Re: [cas-user] cas 5.2.x leaking connections

2020-01-13 Thread Daniel Fisher 
On Mon, Jan 13, 2020 at 11:26 AM Trenton D. Adams 
wrote:

> We are using Java 8 though, and we are using the UnboundIDProvider.
>

Can you post some logs that demonstrate the problem? Both application logs
and OS netstat logs would be useful.

--Daniel Fisher

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwSn5CJrc5Uyf1-zbWfTYRgmHe9N6WK3ezU3NQ7eMoj2Dw%40mail.gmail.com.

Re: [cas-user] cas 5.2.x leaking connections

2020-01-13 Thread Trenton D. Adams 

We are using Java 8 though, and we are using the UnboundIDProvider.

On 2020-01-11 8:25 a.m., Daniel Fisher wrote:
On Fri, Jan 10, 2020 at 5:40 PM Trenton D. Adams 
mailto:tre...@athabascau.ca>> wrote:

Below is the configuration we're using for both LDAP and the password manager.  
We were hoping someone understand why this could be happening, as the CAS 
documentation is not very good for these settings, and neither are the javadoc 
or Ldaptive docs.  I hope someone with more CAS experience, such as a dev, 
might be able to help?

There is a JNDI bug in java versions >= 9 that leaks connections. Switching to 
the UnboundID provider is the simplest solution.

cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

I thought that CAS used the UnboundID provider by default, so I'm curious why 
you were impacted by this bug.

(Another solution is to use Java 8)

--Daniel Fisher

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 
cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwR3Enjmvqt-rsYAiUJhbJN5aQ3aScqdYbT9rRa_mA5eYg%40mail.gmail.com.

--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve
your best.  Instead of tearing people down, try building them up!

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1667ca8b-4446-1699-cc55-b27b70158595%40athabascau.ca.

Re: [cas-user] cas 5.2.x leaking connections

2020-01-11 Thread Daniel Fisher 
On Fri, Jan 10, 2020 at 5:40 PM Trenton D. Adams 
wrote:

> Below is the configuration we're using for both LDAP and the password
> manager.  We were hoping someone understand why this could be happening, as
> the CAS documentation is not very good for these settings, and neither are
> the javadoc or Ldaptive docs.  I hope someone with more CAS experience,
> such as a dev, might be able to help?
>

There is a JNDI bug in java versions >= 9 that leaks connections. Switching
to the UnboundID provider is the simplest solution.

cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

I thought that CAS used the UnboundID provider by default, so I'm curious
why you were impacted by this bug.

(Another solution is to use Java 8)

--Daniel Fisher

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwR3Enjmvqt-rsYAiUJhbJN5aQ3aScqdYbT9rRa_mA5eYg%40mail.gmail.com.

Re: [cas-user] cas 5.2.x leaking connections

2020-01-10 Thread Trenton Adams 
Those docs appear to imply that passivators are essentially require, or 
authenticated state information gets shared, no?


From: cas-user@apereo.org  on behalf of David Curry 

Sent: January 10, 2020 5:15 PM
To: CAS Community 
Subject: Re: [cas-user] cas 5.2.x leaking connections

You might want to experiment with turning the passivator off, or changing its 
setting. Not sure that's it, but it might help?

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#why-passivators



--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu<mailto:david.cu...@newschool.edu>


On Fri, Jan 10, 2020 at 5:40 PM Trenton D. Adams 
mailto:tre...@athabascau.ca>> wrote:

Good day,

We are having some problems with CAS 5.2.x leaking connections in our 
production environment.  We're not sure how or why this is happening.  What we 
do know is that they are no longer part of the pool, because if they were we'd 
run out of connections in the pool.  However, there is a limit to the number of 
connections an LDAP server can handle, so it requires a CAS restart regularly.

