from:"Mr Rao"

[cas-user] Dynamic Themes per Service

2020-03-18 Thread Mr Rao

Hi,
I'm  trying to implement dynamic themes in CAS  deployments and found a 
nice documentation on this.  All I want to do is change style/logo and I do 
not want to copy the cas.js and cas.css files to theme folder.

Also I want to get styles and logo from db instead of properties file. Is 
this possible?


Regards,
Rao.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0944d24d-dc29-4b15-8ea0-570184b95537%40apereo.org.

[cas-user] CAS 5.2.3 running on tomcat 9 and openjdk11

2019-12-09 Thread Mr Rao

Hi,
I have deployed CAS 5.2.3 on tomcat 9 and running under open jdk 11 ( after 
recompiling my project  in java11) .

I started seeing performance issues with logout, ticket validation etc, 
this is happening occasionally. Is CAS 52.3 compatible with open jdk11?

I suspect the all async calls are running synchronously and blocking 
threads causing slowness..  Any ideas?


Thanks
Rao

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c953f650-f6b6-4a36-bf85-63a0e6984c7a%40apereo.org.

Re: [cas-user] CAS 5.2.x OAuth2 Server support

2019-10-17 Thread Mr Rao

Hi Gandhi,

Thank you for your quick response. Actually its working when you pass in 
the body instead of params. I tried using Postman to test it.

Rao

On Wednesday, October 16, 2019 at 9:50:42 PM UTC-7, Gandhi wrote:
>
> Hi Rao,
>
> Yes, I faced the same issue as the sensitive information is passed over 
> request params. You can configure Tomcat to not log the request params as 
> below:
>
>
> In tomcat server.xml, at the end of the file, find the below entry
>
>  directory="logs"
>
>prefix="localhost_access_log." suffix=".txt"
>
>pattern="%h %l %u %t %r %s %b" />
>
> and update it to
>
>  directory="logs"
>
>prefix="localhost_access_log." suffix=".txt"
>        pattern="%h %l %u %t %m %U %H %s %b" />
>
>
> Hope this helps.
>
> Thanks,
> Gandhi Reddy P.
>
> On Thu, Oct 17, 2019 at 5:34 AM Mr Rao > 
> wrote:
>
>> Hi,
>>
>>  
>>
>> Currently we use CAS for SSO between web applications, now I'm trying to 
>> use for restful webservices token based authentication using OAuth2/JWT 
>> tokens.
>>
>>
>>  
>>
>> When I was playing with it I noticed that  for accessing token we need to 
>> pass  client_id, client_secret for Grant type client credential and 
>> username/password for Grant type password as parameters. I think its very 
>> unsecured because these show up in tomcat access logs.
>>
>>  
>>
>> Is there any way to pass as part of body or http headers instead of 
>> params without me override lot of cas code ?
>>
>>  
>>
>> Thanks
>>
>>  
>>
>> Rao
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org
>>  
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org?utm_medium=email_source=footer>
>> .
>>
>
> *This mail contains confidential information intended only for the 
> individual(s) named. If you’re not the named addressee, don’t disseminate, 
> distribute or copy this e-mail. Please notify the sender immediately and 
> delete it from your system.If you wish not to receive such e-mails you may 
> reply with text “Unsubscribe”.*

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/479f0191-b3cf-4869-8275-41b2965e89cb%40apereo.org.

[cas-user] CAS 5.2.3 - CAS server support generate JWT token

2019-10-17 Thread Mr Rao

Hi,
I'm using cas 5.2.3 and enabled oauth server support, I need to do follow 
things. Is it possible?

Also this cas is used for SSO in web applications and delegated 
authentication for other apps. In addition to existing supported 
authentication I want to use CAS as oAuth Server for API security.

1) Only use CAS as Authorization Server
2) Store tickets in the database which is used by Resource Server ( API 
server) to validate it. Because we do not want to hit cas validating  jwt 
tokens.
3) Generate JWT token instead oauth token. I can create custom 
AccessTokenFactory 
instead of using DefaultAccessTokenFactory but wondering if there is any 
easy way to do this.



Thanks
Rao

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/57c89053-8ef0-4163-8f4e-eaf91bf4aa15%40apereo.org.

[cas-user] CAS 5.2.x OAuth2 Server support

2019-10-16 Thread Mr Rao



Hi,

 

Currently we use CAS for SSO between web applications, now I'm trying to 
use for restful webservices token based authentication using OAuth2/JWT 
tokens.


 

When I was playing with it I noticed that  for accessing token we need to 
pass  client_id, client_secret for Grant type client credential and 
username/password for Grant type password as parameters. I think its very 
unsecured because these show up in tomcat access logs.

 

Is there any way to pass as part of body or http headers instead of params 
without me override lot of cas code ?

 

Thanks

 

Rao

 

 

 

 

 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org.

Re: [cas-user] Disable HttpBasedServiceCredentialsAuthenticationHandler? CAS 5.2.3

2019-01-16 Thread Mr Rao

Hello,
Any one knows if we need to disable 
HttpBasedServiceCredentialsAuthenticationHandleror this is safe to leave it ?

Thanks
Rao

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f2efc4aa-ebc8-47b0-96f0-3e97c34bd455%40apereo.org.

