[cas-user] Re: CAS MFA with LinOTP

[arti wavale]

how to connect or merge LinOTP to CAS server ?




On Friday, October 20, 2017 at 7:31:56 AM UTC+5:30, RJ wrote:
>
> LinOTP (https://www.linotp.org/ ) is a great, full featured Open Source 
> OTP Solution. 
>
> Tons of LinOTP features: https://www.linotp.org/features.html
>
> Authy and Duo seem to be expensive options. Per User or Per Token is very 
> expensive in big schools.
>
>
> Has anyone tried LinOTP as a MFA Custom Provider? 
>
> Why don't we include this provider in the next version ?
>
> Thanks much!
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/22401136-4a1f-47da-98df-dfbdc1e5cf72%40apereo.org.

[cas-user] Re: Forgot username in CAS

[arti wavale]

 you have successfully configured CAS to make use of password management so 
can you share cas.properties file ?



On Friday, June 8, 2018 at 12:04:07 PM UTC+5:30, newbee wrote:
>
> Hello cas-users,
>
> First of all thanks to everyne supporting this project.
>
> I am using CAS 5.2.5. I have successfully configured CAS to make use of 
> password management. 
>
> I would like similar functionality for forgotten username. Is this kind of 
> functionality available in CAS 5.2 version? Could it be implemented easily?
>
> Any help will be much appreciated.
>
> Thanks,
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4df61a8c-2be1-4486-9539-61d82d7c64ac%40apereo.org.

[cas-user] Re: Issue with cas 6 password managenment

[arti wavale]

can you explain me, how implemented password management in cas 5.2 and can 
share cas.properties file and which dependency are you used in pox.xml file?

On Tuesday, November 20, 2018 at 10:33:06 PM UTC+5:30, MD. Fazla Rabby 
wrote:
>
> We are already using CAS5.2 and password management working fine. But for 
> CAS version 6 we are getting the ldap referral error  
> "java.security.cert.CertificateException: Hostname does not match the 
> hostname in the server's certificate site:stackoverflow.com"
> How to get around with this 
>
> This is my cas.properties
>
>
>
> cas.authn.pm.enabled=true
> cas.authn.pm.policyPattern=^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9
> ])(?=.*?[#?!@$%~()_{}-]).{8,}$
> cas.authn.pm.reset.text=Reset your password with this link: %s
> cas.authn.pm.reset.subject=Password Reset Request
> cas.authn.pm.reset.from=myemail.mydomain.com
>
>
> #password reset expiry is set to 1 day equivalent minutes
> cas.authn.pm.reset.expirationMinutes=1440
> cas.authn.pm.reset.emailAttribute=secondaryEmail
> cas.authn.pm.reset.securityQuestionsEnabled=true
>
> # Automatically log in after successful password change
> cas.authn.pm.autoLogin=false
>
> # Used to sign/encrypt the password-reset link
> cas.authn.pm.reset.crypto.encryption.key=asdasdasdasdasdasdasdasdasdasd
> cas.authn.pm.reset.crypto.signing.key
> =asdasdasasdasdasdasdadsadasdasdasdasd
> cas.authn.pm.reset.crypto.enabled=true
>
>
> #Email Submissions
>
> spring.mail.host=smtp.office365.com
> spring.mail.port=587
> spring.mail.username=mye...@email.com 
> spring.mail.password=pass
> spring.mail.testConnection=true
> spring.mail.properties.mail.smtp.auth=true
> spring.mail.properties.mail.smtp.starttls.enable=true
>
> #
> ##LDAP Password management
> #
> cas.authn.pm.ldap.type=AD
> #
> cas.authn.pm.ldap.ldapUrl=ldaps://myldap:636
> cas.authn.pm.ldap.useSsl=true
> cas.authn.pm.ldap.useStartTls=false
> cas.authn.pm.ldap.connectTimeout=5
> cas.authn.pm.ldap.baseDn=DC=xx,DC=xx,DC=xx,DC=xx
> cas.authn.pm.ldap.searchFilter=cn={user}
> cas.authn.pm.ldap.subtreeSearch=true
> cas.authn.pm.ldap.bindDn=CN=xx,OU=xx,DC=xx,DC=xx,DC=xx,DC=xx
> cas.authn.pm.ldap.bindCredential=pass
> # cas.authn.pm.ldap.connectionStrategy=
> cas.authn.pm.ldap.trustCertificates=file:/etc/cas/myldap.cer
> ## cas.authn.pm.ldap.keystore=
> ## cas.authn.pm.ldap.keystorePassword=
> ## cas.authn.pm.ldap.keystoreType=JKS|JCEKS|PKCS12
> cas.authn.pm.ldap.poolPassivator=BIND
> cas.authn.pm.ldap.minPoolSize=3
> cas.authn.pm.ldap.maxPoolSize=10
> cas.authn.pm.ldap.validateOnCheckout=true
> cas.authn.pm.ldap.validatePeriodically=true
> cas.authn.pm.ldap.validatePeriod=600
> cas.authn.pm.ldap.validateTimeout=5000
> cas.authn.pm.ldap.failFast=true
> cas.authn.pm.ldap.idleTime=500
> cas.authn.pm.ldap.prunePeriod=600
> cas.authn.pm.ldap.blockWaitTime=5000
>
> ##cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
> #
> ## Attributes that should be fetched to indicate security questions and 
> answers,
> ## assuming security questions are enabled.
> cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion1
> =attributeAnswer1
> cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion2
> =attributeAnswer2
> cas.authn.pm.ldap.securityQuestionsAttributes.attrQuestion3=
> attributeAnswer2
> #
> cas.authn.pm.ldap.validator.type=SEARCH
> cas.authn.pm.ldap.validator.baseDn=DC=xx,DC=xx,DC=xx,DC=xx
> ##cas.authn.pm.ldap.validator.searchFilter=(objectClass=*)
> cas.authn.pm.ldap.validator.scope=SUBTREE
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d2b5ab2-a319-47b7-a802-be92b1008802o%40apereo.org.

