoded. It’s a MUST. The fact that the application > isn’t doing it is a different story. > > I am not personally enthusiastic about adding this behavior, but [as we > all have to be practical], if you wish to add it, test it and then post a > patch to make this an option, I suppose that’s fine. Or simply open up an > issue for the time being. > > -- > Misagh > > From: Dan Roque <jdr...@gmail.com> > Reply: Dan Roque <jdr...@gmail.com> > Date: September 26, 2016 at 10:37:00 PM > To: CAS Community <cas...@apereo.org> > Cc: jdr...@gmail.com <jdr...@gmail.com> , > mmoa...@unicon.net <mmo...@unicon.net> > Subject: Re: [cas-user] Re: Possible to auto-encode a request url passed > to CAS? > > Hi Misagh, > >The application that is generating the URLs is emailing them to users > which require no encoding. When the user clicks on the URL, my load > balancer redirects the URL to flow through CAS by appending the URL as a > service like so > > https:// > cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 > > > <http://cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567> > So > in the above URL, the user clicked on the link > https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 > > <http://cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567> > and > was redirected through CAS. > > If I do nothing and let CAS handle the service URL, the user ends up being > redirected to > https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX > <http://cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567> > > As these links are not always the same, I can't just redirect them to an > encoded URL in our load balancer. The only other alternative would be to > dig into the application's code which is not supported and attempt to have > it generate encoded URL's to end users but as I said before, this is not > user friendly. It seems much easier to just have CAS support a config > option to allow a query string to be fully used as a service URL. Unless I > am going about this all wrong? > > Thanks!! > > On Monday, September 26, 2016 at 2:58:20 PM UTC-4, Misagh Moayyed wrote: >> >> I realize you are asking for auto-encoding, but is there any reason the >> service url is not encoded prior to submission? >> >> -- >> Misagh >> >> From: Dan Roque <jdr...@gmail.com> >> Reply: Dan Roque <jdr...@gmail.com> >> Date: September 26, 2016 at 10:21:49 PM >> To: CAS Community <cas...@apereo.org> >> Subject: [cas-user] Re: Possible to auto-encode a request url passed to >> CAS? >> >> I looked over the latest source code and found the relevant code from >> 3.5.2 that I am asking about >> >> https:// >> github.com/apereo/cas/blob/master/core/cas-server-core-services/src/main/java/org/apereo/cas/authentication/principal/WebApplicationServiceFactory.java#L32 >> >> Any downfalls to have some sort of config that allows ampersands to be >> auto-encoded in a query string before the SimpleWebApplicationServiceImpl >> object is created? So for example, if the following service URL is passed >> to CAS >> >> https:// >> test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 >> >> <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567> >> >> >> <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567>CAS >> >> checks the query string and auto-encodes each ampersand to %26 which would >> result in >> >> https:// >> test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 >> >> >> <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567>This >> >> would allow the user to be redirected to the intended service URL. This >> would be done by not calling getParameter but instead calling >> getQueryString() and constructing the service string from that. &
Re: [cas-user] Re: Possible to auto-encode a request url passed to CAS?
Hi Misagh, The application that is generating the URLs is emailing them to users which require no encoding. When the user clicks on the URL, my load balancer redirects the URL to flow through CAS by appending the URL as a service like so https:// cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 <http://cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567> So in the above URL, the user clicked on the link https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 <http://cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567> and was redirected through CAS. If I do nothing and let CAS handle the service URL, the user ends up being redirected to https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX <http://cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567> As these links are not always the same, I can't just redirect them to an encoded URL in our load balancer. The only other alternative would be to dig into the application's code which is not supported and attempt to have it generate encoded URL's to end users but as I said before, this is not user friendly. It seems much easier to just have CAS support a config option to allow a query string to be fully used as a service URL. Unless I am going about this all wrong? Thanks!! On Monday, September 26, 2016 at 2:58:20 PM UTC-4, Misagh Moayyed wrote: > > I realize you are asking for auto-encoding, but is there any reason the > service url is not encoded prior to submission? > > -- > Misagh > > From: Dan Roque <jdr...@gmail.com> > Reply: Dan Roque <jdr...@gmail.com> > Date: September 26, 2016 at 10:21:49 PM > To: CAS Community <cas...@apereo.org> > Subject: [cas-user] Re: Possible to auto-encode a request url passed to > CAS? > > I looked over the latest source code and found the relevant code from > 3.5.2 that I am asking about > > https:// > github.com/apereo/cas/blob/master/core/cas-server-core-services/src/main/java/org/apereo/cas/authentication/principal/WebApplicationServiceFactory.java#L32 > > Any downfalls to have some sort of config that allows ampersands to be > auto-encoded in a query string before the SimpleWebApplicationServiceImpl > object is created? So for example, if the following service URL is passed > to CAS > > https:// > test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 > > <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567> > > > <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567>CAS > > checks the query string and auto-encodes each ampersand to %26 which would > result in > > https:// > test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 > > > <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567>This > > would allow the user to be redirected to the intended service URL. This > would be done by not calling getParameter but instead calling > getQueryString() and constructing the service string from that. > > Thoughts? > > BTW, I'm currently testing CAS 3.5.2 with Tomcat 7.0.64 > > Thanks! > > On Monday, September 26, 2016 at 12:02:56 PM UTC-4, Dan Roque wrote: >> >> Hi, >> >>I'm using an application that emails links to users to view reports >> and need to redirect these links through CAS (version 3.5.2). The issue is >> that the application does not URL encode these links when sending to the >> user as there is no requirement to do so. If the URL is clicked "as-is", it >> gets redirected to CAS which will strip off any extra parameters it finds. >> I want to know if it would be possible to have CAS auto-encode the request >> URL it receives before creating the service string. Here is an example of a >> URL that is clicked by a user >> >> https:// >> test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 >> >> I redirect this to >> >> https:// >> cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 >> >> >> After the user authenticates with the above URL, the service used becomes >> >> https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX >> >> as Action is read as another parameter due to the ampersand. I would like >> the entire URL to be used as a service and be alt
[cas-user] Re: Possible to auto-encode a request url passed to CAS?