[cas-user] Disable HttpBasedServiceCredentialsAuthenticationHandler? CAS 5.2.3

2019-01-07 Thread Mr Rao

Hi,

When I debug PolicyBasedAuthenticationManager.authenticateInternal  I did 
noticed three authentication handlers.
1) My Custom AuthenticationHandler
2 ) ClientAuthenticationHandler 
3 ) HttpBasedServiceCredentialsAuthenticationHandler 

I'm only using my customer handler and ClientAuthenticationHandler.  I do 
not see #3.  How do I turn off 
HttpBasedServiceCredentialsAuthenticationHandler  completely?  I'm worried 
that hackers can send HttpClientCredential to get access to the system.


Also I did notice that PolicyBasedAuthenticationManager has log.error when 
we enter bad password which I also want suppress this logging.

Thanks
Rao

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb82166f-7705-43a5-91d1-f6621727230b%40apereo.org.

[cas-user] Re: AbstractServicesManager.findServiceBy called to many times( 17 times) for login

2018-12-17 Thread Mr Rao

Actually its 24 times for each service request.



On Monday, December 17, 2018 at 1:39:59 PM UTC-8, Mr Rao wrote:
>
> Hi,
> I would like to implement my custom serviceManager to create a Service 
> based on passed in Service object/id on the fly since we do not want to go 
> through all services for every login to find matching service.
>
> When I was implementing this I noticed 
> that AbstractServicesManager.findServiceBy  called 17 times for a single 
> login, is that normal? 
>
> Thanks
>
> Rao
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b27bf3cc-cf0d-4608-b100-0f143c3baa39%40apereo.org.

[cas-user] Re: AbstractServicesManager.findServiceBy called to many times( 17 times) for login

2018-12-17 Thread Mr Rao

This is cas 5.2.3 version.


On Monday, December 17, 2018 at 1:39:59 PM UTC-8, Mr Rao wrote:
>
> Hi,
> I would like to implement my custom serviceManager to create a Service 
> based on passed in Service object/id on the fly since we do not want to go 
> through all services for every login to find matching service.
>
> When I was implementing this I noticed 
> that AbstractServicesManager.findServiceBy  called 17 times for a single 
> login, is that normal? 
>
> Thanks
>
> Rao
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/eca4d677-5c6d-48d5-9214-3d747784bf92%40apereo.org.

[cas-user] AbstractServicesManager.findServiceBy called to many times( 17 times) for login

2018-12-17 Thread Mr Rao

Hi,
I would like to implement my custom serviceManager to create a Service 
based on passed in Service object/id on the fly since we do not want to go 
through all services for every login to find matching service.

When I was implementing this I noticed 
that AbstractServicesManager.findServiceBy  called 17 times for a single 
login, is that normal? 

Thanks

Rao

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a8f40409-fe67-4941-a1ec-6b7dae845509%40apereo.org.

Re: [cas-user] How to disable CasMetricsConfiguration in CAS 5.2.3?

2018-12-17 Thread Mr Rao

Thanks, Ray.

Rao.


On Wednesday, December 12, 2018 at 2:55:32 PM UTC-8, rbon wrote:
>
> By 'application log files', do you mean catalina.out?
>
> First make sure you are editing the correct file. You can force a 
> particular file with a setting like this in cas.properties:
>
> logging.config: file:/home/uvtomcat/config/log4j2.xml
>
> Perhaps there is a more general logger that picks up the perStatsLogger. 
> In the logger definition 'additivity="false"' prevents other loggers from 
> also processing the messages. _BUT_ you must have an AppenderRef defined; 
> if not the root logger (typically console => catalina.out) will take over.
> In other words, you have to comment out the logger, as below, not just the 
> appender ref.
>
> Ray
>
> On Wed, 2018-12-12 at 14:03 -0800, Mr Rao wrote:
>
> Thanks for your response.   I tried commenting out and it started routing 
> the logs to application log files which didn't solve the issue. 
>
>
>
> On Wednesday, December 12, 2018 at 9:28:43 AM UTC-8, Jon Anderson wrote: 
>
> I fought with the same issue a few months ago, and I did not figure out 
> how to suppress that log. I'm pretty sure that I tried commenting out the 
> log4j entry as well as other tweaks, but nothing worked for me. If it works 
> I'll have to try again...
>
> Jon
> --
> *From:* cas-...@apereo.org [cas-...@apereo.org] on behalf of Ray Bon [
> rb...@uvic.ca]
> *Sent:* Wednesday, December 12, 2018 11:10 AM
> *To:* cas-...@apereo.org
> *Subject:* Re: [cas-user] How to disable CasMetricsConfiguration in CAS 
> 5.2.3?
>
> Rao,
>
> You can comment it out in log4j2.xml:
>
> 
> 
>
> Ray
>
> On Tue, 2018-12-11 at 18:32 -0800, Mr Rao wrote:
>
> Hi, 
> We have decided to  disable  CasMetricsConfiguration  I couldn't find 
> property in cas.properties file to disable this?
>
> I do not want any perfStatsLogger at all. Any help is greatly 
> appreciated. This is filling up log files/disk space.
>
>
> Thanks
> Rao
>
>
> 018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.non-heap.used, value=105554216
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.committed, value=11108352
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.init, value=163840
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.max, value=33554432
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.usage, value=0.1809825897216797
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.used, value=6072768
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.committed, value=143130624
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.init, value=4521984
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.max, value=143130624
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.usage, value=0.34437706356956843
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.used, value=49290904
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.used-after-gc, value=0
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.committed, value=100773888
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.init, value=0
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.max, value=-1
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.usage, value=0.9871748522791935
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.used, value=99481448
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.committed, value=17891328
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.init, value=524288
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.max, val

Re: [cas-user] How to disable CasMetricsConfiguration in CAS 5.2.3?