[cas-user] Re: CAS 5.2.x Could not update the account password

[arti wavale]

Im also facing same problem

On Friday, February 9, 2018 at 12:06:32 AM UTC+5:30, casuser wrote:
>
> I am using CAS 5.2.x. For reset password, I get the reset password email 
> and from the link I can get to the reset password page where I enter my new 
> password and retype it but I get this error on the browser "Could not 
> update the account password" and nothing in the server log. I am using 
> LDAP active directory. 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2994cef5-062a-40eb-ae36-907d5b20e237o%40apereo.org.

Re: [cas-user] Re: Issue with cas 6 password managenment

[arti wavale]

Hello Root,

First of all,
Thank you so much for your reply..

I'm using CAS v5.2 in which I have used "cas.authn.pm.ldap.userFilter=cn
={user}" in cas.properties file. The userFilter attribute was renamed to 
searchFilter in CAS v5.3 but Still I have tried "
cas.authn.pm.ldap.searchFilter=cn={user}" in cas.properties file and check 
it but same error occurred.

Thanks and Regards
Arti

On Tuesday, June 23, 2020 at 11:58:16 AM UTC+5:30, Root wrote:
>
>
> @Arthi,
>
> Have you included "cas.authn.pm.ldap.searchFilter=cn={user}"  in 
> cas.properties?, and you should enable debug mode in both CAS and LDAP 
> server side and check both logs to get more detail.
>
>
>
>
>
> On Tuesday, June 23, 2020 at 11:14:12 AM UTC+5:30, arti wavale wrote:
>>
>> All detail information provided in a document . Please find the attachment
>>
>> I am facing error such as "could not update the account password "
>>
>> If anyone can help to resolve this issue
>>
>>
>> -
>>
>> *Pom.xml:*
>> org.apereo.cas
>> cas-server-support-pm-ldap
>> ${cas.version}
>>
>>
>>
>>
>>
>>  
>>  
>>  
>>  
>>
>> *cas.properties:*
>>
>>
>> cas.authn.accept.users= cas.authn.ldap[0].order=0 
>> cas.authn.ldap[0].name=LDAP 
>> Server cas.authn.ldap[0].type=AUTHENTICATED 
>> cas.authn.ldap[0].ldapUrl=ldap://localhost cas.authn.ldap[0].useSsl=false 
>> cas.authn.ldap[0].useStartTls=false 
>> cas.authn.ldap[0].connectTimeout=5 
>> cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].validatePeriod=270 
>> cas.authn.ldap[0].userFilter=cn={user} 
>> #cas.authn.ldap[0].userFilter=(|(uid={user})(cn={user})(mail={user})) 
>> cas.authn.ldap[0].baseDn=dc=example,dc=com 
>> #cas.authn.ldap[0].enhanceWithEntryResolver=true 
>> #cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com 
>> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com 
>> cas.authn.ldap[0].bindCredential=administrator 
>> cas.authn.ldap[0].enhanceWithEntryResolver=true 
>> cas.authn.ldap[0].dnFormat:cn=%s,cn=admin,dc=example,dc=com 
>> cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail 
>> cas.authn.ldap[0].collectDnAttribute=false 
>>
>>
>> cas.authn.ldap[0].principalAttributeId=cncas.authn.ldap[0].principalAttributePassword=userPassword#
>>  attributes to be retrieved from LDAP 
>> userPassword#cas.authn.ldap[0].principalAttributeList=uid,cn,mail#cas.authn.ldap[0].collectDnAttribute=falsecas.authn.ldap[0].principalDnAttributeName=principalLdapDncas.authn.ldap[0].allowMultiplePrincipalAttributeValues=truecas.authn.ldap[0].allowMissingPrincipalAttributeValue=true#
>>  cas.authn.ldap[0].credentialCriteria=# LDAP Password Encoding# 
>> cas.authn.ldap[0].passwordEncoder.type=# 
>> cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8# 
>> cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA# LDAP 
>> Poolingcas.authn.ldap[0].minPoolSize=3cas.authn.ldap[0].maxPoolSize=50cas.authn.ldap[0].validateOnCheckout=truecas.authn.ldap[0].validatePeriodically=truecas.authn.ldap[0].validatePeriod=600cas.authn.ldap[0].failFast=truecas.authn.ldap[0].idleTime=5000cas.authn.ldap[0].prunePeriod=5000cas.authn.ldap[0].blockWaitTime=5000
>> cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvidercas.authn.ldap[0].allowMultipleDns=false
>>
>>
>>
>>
>> #Password Management
>> spring.mail.host=mail.technology.comspring.mail.port=587spring.mail.username=x...@technology.comspring.mail.password=xxspring.mail.testConnection=truespring.mail.properties.mail.smtp.auth=truespring.mail.properties.mail.smtp.starttls.enable=true
>>
>>
>>
>>
>>  
>>  
>>  
>>  
>>
>> cas.authn.pm.enabled=true#cas.authn.pm.policyPattern=^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%~()_{}-]).{8,}$
>>  #cas.authn.pm.reset.text=password reset:%scas.authn.pm.reset.text=Reset 
>> your password with this link: %s#cas.authn.pm.reset.subject=armor password 
>> resetcas.authn.pm.reset.subject=Password Reset 
>> Requestcas.authn.pm.reset.from=${spring.mail.username}cas.authn.pm.reset.expirationMinutes=10cas.authn.pm.reset.emailAttribute=mailcas.authn.pm.reset.securityQuestionsEnabled=falsecas.authn.pm.autoLogin=false
>> cas.authn.pm.reset.crypto.encryption.key=cas.authn.pm.reset.crypto.signing.key=xxcas.authn.pm.reset.crypto.enabled=true
>>
>> 

Re: [cas-user] Re: Issue with cas 6 password managenment

[arti wavale]

Hello root,

Thanks for quick response

i have used SHA format for LDAP password.

and also tried below properties in cas.properties file but still problem is 
same which is "could not update account password"

# LDAP Password Encoding
cas.authn.ldap[0].passwordEncoder.type=DEFAULT
cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA

I have a one doubt, right now I am using simple ldap database connection 
means url=ldap://localhost:389 so is it a reason password management not 
working?
is there any complusion to use ssl ldap connection means 
url=ldaps://localhost:636 then and oly then password management work?