Below is the configuration we're using for both LDAP and the password manager.  
We were hoping someone understand why this could be happening, as the CAS 
documentation is not very good for these settings, and neither are the javadoc 
or Ldaptive docs.  I hope someone with more CAS experience, such as a dev, 
might be able to help?


cas.authn.ldap[0].type=ANONYMOUS

cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com:389

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].baseDn=ou=Student,ou=People,dc=example,dc=com

cas.authn.ldap[0].userFilter=uid={user}

cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].principalAttributeList=uid,udcid:UDC_IDENTIFIER

cas.authn.ldap[1].type=ANONYMOUS

cas.authn.ldap[1].ldapUrl=ldap://ldap.example.ca:389

cas.authn.ldap[1].useSsl=false

cas.authn.ldap[1].baseDn=ou=Staff,ou=People,dc=example,dc=com

cas.authn.ldap[1].userFilter=uid={user}

cas.authn.ldap[1].principalAttributeId=uid

cas.authn.ldap[1].principalAttributeList=uid,udcid:UDC_IDENTIFIER



cas.authn.pm.ldap.type=GENERIC

cas.authn.pm.ldap.ldapUrl=ldap://ldap.example.com:389

cas.authn.pm.ldap.connectionStrategy=ACTIVE_PASSIVE

cas.authn.pm.ldap.useSsl=false

cas.authn.pm.ldap.useStartTls=false

cas.authn.pm.ldap.connectTimeout=5000

cas.authn.pm.ldap.baseDn=ou=People,dc=example,dc=com

cas.authn.pm.ldap.userFilter=uid={user}

cas.authn.pm.ldap.subtreeSearch=true

cas.authn.pm.ldap.bindDn=cn=Manager,dc=example,dc=com

cas.authn.pm.ldap.bindCredential=

cas.authn.pm.ldap.trustCertificates=

cas.authn.pm.ldap.poolPassivator=BIND

cas.authn.pm.ldap.minPoolSize=3

cas.authn.pm.ldap.maxPoolSize=10

cas.authn.pm.ldap.validateOnCheckout=true

cas.authn.pm.ldap.validatePeriodically=true

cas.authn.pm.ldap.validatePeriod=600

cas.authn.pm.ldap.validateTimeout=5000

cas.authn.pm.ldap.failFast=false

cas.authn.pm.ldap.idleTime=500

cas.authn.pm.ldap.prunePeriod=600

cas.authn.pm.ldap.blockWaitTime=5000

cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

cas.authn.pm.ldap.securityQuestionsAttributes.challengeQuestion=challengeResponse

cas.authn.pm.ldap.validator.type=SEARCH

cas.authn.pm.ldap.validator.baseDn=ou=Staff,ou=People,dc=example,dc=com

cas.authn.pm.ldap.validator.searchFilter=(uid=some-user)

cas.authn.pm.ldap.validator.scope=ONELEVEL

cas.authn.pm.ldap.validator.attributeName=cn

cas.authn.pm.ldap.validator.attributeValues=Some Name

cas.authn.pm.ldap.validator.dn=

--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve
your best.  Instead of tearing people down, try building them up!

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a5652

Re: [cas-user] cas 5.2.x leaking connections

2020-01-10 Thread David Curry 
You might want to experiment with turning the passivator off, or changing
its setting. Not sure that's it, but it might help?

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#why-passivators


--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Fri, Jan 10, 2020 at 5:40 PM Trenton D. Adams 
wrote:

