[cas-user] cas utf-8 character problem in input fields
Hello, I am running cas (6.2.0) with default encoding settings, and when I fill the login form with turkish characters such as ğ,ü,ş,ç,ı, I see meaningless characters such as ğüşçı in the cas audit logs and the credential object. I have no problem displaying such characters on the view screens. Also, I observe the /login request from the network tab in the browser and the characters in the payload section are going to the cas server correctly. Is there any solution you can suggest? Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e183f923-410a-43dc-84cf-47db711fbe30n%40apereo.org.
Re: [cas-user] Slow Start Problem
hey roy. which cas version you use? we are using 5.2.x in our legacy project and there is no performance issue there. but we are working on 6.2.x and above in new project, we come across problems i said. 8 Nisan 2021 Perşembe tarihinde saat 18:57:52 UTC+3 itibarıyla Ray Bon şunları yazdı: > Denzig, > > We are using standalone, since we have no value set. > > Could the speed issue be related to a background task that is reloading > the config? > > Our config is loaded on startup (I still have to look into on demand > refresh), and I have not noticed any performance issues. > > Ray > > On Thu, 2021-04-08 at 04:00 -0700, denizg wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > hey ray, thanks for response. > > i realized that when i use "standalone" in my active profiles, it works > slow as i said. but when i remove, i dont have any speed/load problem. so i > think, my problem is related about standalone profile. > > what profiles do you use to start cas? (if you haven't set it, standalone > profile is used by default) > > 26 Mart 2021 Cuma tarihinde saat 18:57:21 UTC+3 itibarıyla Ray Bon şunları > yazdı: > > Denizg, > > On my local, I might see an initial delay of at most 2s. Java does just in > time compiling, so initial access to some things will include compile time. > You can set the loggers to debug for as many systems as possible (spring > prints a LOT of logs) and see where the delays show up. > Another option is a VisualVM, to see what is going on with running java > processes. > > Ray > > On Fri, 2021-03-26 at 03:15 -0700, denizg wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > I am using cas overlay template (6.2.0). the cas server will be ready too > late (almost in 1 minutes), but that's not my real problem. when the > screens are opened for first time, the responses are slow, and the first > actions on the screens respond late. > For example, I open login screen for first time, it responds in 10-15 > seconds. > I enter my crendetials for first time, it responds in 10-15 seconds. > > i think it's not about computing power because i have good system (intel > i7 cpu and 32 gb ram). i have tried to change jvm memory (overlay comes > with 2gb, i increased it to 8gb for example. nothing changed), tried to > remove lazy initialization beans if any, but didnt found any directly > related beans. > > i am sure everyone has this problem. do you have a solution for this? > > thanks > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e353c751-e09a-4e37-ba7f-1e28df8594d5n%40apereo.org.
Re: [cas-user] Slow Start Problem
hey ray, thanks for response. i realized that when i use "standalone" in my active profiles, it works slow as i said. but when i remove, i dont have any speed/load problem. so i think, my problem is related about standalone profile. what profiles do you use to start cas? (if you haven't set it, standalone profile is used by default) 26 Mart 2021 Cuma tarihinde saat 18:57:21 UTC+3 itibarıyla Ray Bon şunları yazdı: > Denizg, > > On my local, I might see an initial delay of at most 2s. Java does just in > time compiling, so initial access to some things will include compile time. > You can set the loggers to debug for as many systems as possible (spring > prints a LOT of logs) and see where the delays show up. > Another option is a VisualVM, to see what is going on with running java > processes. > > Ray > > On Fri, 2021-03-26 at 03:15 -0700, denizg wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > I am using cas overlay template (6.2.0). the cas server will be ready too > late (almost in 1 minutes), but that's not my real problem. when the > screens are opened for first time, the responses are slow, and the first > actions on the screens respond late. > For example, I open login screen for first time, it responds in 10-15 > seconds. > I enter my crendetials for first time, it responds in 10-15 seconds. > > i think it's not about computing power because i have good system (intel > i7 cpu and 32 gb ram). i have tried to change jvm memory (overlay comes > with 2gb, i increased it to 8gb for example. nothing changed), tried to > remove lazy initialization beans if any, but didnt found any directly > related beans. > > i am sure everyone has this problem. do you have a solution for this? > > thanks > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ad7e811-73f3-42f5-90f7-8ce3974e2100n%40apereo.org.