Thanks and Regards
Arti

On Wednesday, July 8, 2020 at 5:10:33 PM UTC+5:30, Root wrote:
>
> Log is too much, but i can see the error is related  to storing the LDAP 
> password type, what type of algorithm is used to store password?, (SSHA 
> ,SHA-512, scrypt, MD5.etc) and the character encoding, the default 
> should be UTF-8
>
> Try to keep default and try or just don't specify too much variables 
> relating to this  in the cas properties.
>
>
>
>
>
>
>
>
>
>
> On Wednesday, July 8, 2020 at 10:03:18 AM UTC+5:30 arti wavale wrote:
>
>> Hello,
>>
>> I am providing cas.log file, please once check it and if got any idea to 
>> resolve password managemnt problem then please guide me
>>
>> On Tuesday, June 23, 2020 at 4:01:08 PM UTC+5:30, Root wrote:
>>>
>>>
>>> OK, but what about the logs?, looking at logs you can get some hint,  
>>> have you enabled CAS debug mode  ( )  in cas-log4j2.xml 
>>> file?, and also in your LDAP server some option to enable debug/verbose 
>>> mode,  after enable and restarting the services,  tail both the logs and 
>>> try to change the LDAP password, and see what error you get in logs.
>>>
>>>
>>>
>>>
>>> On Tuesday, June 23, 2020 at 2:28:14 PM UTC+5:30, arti wavale wrote:
>>>>
>>>> Hello Root,
>>>>
>>>> First of all,
>>>> Thank you so much for your reply..
>>>>
>>>> I'm using CAS v5.2 in which I have used "cas.authn.pm.ldap.userFilter=
>>>> cn={user}" in cas.properties file. The userFilter attribute was 
>>>> renamed to searchFilter in CAS v5.3 but Still I have tried "
>>>> cas.authn.pm.ldap.searchFilter=cn={user}" in cas.properties file and 
>>>> check it but same error occurred.
>>>>
>>>> Thanks and Regards
>>>> Arti
>>>>
>>>> On Tuesday, June 23, 2020 at 11:58:16 AM UTC+5:30, Root wrote:
>>>>>
>>>>>
>>>>> @Arthi,
>>>>>
>>>>> Have you included "cas.authn.pm.ldap.searchFilter=cn={user}"  in 
>>>>> cas.properties?, and you should enable debug mode in both CAS and LDAP 
>>>>> server side and check both logs to get more detail.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tuesday, June 23, 2020 at 11:14:12 AM UTC+5:30, arti wavale wrote:
>>>>>>
>>>>>> All detail information provided in a document . Please find the 
>>>>>> attachment
>>>>>>
>>>>>> I am facing error such as "could not update the account password "
>>>>>>
>>>>>> If anyone can help to resolve this issue
>>>>>>
>>>>>>
>>>>>> -
>>>>>>
>>>>>> *Pom.xml:*
>>>>>> org.apereo.cas
>>>>>> cas-server-support-pm-ldap
>>>>>> ${cas.version}
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>>
>>>>>> *cas.properties:*
>>>>>>
>>>>>>
>>>>>> cas.authn.accept.users= cas.authn.ldap[0].order=0 
>>>>>> cas.authn.ldap[0].name=LDAP 
>>>>>> Server cas.authn.ldap[0].type=AUTHENTICATED 
>>>>>> cas.authn.ldap[0].ldapUrl=ldap://localhost 
>>>>>> cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false 
>>>>>> cas.authn.ldap[0].connectTimeout=5 
>>>>>> cas.authn.ldap[0].s

Re: [cas-user] Re: Issue with cas 6 password managenment

[arti wavale]

Hello Root Sir,

Thank you so much for guiding me and helping me to resolve problem.
Appreciated..

Thanks and Regards
Arti


On Thursday, July 9, 2020 at 5:18:57 AM UTC+5:30, Root wrote:
>
>
> SHA is pretty simple algorithm, but weak too, if you are testing its fine, 
> but not good for production.
> Yes, you should give a try with 636 and as new browsers are pushing 
> towards https, using encrypted connection should become default.
>
>
>
> On Wed, Jul 8, 2020 at 8:27 PM arti wavale  > wrote:
>
>> Hello root,
>>
>> Thanks for quick response
>>
>> i have used SHA format for LDAP password.
>>
>> and also tried below properties in cas.properties file but still problem 
>> is same which is "could not update account password"
>>
>> # LDAP Password Encoding
>> cas.authn.ldap[0].passwordEncoder.type=DEFAULT
>> cas.authn.ldap[0].passwordEncoder.characterEncoding=UTF-8
>> cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=SHA
>>
>> I have a one doubt, right now I am using simple ldap database connection 
>> means url=ldap://localhost:389 so is it a reason password management not 
>> working?
>> is there any complusion to use ssl ldap connection means 
>> url=ldaps://localhost:636 then and oly then password management work?
>>
>> Thanks and Regards
>> Arti
>>
>> On Wednesday, July 8, 2020 at 5:10:33 PM UTC+5:30, Root wrote:
>>>
>>> Log is too much, but i can see the error is related  to storing the LDAP 
>>> password type, what type of algorithm is used to store password?, (SSHA 
>>> ,SHA-512, scrypt, MD5.etc) and the character encoding, the default 
>>> should be UTF-8
>>>
>>> Try to keep default and try or just don't specify too much variables 
>>> relating to this  in the cas properties.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Wednesday, July 8, 2020 at 10:03:18 AM UTC+5:30 arti wavale wrote:
>>>
>>>> Hello,
>>>>
>>>> I am providing cas.log file, please once check it and if got any idea 
>>>> to resolve password managemnt problem then please guide me
>>>>
>>>> On Tuesday, June 23, 2020 at 4:01:08 PM UTC+5:30, Root wrote:
>>>>>
>>>>>
>>>>> OK, but what about the logs?, looking at logs you can get some hint,  
>>>>> have you enabled CAS debug mode  ( )  in 
>>>>> cas-log4j2.xml 
>>>>> file?, and also in your LDAP server some option to enable debug/verbose 
>>>>> mode,  after enable and restarting the services,  tail both the logs and 
>>>>> try to change the LDAP password, and see what error you get in logs.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tuesday, June 23, 2020 at 2:28:14 PM UTC+5:30, arti wavale wrote:
>>>>>>
>>>>>> Hello Root,
>>>>>>
>>>>>> First of all,
>>>>>> Thank you so much for your reply..
>>>>>>
>>>>>> I'm using CAS v5.2 in which I have used "cas.authn.pm.ldap.userFilter
>>>>>> =cn={user}" in cas.properties file. The userFilter attribute was 
>>>>>> renamed to searchFilter in CAS v5.3 but Still I have tried "
>>>>>> cas.authn.pm.ldap.searchFilter=cn={user}" in cas.properties file and 
>>>>>> check it but same error occurred.
>>>>>>
>>>>>> Thanks and Regards
>>>>>> Arti
>>>>>>
>>>>>> On Tuesday, June 23, 2020 at 11:58:16 AM UTC+5:30, Root wrote:
>>>>>>>
>>>>>>>
>>>>>>> @Arthi,
>>>>>>>
>>>>>>> Have you included "cas.authn.pm.ldap.searchFilter=cn={user}"  in 
>>>>>>> cas.properties?, and you should enable debug mode in both CAS and LDAP 
>>>>>>> server side and check both logs to get more detail.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tuesday, June 23, 2020 at 11:14:12 AM UTC+5:30, arti wavale wrote:
>>>>>>>>
>>>>>>>> All detail information provided in a document . Please find the 
>>>>>>>> attachment
>>>>>>>>
>>>>>>>> I am facing error such as