2018-12-12 Thread Mr Rao

Thanks for your response.   I tried commenting out and it started routing 
the logs to application log files which didn't solve the issue.



On Wednesday, December 12, 2018 at 9:28:43 AM UTC-8, Jon Anderson wrote:
>
> I fought with the same issue a few months ago, and I did not figure out 
> how to suppress that log. I'm pretty sure that I tried commenting out the 
> log4j entry as well as other tweaks, but nothing worked for me. If it works 
> I'll have to try again...
>
> Jon
> --
> *From:* cas-...@apereo.org  [cas-...@apereo.org ] 
> on behalf of Ray Bon [rb...@uvic.ca ]
> *Sent:* Wednesday, December 12, 2018 11:10 AM
> *To:* cas-...@apereo.org 
> *Subject:* Re: [cas-user] How to disable CasMetricsConfiguration in CAS 
> 5.2.3?
>
> Rao,
>
> You can comment it out in log4j2.xml:
>
> 
> 
>
> Ray
>
> On Tue, 2018-12-11 at 18:32 -0800, Mr Rao wrote:
>
> Hi, 
> We have decided to  disable  CasMetricsConfiguration  I couldn't find 
> property in cas.properties file to disable this?
>
> I do not want any perfStatsLogger at all. Any help is greatly 
> appreciated. This is filling up log files/disk space.
>
>
> Thanks
> Rao
>
>
> 018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.non-heap.used, value=105554216
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.committed, value=11108352
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.init, value=163840
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.max, value=33554432
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.usage, value=0.1809825897216797
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Code-Cache.used, value=6072768
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.committed, value=143130624
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.init, value=4521984
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.max, value=143130624
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.usage, value=0.34437706356956843
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.used, value=49290904
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Eden-Space.used-after-gc, value=0
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.committed, value=100773888
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.init, value=0
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.max, value=-1
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.usage, value=0.9871748522791935
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Metaspace.used, value=99481448
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.committed, value=17891328
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.init, value=524288
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.max, value=17891328
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.usage, value=0.20750611692994506
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.used, value=3712560
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Survivor-Space.used-after-gc, value=3712560
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Tenured-Gen.committed, value=357957632
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Tenured-Gen.init, value=11206656
> 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
> name=jvm.memory.pools.Tenured-Gen.max, value=357957632
> 2018-12-11

[cas-user] How to disable CasMetricsConfiguration in CAS 5.2.3?

2018-12-11 Thread Mr Rao

Hi,
We have decided to  disable  CasMetricsConfiguration  I couldn't find 
property in cas.properties file to disable this?

I do not want any perfStatsLogger at all. Any help is greatly appreciated. 
This is filling up log files/disk space.


Thanks
Rao


018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.non-heap.used, value=105554216
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Code-Cache.committed, value=11108352
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Code-Cache.init, value=163840
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Code-Cache.max, value=33554432
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Code-Cache.usage, value=0.1809825897216797
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Code-Cache.used, value=6072768
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Eden-Space.committed, value=143130624
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Eden-Space.init, value=4521984
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Eden-Space.max, value=143130624
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Eden-Space.usage, value=0.34437706356956843
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Eden-Space.used, value=49290904
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Eden-Space.used-after-gc, value=0
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Metaspace.committed, value=100773888
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Metaspace.init, value=0
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Metaspace.max, value=-1
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Metaspace.usage, value=0.9871748522791935
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Metaspace.used, value=99481448
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Survivor-Space.committed, value=17891328
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Survivor-Space.init, value=524288
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Survivor-Space.max, value=17891328
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Survivor-Space.usage, value=0.20750611692994506
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Survivor-Space.used, value=3712560
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Survivor-Space.used-after-gc, value=3712560
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Tenured-Gen.committed, value=357957632
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Tenured-Gen.init, value=11206656
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Tenured-Gen.max, value=357957632
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Tenured-Gen.usage, value=0.9090788710994714
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Tenured-Gen.used, value=325411720
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.pools.Tenured-Gen.used-after-gc, value=301383952
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.total.committed, value=630861824
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.total.init, value=16941056
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.total.max, value=518979583
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=jvm.memory.total.used, value=483969400
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=thread-states.blocked.count, value=0
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=thread-states.count, value=81
2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, 
name=thread-states.daemon.count, value=71
2018-12-11 18:22:13,667 severity=INFO, class=perfStatsLogger, type=GAUGE,

[cas-user] Re: CAS 5.2.3 - Memcache monotiring

2018-10-22 Thread Mr Rao

I've tried to disable the security by setting  endpoints.sensitive=false 
but I still get Access Denise error  when access  
https://localhost:8443/cas/status 
<https://www.google.com/url?q=https%3A%2F%2Fcasurl%2Fcas%2Fstatus=D=1=AFQjCNGKV-dARq3gGClLgQlCYg8rZD_EGQ>

I created a Simple controller to check memcache health and tried to use  
https://localhost:8443/cas/status 
<https://www.google.com/url?q=https%3A%2F%2Fcasurl%2Fcas%2Fstatus=D=1=AFQjCNGKV-dARq3gGClLgQlCYg8rZD_EGQ>
  
 and I still get Access Denise error  .