> Good day,
>
> We are having some problems with CAS 5.2.x leaking connections in our
> production environment.  We're not sure how or why this is happening.  What
> we do know is that they are no longer part of the pool, because if they
> were we'd run out of connections in the pool.  However, there is a limit to
> the number of connections an LDAP server can handle, so it requires a CAS
> restart regularly.
>
> Below is the configuration we're using for both LDAP and the password
> manager.  We were hoping someone understand why this could be happening, as
> the CAS documentation is not very good for these settings, and neither are
> the javadoc or Ldaptive docs.  I hope someone with more CAS experience,
> such as a dev, might be able to help?
>
>
> cas.authn.ldap[0].type=ANONYMOUS
>
> cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com:389
>
> cas.authn.ldap[0].useSsl=false
>
> cas.authn.ldap[0].baseDn=ou=Student,ou=People,dc=example,dc=com
>
> cas.authn.ldap[0].userFilter=uid={user}
>
> cas.authn.ldap[0].principalAttributeId=uid
>
> cas.authn.ldap[0].principalAttributeList=uid,udcid:UDC_IDENTIFIER
>
> cas.authn.ldap[1].type=ANONYMOUS
>
> cas.authn.ldap[1].ldapUrl=ldap://ldap.example.ca:389
>
> cas.authn.ldap[1].useSsl=false
>
> cas.authn.ldap[1].baseDn=ou=Staff,ou=People,dc=example,dc=com
>
> cas.authn.ldap[1].userFilter=uid={user}
>
> cas.authn.ldap[1].principalAttributeId=uid
>
> cas.authn.ldap[1].principalAttributeList=uid,udcid:UDC_IDENTIFIER
>
>
> cas.authn.pm.ldap.type=GENERIC
>
> cas.authn.pm.ldap.ldapUrl=ldap://ldap.example.com:389
>
> cas.authn.pm.ldap.connectionStrategy=ACTIVE_PASSIVE
>
> cas.authn.pm.ldap.useSsl=false
>
> cas.authn.pm.ldap.useStartTls=false
>
> cas.authn.pm.ldap.connectTimeout=5000
>
> cas.authn.pm.ldap.baseDn=ou=People,dc=example,dc=com
>
> cas.authn.pm.ldap.userFilter=uid={user}
>
> cas.authn.pm.ldap.subtreeSearch=true
>
> cas.authn.pm.ldap.bindDn=cn=Manager,dc=example,dc=com
>
> cas.authn.pm.ldap.bindCredential=
>
> cas.authn.pm.ldap.trustCertificates=
>
> cas.authn.pm.ldap.poolPassivator=BIND
>
> cas.authn.pm.ldap.minPoolSize=3
>
> cas.authn.pm.ldap.maxPoolSize=10
>
> cas.authn.pm.ldap.validateOnCheckout=true
>
> cas.authn.pm.ldap.validatePeriodically=true
>
> cas.authn.pm.ldap.validatePeriod=600
>
> cas.authn.pm.ldap.validateTimeout=5000
>
> cas.authn.pm.ldap.failFast=false
>
> cas.authn.pm.ldap.idleTime=500
>
> cas.authn.pm.ldap.prunePeriod=600
>
> cas.authn.pm.ldap.blockWaitTime=5000
>
> cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>
> cas.authn.pm.ldap.securityQuestionsAttributes.challengeQuestion=challengeResponse
>
> cas.authn.pm.ldap.validator.type=SEARCH
>
> cas.authn.pm.ldap.validator.baseDn=ou=Staff,ou=People,dc=example,dc=com
>
> cas.authn.pm.ldap.validator.searchFilter=(uid=some-user)
>
> cas.authn.pm.ldap.validator.scope=ONELEVEL
>
> cas.authn.pm.ldap.validator.attributeName=cn
>
> cas.authn.pm.ldap.validator.attributeValues=Some Name
>
> cas.authn.pm.ldap.validator.dn=
>
> --
> Trenton D. Adams
> Senior Systems Analyst/Web Software Developer
> Applications Unit - ITS
> Athabasca University
> (780) 675-6195
>
> It is only when you are surrounded by a supportive team, that you can achieve
> your best.  Instead of tearing people down, try building them up!
>
> --
>
> This communication is intended for the use of the recipient to whom it is
> addressed, and may contain confidential, personal, and or privileged
> information. Please contact us immediately if you are not the intended
> recipient of this communication, and do not copy, distribute, or take
> action relying on it. Any communications received in error, or subsequent
> reply, should be deleted or destroyed.
>
> ---
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a565299-d009-ea66-8a01-b3b8bdb4146d%40athabascau.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitte

[cas-user] cas 5.2.x leaking connections

2020-01-10 Thread Trenton D. Adams 

Good day,

We are having some problems with CAS 5.2.x leaking connections in our 
production environment.  We're not sure how or why this is happening.  What we 
do know is that they are no longer part of the pool, because if they were we'd 
run out of connections in the pool.  However, there is a limit to the number of 
connections an LDAP server can handle, so it requires a CAS restart regularly.