[cas-user] Re: Apereo Cas - Password Management via REST

[arti wavale]

Hello

I am also facing same issue with MySql database users for update password

*Reset Password Management for MySql users*


For mysql password update issue it is trying to use LDAP module to update 
the password but it should be using JDBC module to update Mysql DB password!


Below error log line indicates that.

*ERROR 
[org.apereo.cas.config.pm.org.apereo.cas.pm.ldap.LdapPasswordManagementService]*


I have removed all dependencies from pom.xml file and all Ldap attribute 
entries from cas.properties related to ldap  but still cas server use 
*[org.apereo.cas.config.pm.org.*
*apereo.cas.pm.ldap.LdapPasswordManagementService]* for update password of 
mysql users


so how can I activate *org.apereo.cas.config.pm.org 
.**apereo.cas.pm.jdbc.JdbcPassword 
ManagemntService* in cas server. Do you have any suggestions?


Thanks and Regards

Arti

On Monday, July 20, 2020 at 8:31:36 AM UTC+5:30, Napoleon Ponaparte wrote:
>
> I have succeed config Password Management via JDBC in Apereo CAS version 
> 6.1.x. 
>
> Now, I want to try Password Management via REST since I used MongoDB to 
> store user information, thus the fact that JDBC password management is not 
> applicable with my case.
>
> I followed this instruction Password Managment REST 
> 
>
> 
>
> I wrote Go code as REST API to connect MongoDB, GET information and UPDATE 
> user information easily. But I don't know structure of Request and Response 
> JSON is.
>
> For example:
> REQUEST FOR USERNAME 
> GET /restapilink:port/username 
> RESPONSE { "username": "abc" } 
> REQUEST FOR Password GET /restapilink:port/password RESPONSE { "password": 
> "123456" }
>
> Or
> REQUEST for all user information 
> GET /restapilink:port/ 
> RESPONSE { "username": "abc", "password": "123456", "email": "
> a...@gmail.com " }
>
> And Could I use REST to reset password with user information store in 
> MongoDB?
>
> In addition, I have found this RestPasswordManagementService.java 
> .
>  
> It is not easy to understand since I don't know input and output are.
>
> Please help me.
>
> Thank you.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e0481b9-87e3-4b60-9b40-4983ff6a263do%40apereo.org.

[cas-user] Re: Apereo Cas - Password Management via REST

[arti wavale]

Hello,

I am using CAS V5.2 and MySql Version is 14.14 on Ubuntu 16.04.01 operating 
system