But when I changed my controller end point url  like  h
ttps://localhost:8443/cas/status 
<https://www.google.com/url?q=https%3A%2F%2Fcasurl%2Fcas%2Fstatus=D=1=AFQjCNGKV-dARq3gGClLgQlCYg8rZD_EGQ>xxx
  
  This works.

It looks like there is some thing either in CAS code or spring boot 
acuator  looking for url with /status ???

Basically I want to disable all monitoring included in CAS and  use my 
custom Controller end point to check memcache health. How do I disable 
complete monitoring from CAS and make my health check url to be  
https://localhost:8443/cas/status 
<https://www.google.com/url?q=https%3A%2F%2Fcasurl%2Fcas%2Fstatus=D=1=AFQjCNGKV-dARq3gGClLgQlCYg8rZD_EGQ>
 ?

Thanks
Rao 


On Sunday, October 21, 2018 at 11:34:42 PM UTC-7, Mr Rao wrote:
>
> Hi,
> We have been monitoring memcache using https://casurl/cas/status 
> <https://www.google.com/url?q=https%3A%2F%2Fcasurl%2Fcas%2Fstatus=D=1=AFQjCNGKV-dARq3gGClLgQlCYg8rZD_EGQ>
>   
> cas 3.x version, we changed Monitoring bean to pass only our custom 
> memcache health check.
>
> I see that in new CAS health check has lot of end points and also all end 
> points are secured , all I want to do is create custom mecache health check 
> and we want to use it in our load balancer health check instead of exposing 
> it on the web , as we use it internally we do not need security for this 
> end point. I do not want to expose all spring boot endpoints mentioned in 
> the doc at 
> https://apereo.github.io/cas/5.2.x/installation/Monitoring-Statistics.html
>
>
> Any help is appreciated.
>
>
> Thanks
> Rao
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/acf129b3-8f60-4d99-acde-6d182349127f%40apereo.org.

[cas-user] CAS 5.2.3 - Memcache monotiring

2018-10-22 Thread Mr Rao

Hi,
We have been monitoring memcache using https://casurl/cas/status  cas 3.x 
version, we changed Monitoring bean to pass only our custom memcache health 
check.

I see that in new CAS health check has lot of end points and also all end 
points are secured , all I want to do is create custom mecache health check 
and we want to use it in our load balancer health check instead of exposing 
it on the web , as we use it internally we do not need security for this 
end point. I do not want to expose all spring boot endpoints mentioned in 
the doc at 
https://apereo.github.io/cas/5.2.x/installation/Monitoring-Statistics.html


Any help is appreciated.


Thanks
Rao

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d6c9efd-ba42-4bd7-949c-a97427a62482%40apereo.org.

[cas-user] Adding Request Param to CAS login and logout.

2018-10-04 Thread Mr Rao

Hi, Currently I've implemented delegated authentication using CAS 5.2.3 
with other apps for external IDP logins, i.e ADFS, OKTA etc..  When the 
user click on  app which is integrated with CAS SSO ,they pass a param 
called idp=adfs

and when the user logout from app1 it will go to logout to re-login again 
in that case I want to add the idp param back to login url. Basically when 
user re-login I want to delegate to ADFS login. 

For example 

1) User click on  https://localhost:8443/app1?idp=adfs

2) It will redirect to https://localhost:8443/cas/login?idp=adfs

3) CAS will delegate authentication to ADFS and  successfully login to  
https://localhost:8443/app1

4) User click logout link on app  https://localhost:8443/app1   which will 
redirect to https://localhost:8443/cas/logout.

After this on logout page user can link login again link  in that case it 
will redirect to https://localhost:8443/cas/login  but I want to add 
idp=adfs param back which came originally from initial request so that it 
can delegate to ADFS if user doesn't close browser and re-login.  I can 
change each app to use https://localhost:8443/cas/logout?idp=adfs and take 
that param and send it to https://localhost:8443/login?idp=adfs.

But there are many apps I need to change, is there any easy way to achieve 
this on CAS side ? Or whats the best practice to handle app specific 
logout. this is not a global logout from IDP just logged out of CAS and 
other SSO apps but the user is still active on IDP side.

Thanks
Rao.









-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e07f6418-6761-43f4-ac66-a5e1a48c767a%40apereo.org.

[cas-user] Re: CAS 5.2.3 -support for XSS protection

2018-10-03 Thread Mr Rao

Hi Andy,

These settings for setting http response and by default they are enabled. I 
was looking for stripping off the xss script code from http request params 
and headers. Here is what I did and seems working fine. I've created 
XSSFilter  and added it to FilterChain by using below code. My 
implementation of getParam , getParams, getHeader methods strips off the 
xss injection code not getting into application code.