[cas-user] Slow Start Problem
I am using cas overlay template (6.2.0). the cas server will be ready too late (almost in 1 minutes), but that's not my real problem. when the screens are opened for first time, the responses are slow, and the first actions on the screens respond late. For example, I open login screen for first time, it responds in 10-15 seconds. I enter my crendetials for first time, it responds in 10-15 seconds. i think it's not about computing power because i have good system (intel i7 cpu and 32 gb ram). i have tried to change jvm memory (overlay comes with 2gb, i increased it to 8gb for example. nothing changed), tried to remove lazy initialization beans if any, but didnt found any directly related beans. i am sure everyone has this problem. do you have a solution for this? thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/942bdc64-6f5e-4d33-b60a-ba15bce49259n%40apereo.org.
[cas-user] Spring Reactive Client Logout Problem
Hello, I have reactive spring client and CAS server. I can't integrate them directly, because java cas-client library is not reactive, and if i import that dependency, my spring project doesn't work. because imported library is dependent on MVC/servlet stack and it doesn't work at reactive base. So, I integrate them not directly, but by OpenID connect. I have configured my CAS server as also OAuth server, and it works as expected. But, I cannot logout from spring client. Because, logout filters and related classes are not configured at reactive spring client, and these jobs were done by java cas-client library. So, how can i logout from my reactive spring client? Any idea or any advice? Does someone encounter same problem? Many thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/519eecdf-c74b-4a33-ac9c-e3e3de78feb9n%40apereo.org.
[cas-user] Select SMS or Email method on Single MFA (mfa-simple)
Hello, I have configured mfa-simple, and it works both sms method and e-mail method. is there any way to select sms or email method based on principal atrribute? cas.authn.accept.users=xx:yy cas.authn.attributeRepository.stub.attributes.home=*a* for example, if "home" attribute is equal to "a", then select *sms*. if not, the select *email*. thanks. (ps: i am using 6.2.0 cas overlay template) -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eddb4fef-7831-4801-898d-dd0b4474cdbao%40apereo.org.
[cas-user] CAS 6.2.x signing.key-size not working
Hello, I am using cas overlay template and i have configured cas as oauth2 server. it works perfectly. but, when i change the jwt sign key size (default 512 https://github.com/apereo/cas/blob/master/api/cas-server-core-api-util/src/main/java/org/apereo/cas/util/crypto/CipherExecutor.java) to 256, this changes are not reflected. here is the config cas.authn.oauth.access-token.crypto.signing.key= bBUhVvw9c2h2qwJd8hPRYatugQGGI4Xd cas.authn.oauth.accessToken.crypto.signing.key-size=256 here is the error log *Caused by: org.jose4j.lang.InvalidKeyException: A key of the same size as the hash output (i.e. 512 bits for HS512) or larger MUST be used with the HMAC SHA algorithms but this key is only 256 bits* where am i missing? is it bug? thanks for response -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1919bcb6-f7e6-4547-b1e7-a043511c38c6n%40apereo.org.
[cas-user] Re: JWT without encryption key
I realized that It were because of different algorithm types. spring
resource server uses hmacsha256 default when using symmetric key, but cas
sends hmacsha512. so i updated accessTokenConverter() method like below;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
String key =
"RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
SignatureVerifier sha512Verifier = new MacSigner("HMACSHA512", new
SecretKeySpec(key.getBytes(), "HMACSHA512"));
converter.setVerifier(sha512Verifier);
return converter;
}
29 Mayıs 2020 Cuma tarihinde saat 16:41:33 UTC+3 itibarıyla denizg şunları
yazdı:
> hello, is there anybody that verify jwt with spring resource server? i
> have configuration like this. when i use custom oauth2 server, it works
> well. but when i change to cas oauth2 server, it cannot verify jwt.