Thanks and Regards
Arti



On Monday, July 20, 2020 at 9:47:07 AM UTC+5:30, Napoleon Ponaparte wrote:
>
> Hi,
> Which CAS and MySQL version are you using?
> Could you post your detail configuration in CAS?
> Thanks.
> On Monday, July 20, 2020 at 11:14:03 AM UTC+7 arti wavale wrote:
>
>> Hello
>>
>> I am also facing same issue with MySql database users for update password
>>
>> *Reset Password Management for MySql users*
>>
>>
>> For mysql password update issue it is trying to use LDAP module to update 
>> the password but it should be using JDBC module to update Mysql DB password!
>>
>>
>> Below error log line indicates that.
>>
>> *ERROR 
>> [org.apereo.cas.config.pm.org.apereo.cas.pm.ldap.LdapPasswordManagementService]*
>>
>>
>> I have removed all dependencies from pom.xml file and all Ldap attribute 
>> entries from cas.properties related to ldap  but still cas server use 
>> *[org.apereo.cas.config.pm.org 
>> <http://org.apereo.cas.config.pm.org>.*
>> *apereo.cas.pm.ldap.LdapPasswordManagementService]* for update password 
>> of mysql users
>>
>>
>> so how can I activate *org.apereo.cas.config.pm.org 
>> <http://org.apereo.cas.config.pm.org/>.**apereo.cas.pm.jdbc.JdbcPassword 
>> ManagemntService* in cas server. Do you have any suggestions?
>>
>>
>> Thanks and Regards
>>
>> Arti
>>
>> On Monday, July 20, 2020 at 8:31:36 AM UTC+5:30, Napoleon Ponaparte wrote:
>>>
>>> I have succeed config Password Management via JDBC in Apereo CAS version 
>>> 6.1.x. 
>>>
>>> Now, I want to try Password Management via REST since I used MongoDB to 
>>> store user information, thus the fact that JDBC password management is not 
>>> applicable with my case.
>>>
>>> I followed this instruction Password Managment REST 
>>> <https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#rest-password-management>
>>>
>>> <https://i.stack.imgur.com/SjKhp.png>
>>>
>>> I wrote Go code as REST API to connect MongoDB, GET information and 
>>> UPDATE user information easily. But I don't know structure of Request and 
>>> Response JSON is.
>>>
>>> For example:
>>> REQUEST FOR USERNAME 
>>> GET /restapilink:port/username 
>>> RESPONSE { "username": "abc" } 
>>> REQUEST FOR Password GET /restapilink:port/password RESPONSE { 
>>> "password": "123456" }
>>>
>>> Or
>>> REQUEST for all user information 
>>> GET /restapilink:port/ 
>>> RESPONSE { "username": "abc", "password": "123456", "email": "
>>> a...@gmail.com" }
>>>
>>> And Could I use REST to reset password with user information store in 
>>> MongoDB?
>>>
>>> In addition, I have found this RestPasswordManagementService.java 
>>> <https://fossies.org/linux/www/legacy/cas-6.1.6.tar.gz/cas-6.1.6/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/pm/rest/RestPasswordManagementService.java>.
>>>  
>>> It is not easy to understand since I don't know input and output are.
>>>
>>> Please help me.
>>>
>>> Thank you.
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1dc76922-31cf-4c8c-ae45-0a200ee52664o%40apereo.org.

[cas-user] Integrating reset password management for Ldap, MySql and active directory in 5.2 CAS server

[arti wavale]

Hello,

I have successfully completed password management tasks for LDAP, MySql and 
Active directory databases but When I am trying to integrate these three 
tasks at a cas.properties file in CAS server then reset password management 
working for only one database(LDAP or MySql or Active directory), Not 
working for three databases.

Do you have any solution on it?

how can we integrate password management for ldap, MySql and active 
directory at cas.properties file in CAS server and it will work with these 
three databases. I am really thankful for quick response.

Thanks and Regards
Arti

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fb45c3a7-9d4c-4b9a-824b-251ebb365722n%40apereo.org.

[cas-user] How to connect cas server 6.2 to mod_auth_cas apache client using ubuntu

[arti wavale]

Hello all,

I am facing issue to connect and transfer user data from cas 6.2 to 
mod_auth_cas apache client.

How to create certificate in cas server 6.2 and which certificate need to 
pass from server to client.

Build and Run command for server:
1]  ./gradlew build 
2]  ./gradlew build jibDockerBuild
3]  ./gradlew run

mod_auth_cas apache client:

CASLoginUrl   https://cas.example.com/cas/login
#CASValidateUrlhttps://cas.example.com/cas/serviceValidate
CASValidateUrl  https://cas.example.com/cas/samlValidate
CASCookiePath /var/cache/apache2/mod_auth_armor/
CASRootProxiedAs https://cas.client.com
CASValidateSAML   On
CASSSOEnabled  On
CASDebugOn
CASVersion  2
LogLevel  debug
CASCertificatePath/etc/ssl/certs/casrdev.crt

Please guide me to connect cas server 6.2 and mod_auth_cas apache client.

Thanks and Regards
Arti


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ecf455b-80b0-4a93-ad09-e9d2f92ce0a9n%40apereo.org.

Re: [cas-user] How to connect cas server 6.2 to mod_auth_cas apache client using ubuntu

[arti wavale]

Hello,

Created certificate using following command:
1] keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore 
/etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME
2] keytool -export -file /etc/cas/config/cas.crt -keystore 
/etc/cas/thekeystore -alias cas 
3] sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore 
/usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts 

*Cas.properties:*
cas.server.name=https://xxx:8443
cas.server.prefix=${cas.server.name}/cas

logging.config=file:/etc/cas/config/log4j2.xml

cas.service-registry.initFromJson=true
cas.service-registry.json.location=file:/etc/cas/services

cas.tgc.secure:true
cas.tgc.crypto.signing.key:xxx
cas.tgc.crypto.encryption.key:

cas.webflow.crypto.signing.key:
cas.webflow.crypto.encryption.key:xxx


cas.authn.accept.users=

cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://localhost
#cas.authn.ldap[0].useSsl=false
#cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].searchFilter=cn={user}
cas.authn.ldap[0].baseDn=dc=cyberforza,dc=com
cas.authn.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com
cas.authn.ldap[0].bindCredential=administrator
cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail

# LDAP Pooling
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=50
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].failFast=true
cas.authn.ldap[0].idleTime=5000
cas.authn.ldap[0].prunePeriod=5000
cas.authn.ldap[0].blockWaitTime=5000
#cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.ldap[0].allowMultipleDns=false

# Attribute repository settings
cas.authn.attribute-repository.expirationTime=30
cas.authn.attribute-repository.expirationTimeUnit=MINUTES
cas.authn.attribute-repository.maximumCacheSize=1

cas.authn.attribute-repository.merger=ADD
cas.authn.attribute-repository.ldap[0].ldapUrl=ldap://localhost
cas.authn.attribute-repository.ldap[0].searchFilter=cn={user}
cas.authn.attribute-repository.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com
cas.authn.attribute-repository.ldap[0].bindCredential=administrator
cas.authn.attribute-repository.ldap[0].attributes.cn=cn
cas.authn.attribute-repository.ldap[0].attributes.displayName=displayName
cas.authn.attribute-repository.ldap[0].attributes.givenName=givenName
cas.authn.attribute-repository.ldap[0].attributes.mail=mail
cas.authn.attribute-repository.ldap[0].attributes.sn=sn
cas.authn.attribute-repository.ldap[0].attributes.employeeNumber=employeeNumber
cas.authn.attribute-repository.ldap[0].attributes.uid=uid