@Configuration("WebFilterConfiguration")
public class XifinWebFilterConfiguration {

@Bean
public FilterRegistrationBean xssFilter() {
FilterRegistrationBean filterRegBean = new FilterRegistrationBean();
filterRegBean.setFilter(new XSSFilter());
filterRegBean.addUrlPatterns("/*");
filterRegBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return filterRegBean;
}
}



Chava


On Wednesday, October 3, 2018 at 3:10:00 AM UTC-7, Andy Ng wrote:
>
> Hi Chava,
>
> See if these properties are what you after?
>
>
> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests
>
> Also, for what each properties does what, you can reference the source 
> code here: 
> [ 
> https://github.com/apereo/cas/blob/5.2.x/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/web/security/HttpWebRequestProperties.java
>  
> ]
>
> Cheers!
> - Andy
>
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d47047-c005-4f0b-a719-2d0f33b7fd74%40apereo.org.

[cas-user] CAS 5.2.3 -support for XSS protection

2018-10-02 Thread Mr Rao

Hi,
We were using XSSFilter in old version of cas since its using web.xml we 
were able to add this to web.xml.
Can any one help on how can I do this in CAS 5.2.3? Basically we want to 
protect from cross site scripting attacks.


Chava

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/12da98ee-a2a9-47fb-90a4-372204207928%40apereo.org.

[cas-user] Re: CAS 5.2.3 IpAddress blocking& Password expiry messages & Service Maintenance notifications

2018-09-05 Thread Mr Rao

Any ideas?

I also want to pass username to password change url when it triggers force 
to change password.


On Thursday, May 17, 2018 at 9:08:15 AM UTC-7, Mr Rao wrote:
>
> Hi, 
> Any one has ideas on this?
>
> Rao
>
>
> On Wednesday, May 16, 2018 at 10:12:13 PM UTC-7, Mr Rao wrote:
>>
>> Hi,
>> I've been migrating from CAS 3.2.5 to CAS 5.2.3. We have below 
>> requirements in current code and need help on how to implement these in new 
>> version of CAS.
>>
>> 1) IP address blocking per user basis , error message should be added 
>> dynamically instead of using messages.properties.
>>
>> 2) After successful login before redirecting user to Service we want to 
>> display Application Maintenance notification. Info messages should be added 
>> dynamically instead of using messages.properties.
>>
>> 3)  After successful logic before redirecting user to Service we want to 
>> display  password expiration warning and user must be able click on change 
>> password to reset password. Error message should be added dynamically 
>> instead of using messages.properties.
>>
>> I tried to modify AbstractAuthenticationAction class like below and I'm 
>> unable to add  my custom error message instead of using 
>> messages.properties.  
>>
>> Whats the best practice to implement these?
>>
>> Thanks
>> Rao
>>
>>
>>  protected Event doExecute(final RequestContext requestContext) {
>> final String agent = 
>> WebUtils.getHttpServletRequestUserAgentFromRequestContext();
>> final GeoLocationRequest geoLocation = 
>> WebUtils.getHttpServletRequestGeoLocationFromRequestContext();
>>
>> // TODo  -  Ip address Checking.
>> Event event = 
>> iPAddressCasWebflowSupport.doExecute(requestContext);
>> if (event != null) {
>> return event;
>> }
>>
>>
>> if (!adaptiveAuthenticationPolicy.apply(agent, geoLocation)) {
>> final String msg = "Adaptive authentication policy does not 
>> allow this request for " + agent + " and " + geoLocation;
>> final Map> map = 
>> CollectionUtils.wrap(
>> 
>> UnauthorizedAuthenticationException.class.getSimpleName(),
>> UnauthorizedAuthenticationException.class);
>> final AuthenticationException error = new 
>> AuthenticationException(msg, map, new HashMap<>(0));
>> return new Event(this, 
>> CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE,
>> new 
>> LocalAttributeMap(CasWebflowConstants.TRANSITION_ID_ERROR, error));
>> }
>>
>> final Event serviceTicketEvent = 
>> this.serviceTicketRequestWebflowEventResolver.resolveSingle(requestContext);
>> if (serviceTicketEvent != null) {
>> fireEventHooks(serviceTicketEvent, requestContext);
>> return serviceTicketEvent;
>> }
>>
>>
>> final Event finalEvent = 
>> this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);
>>
>> fireEventHooks(finalEvent, requestContext);
>>
>> event = notificationsCasWebflowSupport.doExecute(requestContext, 
>> this);
>>
>> if (event != null) {
>> fireEventHooks(event, requestContext);
>> return event;
>> }
>>
>>
>>
>>
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/329efb1d-b0eb-4af1-af79-aeea6f367a40%40apereo.org.

[cas-user] CAS 5.2.3- Enable CAS SAML IDP

2018-08-15 Thread Mr Rao

Hi,
I can't find any good documentation on how to enable CAS as SAML IDP .

I've added below dependency and trying to hit IDP meta data url  
 https://localhost:8443/cas/idp/metadata and I get page not found error.


org.apereo.cas
cas-server-support-saml
${cas.version}




Also, Is it better to latest version of CAS 5.3.2 instead of 5.2.3? 