Below is the configuration we're using for both LDAP and the password manager.  
We were hoping someone understand why this could be happening, as the CAS 
documentation is not very good for these settings, and neither are the javadoc 
or Ldaptive docs.  I hope someone with more CAS experience, such as a dev, 
might be able to help?


cas.authn.ldap[0].type=ANONYMOUS

cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com:389

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].baseDn=ou=Student,ou=People,dc=example,dc=com

cas.authn.ldap[0].userFilter=uid={user}

cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].principalAttributeList=uid,udcid:UDC_IDENTIFIER

cas.authn.ldap[1].type=ANONYMOUS

cas.authn.ldap[1].ldapUrl=ldap://ldap.example.ca:389

cas.authn.ldap[1].useSsl=false

cas.authn.ldap[1].baseDn=ou=Staff,ou=People,dc=example,dc=com

cas.authn.ldap[1].userFilter=uid={user}

cas.authn.ldap[1].principalAttributeId=uid

cas.authn.ldap[1].principalAttributeList=uid,udcid:UDC_IDENTIFIER



cas.authn.pm.ldap.type=GENERIC

cas.authn.pm.ldap.ldapUrl=ldap://ldap.example.com:389

cas.authn.pm.ldap.connectionStrategy=ACTIVE_PASSIVE

cas.authn.pm.ldap.useSsl=false

cas.authn.pm.ldap.useStartTls=false

cas.authn.pm.ldap.connectTimeout=5000

cas.authn.pm.ldap.baseDn=ou=People,dc=example,dc=com

cas.authn.pm.ldap.userFilter=uid={user}

cas.authn.pm.ldap.subtreeSearch=true

cas.authn.pm.ldap.bindDn=cn=Manager,dc=example,dc=com

cas.authn.pm.ldap.bindCredential=

cas.authn.pm.ldap.trustCertificates=

cas.authn.pm.ldap.poolPassivator=BIND

cas.authn.pm.ldap.minPoolSize=3

cas.authn.pm.ldap.maxPoolSize=10

cas.authn.pm.ldap.validateOnCheckout=true

cas.authn.pm.ldap.validatePeriodically=true

cas.authn.pm.ldap.validatePeriod=600

cas.authn.pm.ldap.validateTimeout=5000

cas.authn.pm.ldap.failFast=false

cas.authn.pm.ldap.idleTime=500

cas.authn.pm.ldap.prunePeriod=600

cas.authn.pm.ldap.blockWaitTime=5000

cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

cas.authn.pm.ldap.securityQuestionsAttributes.challengeQuestion=challengeResponse

cas.authn.pm.ldap.validator.type=SEARCH

cas.authn.pm.ldap.validator.baseDn=ou=Staff,ou=People,dc=example,dc=com

cas.authn.pm.ldap.validator.searchFilter=(uid=some-user)

cas.authn.pm.ldap.validator.scope=ONELEVEL

cas.authn.pm.ldap.validator.attributeName=cn

cas.authn.pm.ldap.validator.attributeValues=Some Name

cas.authn.pm.ldap.validator.dn=

--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve
your best.  Instead of tearing people down, try building them up!

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a565299-d009-ea66-8a01-b3b8bdb4146d%40athabascau.ca.

Re: [cas-user] CAS 5.2.x OAuth2 Server support

2019-10-17 Thread Gandhi Pullalarevu 
Hi Rao,

Can you share the sample request? It would be helpful for me.

Thanks,
Gandhi Reddy P.

On Thu, Oct 17, 2019 at 9:57 PM Mr Rao  wrote:

> Hi Gandhi,
>
> Thank you for your quick response. Actually its working when you pass in
> the body instead of params. I tried using Postman to test it.
>
> Rao
>
> On Wednesday, October 16, 2019 at 9:50:42 PM UTC-7, Gandhi wrote:
>>
>> Hi Rao,
>>
>> Yes, I faced the same issue as the sensitive information is passed over
>> request params. You can configure Tomcat to not log the request params as
>> below:
>>
>>
>> In tomcat server.xml, at the end of the file, find the below entry
>>
>> > directory="logs"
>>
>>prefix="localhost_access_log." suffix=".txt"
>>
>>pattern="%h %l %u %t "%r" %s %b" />
>>
>> and update it to
>>
>> > directory="logs"
>>
>>prefix="localhost_access_log." suffix=".txt"
>>pattern="%h %l %u %t "%m %U %H" %s %b" />
>>
>>
>> Hope this helps.
>>
>> Thanks,
>> Gandhi Reddy P.
>>
>> On Thu, Oct 17, 2019 at 5:34 AM Mr Rao  wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> Currently we use CAS for SSO between web applications, now I'm trying to
>>> use for restful webservices token based authentication using OAuth2/JWT
>>> tokens.
>>>
>>>
>>>
>>>
>>> When I was playing with it I noticed that  for accessing token we need
>>> to pass  client_id, client_secret for Grant type client credential and
>>> username/password for Grant type password as parameters. I think its very
>>> unsecured because these show up in tomcat access logs.
>>>
>>>
>>>
>>> Is there any way to pass as part of body or http headers instead of
>>> params without me override lot of cas code ?
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> Rao
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org
>>> 
>>> .
>>>
>>
>> *This mail contains confidential information intended only for the
>> individual(s) named. If you’re not the named addressee, don’t disseminate,
>> distribute or copy this e-mail. Please notify the sender immediately and
>> delete it from your system.If you wish not to receive such e-mails you may
>> reply with text “Unsubscribe”.*
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/479f0191-b3cf-4869-8275-41b2965e89cb%40apereo.org
> 
> .
>