*I am facing issue to connect and transfer user data from cas 6.2 to 
mod_auth_cas apache client.*

*How to create certificate in cas server 6.2 and which certificate need to 
pass from server to client.*

*Build and Run command for server:*
1]  ./gradlew build 
2]  ./gradlew build jibDockerBuild
3]  ./gradlew run

mod_auth_cas apache client:

CASLoginUrl   https://cas.example.com/cas/login
#CASValidateUrlhttps://cas.example.com/cas/serviceValidate
CASValidateUrl  https://cas.example.com/cas/samlValidate
CASCookiePath /var/cache/apache2/mod_auth_armor/
CASRootProxiedAs https://cas.client.com
CASValidateSAML   On
CASSSOEnabled  On
CASDebugOn
CASVersion  2
LogLevel  debug
CASCertificatePath/etc/ssl/certs/cas.crt



AuthType CAS
CASAuthNHeader  On


Require valid-user



Please guide me to connect cas server 6.2 and mod_auth_cas apache client.

Thanks and Regards
Arti
On Tuesday, December 8, 2020 at 9:51:47 PM UTC+5:30 Ray Bon wrote:

> Arti,
>
> You can paste the text of your config into the email.
>
> If you are using self signed certs, either use the same one in both cas 
> and apache or add each cert to the other server.
>
> Ray
>
> On Tue, 2020-12-08 at 05:16 -0800, arti wavale wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> Hello C Ryan,
>
> I have created a detail document and I have mention each and every main 
> step in cas 6.2 server side and mod auth cas apache cas client side. Please 
> find the attachment.
>
> I do not understood how can I create a certificate and how to pass data 
> from server to client .
>
> Please guide me on it
>
> Thanks and Regards
> Arti
>
> On Tuesday, December 8, 2020 at 12:53:57 AM UTC+5:30 C Ryan wrote:
>
> Arti,
>
>
> So first of all there is ton's o

Re: [cas-user] Unauthorized Service Access when directing login page to cas from web app in apache server.

[arti wavale]

Hello,

Check once CASValidateUrl and use *Client_IP *in  CASRootProxiedAs
properties

try this service registry file:
--
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https://*Client_IP*/secured-by-cas(\\z|/.*)",
  "name" : "Apache Secured By CAS",
  "id" : 20191127030720,
  "description" : "CAS development Apache mod_auth_cas server with
username/password protection",
  "attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
  },
  "evaluationOrder" : 1100
}
---

Thanks and Regards
Arti

On Mon, Dec 28, 2020 at 1:05 PM irvan suryadi 
wrote:

> Hi All,
>
> I'm currently trying to develop cas on my localhost network. I'm currently
> trying to add a web application in the apache server as a client for SSO
> CAS. I try to follow directions like:
>
> - Installing and configuring mod_auth_cas on my apache server.
> - added a wildcard registry service (which I will attach below this
> message)
>
> But after I run the application I get an error like : unauthorized Service
> Access. Service [ ] is not found in service registry.
>
> Is there anything I missed? And to add a web app to cas are we needto
> install the cas management overlay?
>
> Currently I am still trying to install the service manually.
>
> 
> The following is a service registry file
> (HTTPSandIMAPSwildcard-1608903630.json in / etc / cas / services):
>
> {
> "@class": "org.apereo.cas.services.RegexRegisteredService",
> "serviceId": "^ (https | imaps): //.*",
> "name": "HTTPS and IMAPS wildcard",
> "id": 1608903630,
> "evaluationOrder": 9
> }
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf168b68-e084-4ff6-93bf-4ba65942d782n%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMWuW3xr5SdUKmsBnobCEEMWMPDsvWGUkn5WBYmUvg%2BTT3Fn8A%40mail.gmail.com.

[cas-user] Re: /status/dashboard - page not found

[arti wavale]

Hello,

I am facing same issue so can you tell me how you created certificate and 
share your admusers.properties file once

ISSUE:
CAS is unable to process this request: "500:Internal Server Error"

org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException: 
javax.net.ssl.SSLHandshakeException: No subject alternative names present 
at 
org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:170)
 
at 
org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
 
at 
org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke()
 
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
 
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 
at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
 
at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
 
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 
at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
 
at 
org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$577bc7b.preHandle()
 
at 
org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155)
 
at 
org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
 
at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
 
at 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
 
at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
 
at 
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at 
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
 
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
at 
org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28)
 
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
at 
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
 
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
at 
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245)
 
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
at 
org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111)
 
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
at 
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
 
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 
at 
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
 
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 
at 
org.apache.catalina.core.ApplicationFilter

Re: [cas-user] Re: /status/dashboard - page not found

[arti wavale]

Hello Ray Bon,

Thanks for your response

Thanks and Regards
Arti

On Thu, Mar 25, 2021 at 10:20 PM Ray Bon  wrote:

> Arti,
>
> 'subject alternative name' is part of your SSL certificate.
> See,
> https://apereo.github.io/cas/6.3.x/installation/Troubleshooting-Guide.html#no-subject-alternative-names,
> for some trouble shooting.
>
> Ray
>
> On Thu, 2021-03-25 at 04:23 -0700, arti wavale wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hello,
>
> I am facing same issue so can you tell me how you created certificate and
> share your admusers.properties file once
>
> ISSUE:
> CAS is unable to process this request: "500:Internal Server Error"
>
> org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException:
> javax.net.ssl.SSLHandshakeException: No subject alternative names present
> at
> org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:170)
> at
> org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
> at
> org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke()
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
> at
> org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
> at
> org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
> at
> org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$577bc7b.preHandle()
> at
> org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155)
> at
> org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
> at
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.apach

Re: [cas-user] Re: /status/dashboard - page not found

[arti wavale]

Hello,

Created ssl certificate in CAS 5.2 server system
1] keytool -genkey -keyalg RSA -alias thekeystore -keystore thekeystore 
-storepass changeit -validity 360 -keysize 2048 -ext san=ip:192.168.07.111
2] keytool -export -alias thekeystore -keypass changeit -file cas.crt 
-keystore thekeystore -storepass changeit
3] keytool -import -file cas.crt -alias thekeystore -keypass changeit 
-keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts 
-storepass changeit

created ssl certificate in Apache client system
1] openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout client.key 
-out client.crt