Thanks
Rao

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e0ee4e-335f-4668-9d54-fc2e57d73871%40apereo.org.

[cas-user] Re: CAS 5.2.3 IpAddress blocking& Password expiry messages & Service Maintenance notifications

2018-05-17 Thread Mr Rao

Hi, 
Any one has ideas on this?

Rao


On Wednesday, May 16, 2018 at 10:12:13 PM UTC-7, Mr Rao wrote:
>
> Hi,
> I've been migrating from CAS 3.2.5 to CAS 5.2.3. We have below 
> requirements in current code and need help on how to implement these in new 
> version of CAS.
>
> 1) IP address blocking per user basis , error message should be added 
> dynamically instead of using messages.properties.
>
> 2) After successful login before redirecting user to Service we want to 
> display Application Maintenance notification. Info messages should be added 
> dynamically instead of using messages.properties.
>
> 3)  After successful logic before redirecting user to Service we want to 
> display  password expiration warning and user must be able click on change 
> password to reset password. Error message should be added dynamically 
> instead of using messages.properties.
>
> I tried to modify AbstractAuthenticationAction class like below and I'm 
> unable to add  my custom error message instead of using 
> messages.properties.  
>
> Whats the best practice to implement these?
>
> Thanks
> Rao
>
>
>  protected Event doExecute(final RequestContext requestContext) {
> final String agent = 
> WebUtils.getHttpServletRequestUserAgentFromRequestContext();
> final GeoLocationRequest geoLocation = 
> WebUtils.getHttpServletRequestGeoLocationFromRequestContext();
>
> // TODo  -  Ip address Checking.
> Event event = iPAddressCasWebflowSupport.doExecute(requestContext);
> if (event != null) {
> return event;
> }
>
>
> if (!adaptiveAuthenticationPolicy.apply(agent, geoLocation)) {
> final String msg = "Adaptive authentication policy does not 
> allow this request for " + agent + " and " + geoLocation;
> final Map<String, Class> map = 
> CollectionUtils.wrap(
> 
> UnauthorizedAuthenticationException.class.getSimpleName(),
> UnauthorizedAuthenticationException.class);
> final AuthenticationException error = new 
> AuthenticationException(msg, map, new HashMap<>(0));
> return new Event(this, 
> CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE,
> new 
> LocalAttributeMap(CasWebflowConstants.TRANSITION_ID_ERROR, error));
> }
>
> final Event serviceTicketEvent = 
> this.serviceTicketRequestWebflowEventResolver.resolveSingle(requestContext);
> if (serviceTicketEvent != null) {
> fireEventHooks(serviceTicketEvent, requestContext);
> return serviceTicketEvent;
> }
>
>
> final Event finalEvent = 
> this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);
>
> fireEventHooks(finalEvent, requestContext);
>
> event = notificationsCasWebflowSupport.doExecute(requestContext, 
> this);
>
> if (event != null) {
> fireEventHooks(event, requestContext);
> return event;
> }
>
>
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/73c53eec-7dfc-47af-8ed9-c1a8f3da4442%40apereo.org.

[cas-user] CAS 5.2.3 IpAddress blocking& Password expiry messages & Service Maintenance notifications

2018-05-16 Thread Mr Rao

Hi,
I've been migrating from CAS 3.2.5 to CAS 5.2.3. We have below requirements 
in current code and need help on how to implement these in new version of 
CAS.

1) IP address blocking per user basis , error message should be added 
dynamically instead of using messages.properties.

2) After successful login before redirecting user to Service we want to 
display Application Maintenance notification. Info messages should be added 
dynamically instead of using messages.properties.

3)  After successful logic before redirecting user to Service we want to 
display  password expiration warning and user must be able click on change 
password to reset password. Error message should be added dynamically 
instead of using messages.properties.

I tried to modify AbstractAuthenticationAction class like below and I'm 
unable to add  my custom error message instead of using 
messages.properties.  

Whats the best practice to implement these?

Thanks
Rao


 protected Event doExecute(final RequestContext requestContext) {
final String agent = 
WebUtils.getHttpServletRequestUserAgentFromRequestContext();
final GeoLocationRequest geoLocation = 
WebUtils.getHttpServletRequestGeoLocationFromRequestContext();

// TODo  -  Ip address Checking.
Event event = iPAddressCasWebflowSupport.doExecute(requestContext);
if (event != null) {
return event;
}


if (!adaptiveAuthenticationPolicy.apply(agent, geoLocation)) {
final String msg = "Adaptive authentication policy does not 
allow this request for " + agent + " and " + geoLocation;
final Map map = 
CollectionUtils.wrap(

UnauthorizedAuthenticationException.class.getSimpleName(),
UnauthorizedAuthenticationException.class);
final AuthenticationException error = new 
AuthenticationException(msg, map, new HashMap<>(0));
return new Event(this, 
CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE,
new 
LocalAttributeMap(CasWebflowConstants.TRANSITION_ID_ERROR, error));
}

final Event serviceTicketEvent = 
this.serviceTicketRequestWebflowEventResolver.resolveSingle(requestContext);
if (serviceTicketEvent != null) {
fireEventHooks(serviceTicketEvent, requestContext);
return serviceTicketEvent;
}


final Event finalEvent = 
this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);

fireEventHooks(finalEvent, requestContext);

event = notificationsCasWebflowSupport.doExecute(requestContext, 
this);

if (event != null) {
fireEventHooks(event, requestContext);
return event;
}





-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/47cbd0bb-2924-4c81-9c90-9eb6b803688d%40apereo.org.