>
> cas oauth2
> cas.authn.token.crypto.enabled=true
>
> cas.authn.token.crypto.signing-enabled=true
> cas.authn.oauth.crypto.signing.key=RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ
> cas.authn.token.crypto.encryption-enabled=false
> cas.authn.token.crypto.encryption.key=
>
>
> spring resource server config
>
>
> @Configuration
> @EnableResourceServer
> public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
>
> private String signKey =
> "RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
>
>
> @Bean
> public JwtAccessTokenConverter accessTokenConverter() {
> JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
> converter.setSigningKey(signKey);
> return converter;
> }
>
> @Bean
> public TokenStore tokenStore() {
> return new JwtTokenStore(accessTokenConverter());
> }
>
> @Bean
> @Primary
> public DefaultTokenServices tokenServices() {
> DefaultTokenServices defaultTokenServices = new
> DefaultTokenServices();
> defaultTokenServices.setTokenStore(tokenStore());
> return defaultTokenServices;
> }
>
> }
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3dd32a9-4def-4d3b-a4f1-5ec76ca971c7n%40apereo.org.
[cas-user] Re: CAS Relogin Problem
I checked browser network tab. After successfull login, the set-cookie TGC
header is returned but chrome blocks it (
*the set cookie was blocked because it had the "secure"attribute but was
not received over a secure connection*.). So, there is no TGC cookie and it
treats like you didnt login.
I added this configuration to cas.properties, the problem solved.
*cas.tgc.secure=false*
19 Ağustos 2020 Çarşamba tarihinde saat 12:37:47 UTC+3 itibarıyla denizg
şunları yazdı:
> I can login successfully to CAS. After success login, it shows
> authentication details page like below picture (loginsuccess.png).
>
> When i try to login without login, it shows login screen (relogin.png),
> but i expect authentication details page, because i logged in before.
>
> It creates many problem for me. How can i solve this? (btw, i tried demos
> in this page https://apereo.github.io/cas/Demos.html , and it works
> expected.)
>
> gradle.properties
> cas.version=6.3.0-SNAPSHOT (also tried with 6.2.0)
>
> cas.properties
> cas.server.name=http://localhost:8443
> cas.server.prefix=${cas.server.name}/cas
> logging.config=file:/etc/cas/config/log4j2.xml
> server.ssl.enabled=false
> # cas.authn.accept.users=
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5fe253e3-1f9a-4a29-9d0d-71f5c47a4fb1n%40apereo.org.
[cas-user] Re: How to get latest values from attribute repository
hello. i am still open to suggestions and solution ways, anybody here?. thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a61cd51e-4a0d-4ced-99bf-4de5128a1900o%40apereo.org.
[cas-user] Re: How to get latest values from attribute repository
btw, it is not specific to redis. the same thing happens at all attribute repositories. 7 Temmuz 2020 Salı 12:35:26 UTC+3 tarihinde denizg yazdı: > > I've configured redis attribute repository, it works as expected. > > cas.authn.attribute-repository.redis[0].sentinel.master=redis-cluster > cas.authn.attribute-repository.redis[0].sentinel.node[0]=** > cas.authn.attribute-repository.redis[0].sentinel.node[1]=** > cas.authn.attribute-repository.redis[0].sentinel.node[2]=** > cas.authn.attribute-repository.redis[0].password=** > > cas.authn.attributeRepository.expirationTime=0 > cas.authn.attributeRepository.expirationTimeUnit=seconds > > when i *change* the redis values and try to create *new jwt*, the *changed > redis values* are *not applied* to new jwt, it still creates with *old* > values. > > however, when i logout from cas and relogin, it creates jwt with new > values. > > how can i apply latest values from attribute repository when create jwt? > thanks > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e7a7215f-aaea-4374-b541-61ea46451a2bo%40apereo.org.
[cas-user] How to get latest values from attribute repository
I've configured redis attribute repository, it works as expected. cas.authn.attribute-repository.redis[0].sentinel.master=redis-cluster cas.authn.attribute-repository.redis[0].sentinel.node[0]=** cas.authn.attribute-repository.redis[0].sentinel.node[1]=** cas.authn.attribute-repository.redis[0].sentinel.node[2]=** cas.authn.attribute-repository.redis[0].password=** cas.authn.attributeRepository.expirationTime=0 cas.authn.attributeRepository.expirationTimeUnit=seconds when i *change* the redis values and try to create *new jwt*, the *changed redis values* are *not applied* to new jwt, it still creates with *old* values. however, when i logout from cas and relogin, it creates jwt with new values. how can i apply latest values from attribute repository when create jwt? thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f362da1c-8d3d-465b-a95f-9232a1ef58abo%40apereo.org.
