[cas-user] invalid xml cas for apache/PHP

2021-01-08 Thread amit rathee 
It appears that the body returned is not a valid SOAP-ENV XML document.
Actually after inspecting the body, two XML SOAP-ENV documents
(concatenated) are returned within the same response, which is unexpected
and gets our SOAP parser lost.

* This happens only with PHP/APACHE apps , all Java/JBOSS apps working
fine *

Cheers ,
Amit

On Fri, Jan 8, 2021 at 6:45 PM 'Tom O'Neill' via CAS Community <
cas-user@apereo.org> wrote:

> I have my Groovy authentication policy code being executed but I may be
> missing something.
>
> The script is only passed the authenticated principal from the
> authentication context in GroovyScriptAuthenticationPolicy.java
>
>
>
>
> cas-server-core-authentication-api/src/main/java/org/apereo/cas/authentication/policy/GroovyScriptAuthenticationPolicy.java
>
>
>
> private Optional getScriptExecutionResult(final
> Authentication auth) {
>
> val args = CollectionUtils.wrap("principal", auth.getPrincipal(),
> "logger", LOGGER);
>
> executableScript.setBinding(args);
>
> return executableScript.execute(args.values().toArray(),
> Optional.class);
>
> }
>
>
>
> How would I evaluate the authentication handler results from a Groovy
> script if I only have the principal?
>
>
>
> I was able to create a workaround by applying the NotPreventedException
> policy and using a Groovy password policy script to throw a Prevented
> Exception on certain conditions.
>
> It mostly works but it isn’t perfect and it seems like the authentication
> policy is the root issue so I’d like to create a new one either through a
> Groovy script or Java, if necessary.
>
>
>
> Thanks,
>
> Tom
>
>
>
> *From:* 'Tom O'Neill' via CAS Community 
> *Sent:* Tuesday, January 5, 2021 3:24 PM
> *To:* cas-user@apereo.org
> *Subject:* [cas-user] Authentication Policy with Multiple Directories
>
>
>
> *CAUTION: This email originated from outside of SIG. Exercise caution when
> opening attachments or clicking links, especially from unknown senders.*
>
> Hi All,
>
>
>
> I re-read my message and realized immediately where the issue was.
>
> Whenever properties “aren’t being read” it’s always because I’m missing a
> dependency.
>
> Since the password policy was covered by ‘cas-server-support-ldap’ I
> wasn’t thinking when I switched to testing the authentication policy.
>
> I added the following dependency and I see the log entries:
>
> cas-server-support-generic
>
>
>
> I’m going to see if I can use this approach to accomplish my goal.
>
>
>
> Still open to suggestions.
>
>
>
> Thanks,
>
>
>
> Tom
>
>
>
> *From:* 'Tom O'Neill' via CAS Community 
> *Sent:* Tuesday, January 5, 2021 12:08 PM
> *To:* cas-user@apereo.org
> *Subject:* RE: [EXT] [cas-user] Authentication Policy with Multiple
> Directories
>
>
>
> *CAUTION: This email originated from outside of SIG. Exercise caution when
> opening attachments or clicking links, especially from unknown senders.*
>
> Hi All,
>
>
>
> I’ve done some additional digging and it seems like the easiest solution
> would be to use a Groovy script for the authentication policy.
>
>
> https://apereo.github.io/cas/6.3.x/installation/Configuring-Authentication-Components.html#authentication-policy
>
>
>
> I may be missing something but I don’t see to be able to get CAS to
> execute the a Groovy script.
>
> I’ve tried setting the following property in my CAS config:
>
>
>
> cas.authn.policy.groovy[0].script=file:/etc/cas/config/account.groovy
>
>
>
> I modified the example so that it would output a message to the log and
> then return NULL – just wanted to see it get invoked.
>
>
>
> import java.util.*
>
> import org.apereo.cas.authentication.exceptions.*
>
> import javax.security.auth.login.*
>
>
>
> def Exception run(final Object... args) {
>
> def principal = args[0]
>
> def logger = args[1]
>
> logger.error(“* Groovy Account Policy”)
>
> return null;
>
> }
>
>
>
> The code doesn’t seem to get hit at all – no messages output in the log
> and the default account policies are applied.
>
>
>
> Any suggestions or guidance would be greatly appreciated.
>
> I tried a Groovy password policy script and while it executed, it didn’t
> stop the authentication chain from processing the second LDAP after
> authentication fails on the first.
>
>
>
> Thanks,
>
>
>
> Tom
>
>
>
> *From:* 'Tom O'Neill' via CAS Community 
> *Sent:* Friday, January 1, 2021 3:51 PM
> *To:* cas-user@apereo.org
> *Subject:* [EXT] [cas-user] Authentication Policy with Multiple
> Directories
>
>
>
> *CAUTION: This email originated from outside of SIG. Exercise caution when
> opening attachments or clicking links, especially from unknown senders.*
>
> [EXT-STAMP-ADDED]
>
> Hi All,
>
>
>
> I am working on a CAS 6.3 deployment where we need to configure multiple
> directories for authentication using LDAP.
>
>
>
> I have both LDAP sources configured and working with LPPE enabled but I
> need to change the authentication behavior slightly.
>
>
>
> If the user is found in the first directory and