How  can I connect cas server 5.2 to Apache client 

Apache client side, I can redirected to cas server login page but after 
entered username and password then it is show "Unauthorized " error page

which certificate i need to pass from server to client /etc/ssl/certs path

how can i connect server and client to each other 

Thanks and Regards
Arti
On Thursday, March 25, 2021 at 10:20:22 PM UTC+5:30 Ray Bon wrote:

> Arti,
>
> 'subject alternative name' is part of your SSL certificate.
> See, 
> https://apereo.github.io/cas/6.3.x/installation/Troubleshooting-Guide.html#no-subject-alternative-names,
>  
> for some trouble shooting.
>
> Ray
>
> On Thu, 2021-03-25 at 04:23 -0700, arti wavale wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> Hello,
>
> I am facing same issue so can you tell me how you created certificate and 
> share your admusers.properties file once
>
> ISSUE:
> CAS is unable to process this request: "500:Internal Server Error"
>
> org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException: 
> javax.net.ssl.SSLHandshakeException: No subject alternative names present 
> at 
> org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:170)
>  
> at 
> org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
>  
> at 
> org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke()
>  
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
> at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
>  
> at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>  
> at 
> org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
>  
> at 
> org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
>  
> at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>  
> at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
>  
> at 
> org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$577bc7b.preHandle()
>  
> at 
> org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155)
>  
> at 
> org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
>  
> at 
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
>  
> at 
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
>  
> at 
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
>  
> at 
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
>  
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at 
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
>  
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>  
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  
> at 
> org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28)
>  
> at 
> org.apache.catalina.core.

[cas-user] Failed to collect dependencies at org.apereo.cas:cas-server-support-duo:jar:5.2.6

[arti wavale]

Hello,

I have deploy  CAS-5.2.6 version on ubuntu 18. but when added duo security 
MFA related dependencies in pom.xml file

 
org.apereo.cas 
   cas-server-support-duo
   ${cas.version} 


Added the following repositories to the WAR overlay:

 
  duo-unicon 
  https://dl.bintray.com/uniconiam/maven
 
  
 duo-jitpack
https://jitpack.io 
 

When I tried to build CAS server using "./mvnw clean package" then showing  
below error

---
[INFO] Scanning for projects...
[INFO] 
[INFO] 

[INFO] Building cas-overlay 1.0
[INFO] 

Downloading from uniconiam: 
https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml
Downloading from duo-unicon: 
https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml
[WARNING] Could not transfer metadata 
com.nimbusds:lang-tag/maven-metadata.xml from/to duo-unicon 
(https://dl.bintray.com/uniconiam/maven): Access denied to: 
https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml 
, ReasonPhrase:Forbidden.
[WARNING] Could not transfer metadata 
com.nimbusds:lang-tag/maven-metadata.xml from/to uniconiam 
(https://dl.bintray.com/uniconiam/maven): Access denied to: 
https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml 
, ReasonPhrase:Forbidden.
Downloading from duo-unicon: 
https://dl.bintray.com/uniconiam/maven/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
Downloading from uniconiam: 
https://dl.bintray.com/uniconiam/maven/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
[INFO] 

[INFO] BUILD FAILURE
[INFO] 

[INFO] Total time: 6.179 s
[INFO] Finished at: 2021-06-09T23:12:26-07:00
[INFO] Final Memory: 26M/71M
[INFO] 

[ERROR] Failed to execute goal on project cas-overlay: Could not resolve 
dependencies for project org.apereo.cas:cas-overlay:war:1.0: Failed to 
collect dependencies at org.apereo.cas:cas-server-support-duo:jar:5.2.6 -> 
org.apereo.cas:cas-server-support-duo-core:jar:5.2.6 -> 
net.unicon.iam:duo-client:jar:0.2.2: Failed to read artifact descriptor for 
net.unicon.iam:duo-client:jar:0.2.2: Could not transfer artifact 
net.unicon.iam:duo-client:pom:0.2.2 from/to duo-unicon 
(https://dl.bintray.com/uniconiam/maven): Access denied to: 
https://dl.bintray.com/uniconiam/maven/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
 
, ReasonPhrase:Forbidden. -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, 
please read the following articles:
[ERROR] [Help 1] 
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
---

Thanks and Regards
Arti

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e36d2438-5bf0-437e-ad28-a73591b11e13n%40apereo.org.

[cas-user] Re: Unauthorized After Login

[arti wavale]

can you share with apache side code. which service have you used and also 
how to create 
*cas.domain.com.**keystore* because I am also facing same error.

Thank you.

On Tuesday, September 25, 2018 at 4:57:16 PM UTC+5:30, Fahmi L. Ramdhani 
wrote:
>
> Hi all, It is resolved.
>
> casuser# mkdir /opt/tomcat/keystore
> casuser# openssl pkcs12 -export -in /etc/letsencrypt/live/
> cas.domain.com/fullchain.pem -inkey /etc/letsencrypt/live/
> cas.domain.com/privkey.pem -out /opt/tomcat/keystore/cas.domain.com.p12 
> -password pass:changeit
> casuser# keytool -importkeystore -srckeystore 
> /opt/tomcat/keystore/cas.sentrasoft.com.p12 -srcstoretype pkcs12 
> -srcstorepass changeit -destkeystore 
> /opt/tomcat/keystore/cas.sentrasoft.com.keystore -deststoretype jks 
> -deststorepass changeit
>
>
> *In /opt/tomcat/conf/server.xml *use this:
>   protocol="org.apache.coyote.http11.Http11NioProtocol"
>  port="8443" maxThreads="150"
>  scheme="https" secure="true" SSLEnabled="true"
>  keystoreFile="/opt/tomcat/keystore/cas.domain.com.keystore" keystorePass=
> "changeit"
>  clientAuth="false" sslProtocol="TLS" />
>
> Thank you all.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2235817f-5b6b-4f16-9ae8-e1e16c1891cb%40apereo.org.