I looked over the latest source code and found the relevant code from 3.5.2 that I am asking about https: //github.com/apereo/cas/blob/master/core/cas-server-core-services/src/main/java/org/apereo/cas/authentication/principal/WebApplicationServiceFactory.java#L32 Any downfalls to have some sort of config that allows ampersands to be auto-encoded in a query string before the SimpleWebApplicationServiceImpl object is created? So for example, if the following service URL is passed to CAS https:// test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567> <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567>CAS checks the query string and auto-encodes each ampersand to %26 which would result in https:// test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 <http://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567>This would allow the user to be redirected to the intended service URL. This would be done by not calling getParameter but instead calling getQueryString() and constructing the service string from that. Thoughts? BTW, I'm currently testing CAS 3.5.2 with Tomcat 7.0.64 Thanks! On Monday, September 26, 2016 at 12:02:56 PM UTC-4, Dan Roque wrote: > > Hi, > >I'm using an application that emails links to users to view reports and > need to redirect these links through CAS (version 3.5.2). The issue is that > the application does not URL encode these links when sending to the user as > there is no requirement to do so. If the URL is clicked "as-is", it gets > redirected to CAS which will strip off any extra parameters it finds. I > want to know if it would be possible to have CAS auto-encode the request > URL it receives before creating the service string. Here is an example of a > URL that is clicked by a user > > https:// > test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 > > I redirect this to > > https:// > cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 > > > After the user authenticates with the above URL, the service used becomes > > https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX > > as Action is read as another parameter due to the ampersand. I would like > the entire URL to be used as a service and be altered to the following > > https:// > test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 > > Does CAS have the capability to auto-encode this for me? So all the '&' > would change to '%26'. The only other alternative would be to figure out > how to get the application itself to auto-encode the URL but users wouldn't > have a "user-friendly" URL. > > I looked over the CAS 3.5.2 source code and noticed that the service is > generated in this method within the SimpleWebApplicationServiceImpl class > > SimpleWebApplicationServiceImpl createServiceFrom(final HttpServletRequest > request, final HttpClient httpClient) { ... } > > This is the only spot I can see where modifying the service URL would work. > > Any input is appreciated. > > Thanks!! > > Dan > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e98625b2-d88c-4497-84e7-baee138d0a69%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Possible to auto-encode a request url passed to CAS?
Hi, I'm using an application that emails links to users to view reports and need to redirect these links through CAS (version 3.5.2). The issue is that the application does not URL encode these links when sending to the user as there is no requirement to do so. If the URL is clicked "as-is", it gets redirected to CAS which will strip off any extra parameters it finds. I want to know if it would be possible to have CAS auto-encode the request URL it receives before creating the service string. Here is an example of a URL that is clicked by a user https: //test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 I redirect this to https: //cas2.domain.com/cas/login?method=POST=https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX=U_ID=1234567 After the user authenticates with the above URL, the service used becomes https://test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX as Action is read as another parameter due to the ampersand. I would like the entire URL to be used as a service and be altered to the following https: //test.domain.com/EMPLOYEE/CDM_RPT.GBL?Page=CDM_RPT_INDEX%26Action=U%26CDM_ID=1234567 Does CAS have the capability to auto-encode this for me? So all the '&' would change to '%26'. The only other alternative would be to figure out how to get the application itself to auto-encode the URL but users wouldn't have a "user-friendly" URL. I looked over the CAS 3.5.2 source code and noticed that the service is generated in this method within the SimpleWebApplicationServiceImpl class SimpleWebApplicationServiceImpl createServiceFrom(final HttpServletRequest request, final HttpClient httpClient) { ... } This is the only spot I can see where modifying the service URL would work. Any input is appreciated. Thanks!! Dan -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/afacaa72-9758-4166-858d-29164025e14b%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.