[cas-user] How to configure CAS 3.2.1 to support Mulitple Domain ?

2020-09-25 Thread amit rathee 
I have configured my xx.com domian and now I have to support yy.com by the
same CAS server . Where do I need to do the changes ?

Regards,
Amit

On Fri, Sep 25, 2020 at 4:38 PM Christophe Delcour <
christophedelc...@gmail.com> wrote:

> thank you for the quick response ;-)
> here are the modules added in the build.gradle:
> implementation
> "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
> implementation
> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
> implementation "org.apereo.cas:
> cas-server-webapp${project.appServer}:${casServerVersion}"
>
> and cas.serviceRegistry.json.location=file:///etc/cas/services is
> correctly configured:
>
> cas.properties:
> cas.server.name=https://belenios.eca.eu
> cas.server.prefix=${cas.server.name}/cas
>
> logging.config=file:/etc/cas/config/log4j2.xml
> cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.json.location=file:///etc/cas/services
>
> cas.authn.accept.users=
> ### Connexion LDAP
>
> cas.authn.ldap\[0\].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
> cas.authn.ldap\[0\].type=AUTHENTICATED
> cas.authn.ldap\[0\].useSsl=true
> ...
>
> I have activated the debug and here are the logs
> 2020-09-25 13:02:49,081 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [JsonServiceRegistry].>
> 2020-09-25 13:03:01,934 DEBUG
> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] -  [TGT-1-*8ovoFM8IAk-belenios] could not be found>
> 25-Sep-2020 13:03:02.176 WARNING [https-jsse-nio-443-exec-6]
> javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log
> javax.persistence.spi::No valid providers found.
> 2020-09-25 13:03:02,207 DEBUG
> [org.apereo.cas.web.flow.login.InitialFlowSetupAction] -  cookies for warn cookie generator to: [/cas/]>
> 2020-09-25 13:03:02,208 DEBUG
> [org.apereo.cas.web.flow.login.InitialFlowSetupAction] -  cookies for TGC cookie generator to: [/cas/]>
> 2020-09-25 13:03:02,215 DEBUG
> [org.apereo.cas.web.flow.login.InitialFlowSetupAction] -  in context scope: [
> https://belenios.eca.eu:8001/auth/cas?state=oxnzF3WnHV7qAn]>
> 2020-09-25 13:03:02,218 WARN
> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] -
> 
> 2020-09-25 13:03:04,029 DEBUG
> [org.apereo.cas.web.view.CasReloadableMessageBundle] -  found for [classpath:custom_messages_en] - neither plain properties nor XML>
> 2020-09-25 13:03:04,030 DEBUG
> [org.apereo.cas.web.view.CasReloadableMessageBundle] -  found for [classpath:custom_messages] - neither plain properties nor XML>
> 2020-09-25 13:03:04,031 DEBUG
> [org.apereo.cas.web.view.CasReloadableMessageBundle] -  found for [classpath:messages_en] - neither plain properties nor XML>
> 2020-09-25 13:03:04,039 DEBUG
> [org.apereo.cas.web.view.CasReloadableMessageBundle] -  [messages.properties] with encoding 'UTF-8'>
> 2020-09-25 13:03:04,822 DEBUG
> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] -  [TGT-1-*8ovoFM8IAk-belenios] could not be found>
> 2020-09-25 13:03:05,205 DEBUG
> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] -  [TGT-1-*8ovoFM8IAk-belenios] could not be found>
> 2020-09-25 13:03:07,952 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [JsonServiceRegistry].>
> 2020-09-25 13:03:17,974 INFO
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0]
> expired tickets removed.>
> 2020-09-25 13:03:17,975 DEBUG
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  ticket cleanup.>
>
>
>
> Le vendredi 25 septembre 2020 à 12:04:21 UTC+2, Marc Maurice a écrit :
>
>> You need that in build.gradle :
>>
>> implementation
>> "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
>>
>>
>> And that in cas.properties :
>>
>> cas.service-registry.json.location=file:///etc/cas/services
>>
>>
>> Can you check?
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/904b6923-0f23-4bbf-a835-1abe66300f79n%40apereo.org
> 
> .
>