-- 
_This mail contains confidential information intended only for the 
individual(s) named. If you’re not the named addressee, don’t disseminate, 
distribute or copy this e-mail. Please notify the sender immediately and 
delete it from your system.If you wish not to receive such e-mails you may 
reply with text “Unsubscribe”._

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAXuvfOd4TgnR_ci%2BJqzXt1qFntTDtdVsNCt5SUxwCso9N4P%2BA%40mail.gmail.com.

Re: [cas-user] CAS 5.2.x OAuth2 Server support

2019-10-17 Thread Mr Rao 
Hi Gandhi,

Thank you for your quick response. Actually its working when you pass in 
the body instead of params. I tried using Postman to test it.

Rao

On Wednesday, October 16, 2019 at 9:50:42 PM UTC-7, Gandhi wrote:
>
> Hi Rao,
>
> Yes, I faced the same issue as the sensitive information is passed over 
> request params. You can configure Tomcat to not log the request params as 
> below:
>
>
> In tomcat server.xml, at the end of the file, find the below entry
>
>  directory="logs"
>
>prefix="localhost_access_log." suffix=".txt"
>
>pattern="%h %l %u %t "%r" %s %b" />
>
> and update it to
>
>  directory="logs"
>
>prefix="localhost_access_log." suffix=".txt"
>pattern="%h %l %u %t "%m %U %H" %s %b" />
>
>
> Hope this helps.
>
> Thanks,
> Gandhi Reddy P.
>
> On Thu, Oct 17, 2019 at 5:34 AM Mr Rao > 
> wrote:
>
>> Hi,
>>
>>  
>>
>> Currently we use CAS for SSO between web applications, now I'm trying to 
>> use for restful webservices token based authentication using OAuth2/JWT 
>> tokens.
>>
>>
>>  
>>
>> When I was playing with it I noticed that  for accessing token we need to 
>> pass  client_id, client_secret for Grant type client credential and 
>> username/password for Grant type password as parameters. I think its very 
>> unsecured because these show up in tomcat access logs.
>>
>>  
>>
>> Is there any way to pass as part of body or http headers instead of 
>> params without me override lot of cas code ?
>>
>>  
>>
>> Thanks
>>
>>  
>>
>> Rao
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org
>>  
>> 
>> .
>>
>
> *This mail contains confidential information intended only for the 
> individual(s) named. If you’re not the named addressee, don’t disseminate, 
> distribute or copy this e-mail. Please notify the sender immediately and 
> delete it from your system.If you wish not to receive such e-mails you may 
> reply with text “Unsubscribe”.*

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/479f0191-b3cf-4869-8275-41b2965e89cb%40apereo.org.

Re: [cas-user] CAS 5.2.x OAuth2 Server support

2019-10-16 Thread Gandhi Pullalarevu 
Hi Rao,

Yes, I faced the same issue as the sensitive information is passed over
request params. You can configure Tomcat to not log the request params as
below:


In tomcat server.xml, at the end of the file, find the below entry



and update it to




Hope this helps.

Thanks,
Gandhi Reddy P.