[cas-user] CAS 5.2.3 Memcached Help!

2018-05-09 Thread Mr Rao

Hi,
Any one using  CAS 5.2.3 with Memcached to cache tickets? I'm getting below 
error.  When I see the source code I do not see afterPropertiesSet method 
net.spy.memcached.spring.MemcachedClientFactoryBean it only implements 
FactoryBean.



See below jars in WEB-INF/lib

spymemcached-2.11.4
cas-server-support-memcached-core-5.2.3
cas-server-support-memcached-ticket-registry-5.2.3


Thanks
Rao



java.lang.NoSuchMethodError: 
net.spy.memcached.spring.MemcachedClientFactoryBean.afterPropertiesSet()V
at 
org.apereo.cas.memcached.MemcachedPooledClientConnectionFactory.create(MemcachedPooledClientConnectionFactory.java:68)
 
~[cas-server-support-memcached-core-5.2.3.jar:5.2.3]
at 
org.apereo.cas.memcached.MemcachedPooledClientConnectionFactory.create(MemcachedPooledClientConnectionFactory.java:25)
 
~[cas-server-support-memcached-core-5.2.3.jar:5.2.3]
at 
org.apache.commons.pool2.BasePooledObjectFactory.makeObject(BasePooledObjectFactory.java:60)
 
~[commons-pool2-2.4.2.jar:?]
at 
org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:868)
 
~[commons-pool2-2.4.2.jar:2.4.2]
at 
org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435)
 
~[commons-pool2-2.4.2.jar:2.4.2]
at 
org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363)
 
~[commons-pool2-2.4.2.jar:2.4.2]
at 
org.apereo.cas.ticket.registry.MemcachedTicketRegistry.getClientFromPool(MemcachedTicketRegistry.java:139)
 
~[cas-server-support-memcached-ticket-registry-5.2.3.jar:5.2.3]
at 
org.apereo.cas.ticket.registry.MemcachedTicketRegistry.addTicket(MemcachedTicketRegistry.java:54)
 
~[cas-server-support-memcached-ticket-registry-5.2.3.jar:5.2.3]
at 
org.apereo.cas.DefaultCentralAuthenticationService.createTicketGrantingTicket(DefaultCentralAuthenticationService.java:388)
 
~[DefaultCentralAuthenticationService.class:5.2.3]
at 
org.apereo.cas.DefaultCentralAuthenticationService$$FastClassBySpringCGLIB$$b02e48f2.invoke()
 
~[DefaultCentralAuthenticationService.class:5.2.3]
at 
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
~[spring-core-4.3.14.RELEASE.jar:?]
at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
 
~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 
~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at 
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)
 
~[spring-aop-4.3.14.RELEASE.jar:?]
at 
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134)
 
~[inspektr-audit-1.8.0.GA.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:1.8.0_131]
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
~[?:1.8.0_131]
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
~[?:1.8.0_131]

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f82d0327-f80d-44eb-a19b-64747d0b2e9a%40apereo.org.

[cas-user] CAS 5.2.3 delegated authentication to ADFS

2018-04-08 Thread Mr Rao

Hi,

I've many apps using CAS as single signon. We have few customers wanted to 
use ADFS to login instead of CAS. I was trying to find a good example of 
how to use delegated authentication from CAS to ADFS  using both SAML and  
WS-Federation

When I use 5.2.2/5.2.3  it always going to standards login page 
https://localhost:8443/cas/login.  I had no luck of either using below 
dependencies. 




org.apereo.cas
cas-server-support-wsfederation-webflow
${cas.version}



org.apereo.cas
cas-server-support-pac4j-webflow
${cas.version}





Thanks

Rao.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d65dd405-8a1b-4c36-b24e-0ccefd1a3d08%40apereo.org.

[cas-user] Upgrade CAS 3.5.2 to CAS 5.x

2018-01-12 Thread Mr Rao

Hi,

I would like to upgrade CAS from 3.5.2 to  latest 5.x version, 1) Is there 
any easy way or special instructions to upgrade it?

2) I also want to support multiple IDPs vendors  and use CAS as IDP  , this 
should be based on customer?  Do I need to customize login web flow to use 
different IDP based on customer?  This means one customer is using CAS 
login back end oracle db.and another customer using ADFS or OKTA  but this 
should be configurable.

3) Is there any good example for CAS delegated authentication to ADFS?  


Thanks
Rao





-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/10add21f-323c-4222-baad-8bcb4722afc9%40apereo.org.

Re: [cas-user] CAS ADFS Integration

2017-12-28 Thread Mr Rao

Hi Anton, Can you share your demo app? I've exact same requirement.  Also 
which version of cas you are using?