-- 
Cheers,
Amit

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an

Re: [cas-user] Failed to validate tickets through CAS

2018-08-13 Thread amit rathee 
PLEASE HELP URGENTLY

*Problem statement  *:: 1) I have implemented SPNEGO but still s*eeing the
LOGIN form* sometimes for a particular application whereas it works fine
for rest of the applications
2) And also sometimes getting the issue
"org.jasig.cas.client.validation.TicketValidationException: The CAS server
returned no response"

Cheers,
Amit


On Mon, Aug 13, 2018 at 10:17 PM Ray Bon  wrote:

> Antonios,
>
> You will need a validation filter,
> https://github.com/apereo/java-cas-client#orgjasigcasclientvalidationcas10ticketvalidationfilter
>
> Is the CAS endpoint cas-sso?
>
> Ray
>
> On Mon, 2018-08-13 at 06:20 -0700, Antonios Ventouris wrote:
>
> Hello,
>
> I have CAS installed for SSO.
> I am able to login and proceed, but the ticket is not validated.
> Below, is what I get from logs:
>
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property roleGroupName on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property ticketValidatorClass on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property defaultRoles on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property principalGroupName on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property service on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property cacheAssertions on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property cacheTimeout on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule
> createTicketValidator
> WARNING: Cannot find property roleAttributeNames on
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator
> Jul 6, 2018 4:11:29 PM org.jasig.cas.client.jaas.CasLoginModule login
> INFO: Login failed due to CAS ticket validation failure:
> org.jasig.cas.client.validation.TicketValidationException:
> Service not allowed to validate tickets.
>
> And this is how I am trying to check if the ticket is validated:
>
> http://IP:PORT/cas-sso/validate?service=IP:PORT?ticket=
>
> The error I get is that the ticket is not validated.
>
> Do I need to add the Ticker Validation Filter in the web.xml file ?
> I use this: Cas10TicketValidationFilter , for ticket validation.
>
> Thank you in advance,
> AV
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1534178847.2503.14.camel%40uvic.ca
> 
> .
>


-- 
Cheers,
Amit

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHUO3V3FQKE%2BEFQJfYyb3%3D0M_gG7z7aPmD82Wb8-2J%2BomhfPww%40mail.gmail.com.