On Thu, Oct 17, 2019 at 5:34 AM Mr Rao  wrote:

> Hi,
>
>
>
> Currently we use CAS for SSO between web applications, now I'm trying to
> use for restful webservices token based authentication using OAuth2/JWT
> tokens.
>
>
>
>
> When I was playing with it I noticed that  for accessing token we need to
> pass  client_id, client_secret for Grant type client credential and
> username/password for Grant type password as parameters. I think its very
> unsecured because these show up in tomcat access logs.
>
>
>
> Is there any way to pass as part of body or http headers instead of params
> without me override lot of cas code ?
>
>
>
> Thanks
>
>
>
> Rao
>
>
>
>
>
>
>
>
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org
> 
> .
>

-- 
_This mail contains confidential information intended only for the 
individual(s) named. If you’re not the named addressee, don’t disseminate, 
distribute or copy this e-mail. Please notify the sender immediately and 
delete it from your system.If you wish not to receive such e-mails you may 
reply with text “Unsubscribe”._

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAXuvfMpHHiwArXVDz4XcEtSd-aLoWFTiB%3DsUVTq23jvaZ0PAA%40mail.gmail.com.

[cas-user] CAS 5.2.x OAuth2 Server support

2019-10-16 Thread Mr Rao 


Hi,

 

Currently we use CAS for SSO between web applications, now I'm trying to 
use for restful webservices token based authentication using OAuth2/JWT 
tokens.


 

When I was playing with it I noticed that  for accessing token we need to 
pass  client_id, client_secret for Grant type client credential and 
username/password for Grant type password as parameters. I think its very 
unsecured because these show up in tomcat access logs.

 

Is there any way to pass as part of body or http headers instead of params 
without me override lot of cas code ?

 

Thanks

 

Rao

 

 

 

 

 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/48a85b67-1292-40c0-ac6c-c514af786687%40apereo.org.

[cas-user] CAS 5.2.x does not support Oracle DB for service registry, specially in case of SAML?

2018-05-20 Thread nilesh choudhary 
We are trying to setup CAS 5.2.x using oracle DB as service registry 
storage. 
We are not using SAML as of now for CAS Server so it seems to be working 
fine. 
But cas-management server on start up tries to load some properties from 
RegexRegisteredService which are way long more that permitted 30 char 
limit. 
I am afraid this issue might be hit in CAS server as well when we try to 
use it for SAML. 

Does this mean CAS won't support SAML and cas-management-webapp even 
without saml is service registry storage is Oracle DB? Any plan to take 
care of this in coming releases? are there are no work-around present?

Many thanks in advance in case of any replies.