Thanks
Rao



On Monday, July 24, 2017 at 11:24:04 PM UTC-7, Антон Шихмат wrote:
>
> Okay, so I did it.
> I've updated loginform.html with a link to the adfs:
>
> 
>  th:value="${flowExecutionKey}"/>
> 
> 
>  onclick="$('#adfsLoginForm').submit();" >Login via ADFS
> 
> 
>
> And I've updated a workflow, so by default regular login form is 
> displayed, but in case adfsLoginForm link is selected, CAS will redirect to 
> ADFS and use it for authentication.
> For this purpose I've created a class ADFSWebflowConfigurer that adds 
> additional check if user was authenticated using ADFS.
> For this purpose "ticketGrantingTicketCheck" state is updated, so in case 
> of "notExist" ADFS check will be executed additionally.
>
> On Thursday, July 20, 2017 at 1:43:45 PM UTC+3, Антон Шихмат wrote:
>>
>> Right now have another issue. 
>> I've added link to the login page to redirect to the ADFS login page 
>> using Webflow functionality. But after successful login, default login page 
>> is displayed again for some reason.
>> If login using credentials from the database - everything works as 
>> expected. Do I need to add some additional configuration? I mean maybe some 
>> webflow update needed?
>>
>> On Tuesday, July 18, 2017 at 2:26:23 AM UTC+3, Misagh Moayyed wrote:
>>>
>>> Yes; there is a setting that controls auto-redirect to ADFS. Set that to 
>>> false, and put the link on the login page.
>>>
>>> --Misagh
>>>
>>> On July 17, 2017 at 1:51:10 PM, Uxío Prego (upr...@madiva.com) wrote:
>>>
>>> Let us hope am wrong, but reminds me vaguely of
>>>
>>> https://groups.google.com/a/apereo.org/d/msg/cas-user/BwnFLyc8TnY/6NjFsnIEAQAJ
>>>
>>> Best of luck,
>>>
>>> On 17 Jul 2017, at 09:23, Антон Шихмат  wrote:
>>>
>>> Hello everyone,
>>>
>>> On my current project we use CAS with configured custom database 
>>> authentication provider.
>>>
>>> Few weeks ago we received request from our client to integrate CAS with 
>>> their ADFS.
>>> I did it using provided tutorial on CAS website. After that only ADFS 
>>> authentication can be used. What I mean – when user tries to open secured 
>>> page, ADFS logic page is displayed, so user can use only his ADFS 
>>> credentials and cannot navigate to regular logic page (where database 
>>> authentication is configured).
>>>
>>> So my question is – is it possible to have a database authentication 
>>> provider configured as primary one (with default login page) and to have 
>>> button on that page that will redirect to ADFS authentication provider?
>>>
>>> Thanks,
>>> Anton
>>>
>>> --
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines: 
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5254c733-f507-46e0-ab43-a0a67022c2a5%40apereo.org
>>>  
>>> 
>>> .
>>>
>>>
>>> --
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines: 
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/B6930B01-0EDC-4199-B933-E1053778E231%40madiva.com
>>>  
>>> 
>>> .
>>>
>>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/60cb3bc8-d064-4302-9c00-cfa19092cf37%40apereo.org.

[cas-user] Dynamic Themes per Service

[cas-user] CAS 5.2.3 running on tomcat 9 and openjdk11

Re: [cas-user] CAS 5.2.x OAuth2 Server support

[cas-user] CAS 5.2.3 - CAS server support generate JWT token

[cas-user] CAS 5.2.x OAuth2 Server support

Re: [cas-user] Disable HttpBasedServiceCredentialsAuthenticationHandler? CAS 5.2.3

[cas-user] Disable HttpBasedServiceCredentialsAuthenticationHandler? CAS 5.2.3

[cas-user] Re: AbstractServicesManager.findServiceBy called to many times( 17 times) for login

[cas-user] Re: AbstractServicesManager.findServiceBy called to many times( 17 times) for login

[cas-user] AbstractServicesManager.findServiceBy called to many times( 17 times) for login

Re: [cas-user] How to disable CasMetricsConfiguration in CAS 5.2.3?

Re: [cas-user] How to disable CasMetricsConfiguration in CAS 5.2.3?

[cas-user] How to disable CasMetricsConfiguration in CAS 5.2.3?

[cas-user] Re: CAS 5.2.3 - Memcache monotiring

[cas-user] CAS 5.2.3 - Memcache monotiring

[cas-user] Adding Request Param to CAS login and logout.

[cas-user] Re: CAS 5.2.3 -support for XSS protection

[cas-user] CAS 5.2.3 -support for XSS protection

[cas-user] Re: CAS 5.2.3 IpAddress blocking& Password expiry messages & Service Maintenance notifications

[cas-user] CAS 5.2.3- Enable CAS SAML IDP

[cas-user] Re: CAS 5.2.3 IpAddress blocking& Password expiry messages & Service Maintenance notifications

[cas-user] CAS 5.2.3 IpAddress blocking& Password expiry messages & Service Maintenance notifications

[cas-user] CAS 5.2.3 Memcached Help!

[cas-user] CAS 5.2.3 delegated authentication to ADFS

[cas-user] Upgrade CAS 3.5.2 to CAS 5.x

Re: [cas-user] CAS ADFS Integration

26 matches

Site Navigation

Mail list logo

Footer information