[cas-user] Re: Unauthorized After Login

[arti wavale]

It is resolved.

Thank you



On Tuesday, September 25, 2018 at 4:57:16 PM UTC+5:30, Fahmi L. Ramdhani 
wrote:
>
> Hi all, It is resolved.
>
> casuser# mkdir /opt/tomcat/keystore
> casuser# openssl pkcs12 -export -in /etc/letsencrypt/live/
> cas.domain.com/fullchain.pem -inkey /etc/letsencrypt/live/
> cas.domain.com/privkey.pem -out /opt/tomcat/keystore/cas.domain.com.p12 
> -password pass:changeit
> casuser# keytool -importkeystore -srckeystore 
> /opt/tomcat/keystore/cas.sentrasoft.com.p12 -srcstoretype pkcs12 
> -srcstorepass changeit -destkeystore 
> /opt/tomcat/keystore/cas.sentrasoft.com.keystore -deststoretype jks 
> -deststorepass changeit
>
>
> *In /opt/tomcat/conf/server.xml *use this:
>   protocol="org.apache.coyote.http11.Http11NioProtocol"
>  port="8443" maxThreads="150"
>  scheme="https" secure="true" SSLEnabled="true"
>  keystoreFile="/opt/tomcat/keystore/cas.domain.com.keystore" keystorePass=
> "changeit"
>  clientAuth="false" sslProtocol="TLS" />
>
> Thank you all.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8614210e-b082-4461-b87a-d8491d8574d9%40apereo.org.

Re: [cas-user] Re: CAS 5.0.8 + Active Directory - Note receiving user information

[arti wavale]

Hi,

can you share more information about how to retrieve user attribute from 
LDAP databse by using samlValidate because i am facing some error and also 
explain how to create ssl connection mod_auth_cas client site.

Thanks and Regards

On Thursday, September 14, 2017 at 7:34:06 PM UTC+5:30, Micas Camela wrote:
>
> Hi dhawes,
>
> I did that and now I am getting the attributes.
>
> I assume my problems are all solved.
>
> Thank you all
>
> Best regards
>
> On Thursday, September 14, 2017 at 3:58:30 PM UTC+2, dhawes wrote:
>>
>> Have you tried using the /samlValidate endpoint with "CASValidateSaml 
>> On"? 
>>
>> /serviceValidate may or may not return attributes, depending on your 
>> CAS server. If it does, you can use mod_auth_cas from git master, 
>> which supports CASv2 attributes. 
>>
>> On 14 September 2017 at 09:11, Micas Camela  wrote: 
>> > Hi Doug C, 
>> > 
>> > I solved the problem generating the casdev certificate (previous 
>> generated 
>> > using keytool) using the following commands: 
>> > 
>> > openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout casdev.key 
>> -out 
>> > casdev.crt 
>> > 
>> > openssl pkcs12 -export -inkey casdev.key -in casdev.crt -name tomcat 
>> -out 
>> > casdev.p12 
>> > 
>> > keytool -importkeystore -srckeystore casdev.p12 -srcstoretype pkcs12 
>> > -destkeystore keystore.jks 
>> > 
>> > 
>> > And importing the casdev.crt in CASCLIENT (/etc/httpd/conf/casdev.crt). 
>> > 
>> > But unfortunatelly I am only getting the username, without any 
>> attributes. 
>> > 
>> > 
>> > Thank you 
>> > 
>> > 
>> > 
>> > On Wednesday, September 13, 2017 at 2:34:45 PM UTC+2, Micas Camela 
>> wrote: 
>> >> 
>> >> Hi there! 
>> >> 
>> >> I have configured on casdev (CentOS 7 + Tomcat 8.5.20 + CAS 5.0.8) and 
>> >> casclient (Apache 2.4 + mod_auth_cas + php app). 
>> >> 
>> >> After a successfull login I am getting an error page with: 
>> >> 
>> >> Unauthorized 
>> >> 
>> >> This server could not verify that you are authorized to access the 
>> >> document requested. Either you supplied the wrong credentials (e.g., 
>> bad 
>> >> password), or your browser doesn't understand how to supply the 
>> credentials 
>> >> required. 
>> >> 
>> >> 
>> >> CASDEV output: 
>> >> 
>> >> 
>> >> 2017-09-12 21:57:21,374 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12 21:57:21,374 DEBUG 
>> >> 
>> [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository]
>>  
>>
>> >> - > >> attributes directly associated with the principal object which are 
>> >> [{cn=Micas Rafael, givenName=Micas, 
>> LdapAuthenticationHandler.dn=CN=Micas 
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael}]> 
>> >> 2017-09-12 21:57:21,375 DEBUG 
>> >> 
>> [org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
>>  
>>
>> >> - > {cn=Micas 
>> >> Rafael, givenName=Micas, LdapAuthenticationHandler.dn=CN=Micas 
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael}> 
>> >> 2017-09-12 21:57:21,375 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >> > >> LdapAuthenticationHandler.dn=CN=Micas 
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael} for mrafael> 
>> >> 2017-09-12 21:57:21,375 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >> > >> attributes for mrafael> 
>> >> 2017-09-12 21:57:21,376 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >> > >> {cn=Micas Rafael, givenName=Micas, 
>> LdapAuthenticationHandler.dn=CN=Micas 
>> >> Rafael,OU=Users,OU=DSI,DC=BCITESTES,DC=local, sn=Rafael} for mrafael> 
>> >> 2017-09-12 21:57:21,376 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12 21:57:21,376 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >> > release, if 
>> >> any> 
>> >> 2017-09-12 21:57:21,377 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12 21:57:21,377 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12 21:57:21,378 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12 21:57:21,378 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12 21:57:21,379 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >> > >> givenName=Micas, sn=Rafael}> 
>> >> 2017-09-12 21:57:21,379 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12 21:57:21,380 DEBUG 
>> >> 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> >>  
>> >> 2017-09-12