Hibernate sql which is failing when starting cas-management-webapp

select
abstractre0_.id as id2_0_,
abstractre0_.access_strategy as access_strategy3_0_,
abstractre0_.attribute_release as attribute_release4_0_,
abstractre0_.description as description5_0_,
abstractre0_.evaluation_order as evaluation_order6_0_,
abstractre0_.expiration_policy as expiration_policy7_0_,
abstractre0_.informationUrl as informationUrl8_0_,
abstractre0_.logo as logo9_0_,
abstractre0_.logout_type as logout_type10_0_,
abstractre0_.logout_url as logout_url11_0_,
abstractre0_.mfa_policy as mfa_policy12_0_,
abstractre0_.name as name13_0_,
abstractre0_.privacyUrl as privacyUrl14_0_,
abstractre0_.proxy_policy as proxy_policy15_0_,
abstractre0_.public_key as public_key16_0_,
abstractre0_.required_handlers as required_handlers17_0_,
abstractre0_.serviceId as serviceId18_0_,
abstractre0_.theme as theme19_0_,
abstractre0_.username_attr as username_attr20_0_,
abstractre0_.bypassApprovalPrompt as bypassApprovalPro21_0_,
abstractre0_.clientId as clientId22_0_,
abstractre0_.clientSecret as clientSecret23_0_,
abstractre0_.generateRefreshToken as generateRefreshTo24_0_,
abstractre0_.jsonFormat as jsonFormat25_0_,
abstractre0_.supported_grants as supported_grants26_0_,
abstractre0_.supported_responses as supported_respons27_0_,
abstractre0_.DYNAMIC_REG_TIME as DYNAMIC_REG_TIME28_0_,
abstractre0_.dynamicallyRegistered as dynamicallyRegist29_0_,
abstractre0_.encryptIdToken as encryptIdToken30_0_,
abstractre0_.idTokenEncryptionAlg as idTokenEncryption31_0_,
abstractre0_.idTokenEncryptionEncoding as idTokenEncryption32_0_,
abstractre0_.implicit as implicit33_0_,
abstractre0_.jwks as jwks34_0_,
abstractre0_.scopes as scopes35_0_,
abstractre0_.sectorIdentifierUri as sectorIdentifierU36_0_,
abstractre0_.signIdToken as signIdToken37_0_,
abstractre0_.subjectType as subjectType38_0_,
abstractre0_.addressingNamespace as addressingNamespa39_0_,
abstractre0_.appliesTo as appliesTo40_0_,
abstractre0_.namespace as namespace41_0_,
abstractre0_.policyNamespace as policyNamespace42_0_,
abstractre0_.protocol as protocol43_0_,
abstractre0_.realm as realm44_0_,
abstractre0_.tokenType as tokenType45_0_,
abstractre0_.wsdlEndpoint as wsdlEndpoint46_0_,
abstractre0_.wsdlLocation as wsdlLocation47_0_,
abstractre0_.wsdlService as wsdlService48_0_,
abstractre0_.encryptAssertions as encryptAssertions49_0_,
abstractre0_.metadataCriteriaDirection as metadataCriteriaD50_0_,
abstractre0_.metadataCriteriaPattern as metadataCriteriaP51_0_,
abstractre0_.metadataCriteriaRemoveEmptyEntitiesDescriptors as 
metadataCriteriaR52_0_,
abstractre0_.metadataCriteriaRemoveRolelessEntityDescriptors as 
metadataCriteriaR53_0_,
abstractre0_.metadataCriteriaRoles as metadataCriteriaR54_0_,
abstractre0_.metadataExpirationDuration as metadataExpiratio55_0_,
abstractre0_.metadataLocation as metadataLocation56_0_,
abstractre0_.metadataMaxValidity as metadataMaxValidi57_0_,
abstractre0_.metadataSignatureLocation as metadataSignature58_0_,
abstractre0_.nameIdQualifier as nameIdQualifier59_0_,
abstractre0_.requiredAuthenticationContextClass as 
requiredAuthentic60_0_,
abstractre0_.requiredNameIdFormat as requiredNameIdFor61_0_,
abstractre0_.serviceProviderNameIdQualifier as 
serviceProviderNa62_0_,
abstractre0_.signAssertions as signAssertions63_0_,
abstractre0_.signResponses as signResponses64_0_,
abstractre0_.signingCredentialType as signingCredential65_0_,
abstractre0_.skipGeneratingAssertionNameId as 
skipGeneratingAss66_0_,
abstractre0_.skipGeneratingSubjectConfirmationInResponseTo as 
skipGeneratingSub67_0_,
abstractre0_.skipGeneratingSubjectConfirmationNotBefore as 
skipGeneratingSub68_0_,
abstractre0_.skipGeneratingSubjectConfirmationNotOnOrAfter as 
skipGeneratingSub69_0_,
abstractre0_.skipGenerati

[cas-user] CAS 5.2.x as IDP using SAML 2.0

2018-04-12 Thread Jay 
Hello everyone,

We are recently in process of upgrading from CAS3.5 to CAS5.2 as part of 
this effort we need to provide support of SAML authentication to an 
external application (say 'abc' application).

Here 'abc' will be the SP and new CAS5.x will be the identity provider.

Could someone guide us or tell how to achieve since we are new to CAS5.x 
framework, it would be very helpful the achieve this implementation.

Thanks,
Jay

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2dfb8750-be37-4603-8621-5cc51142d6e4%40apereo.org.

[cas-user] CAS 5.2.x oauth property set doesn't work

2018-03-08 Thread Leo Pintos 
Hi I'm trying to set the grant types and response types but something is 
wrong

I put the bellow configuration in my OAuthRegisteredService json:

  "supported_grants" : ["authorization_code", "password", 
"client_credentials", "refresh_token"],
  "supported_responses" : ["code", "token", "id_token token"],

I can see this fields empty in the log.


Any help?
Thank in advance.
Leo

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/04ac841e-ee14-4927-aa55-d723c6f36602%40apereo.org.

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-28 Thread Andy Ng 
Hi Manfredo,

Thank you for this suggestion, but what if I need to change my site url, or 
the refirect_uri, or the client_name changed?

This method seems like too hard code, but I will use it if no other choice.

Thanks you!

On Wednesday, 28 February 2018 21:07:58 UTC+8, Manfredo Hopp wrote:
>
> Try with 
>
>
> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize 
> ?
> client_name=XXX&
> client_id=OAuthApp&
> redirect_uri=http://www.example.com/sp&;
> response_type=code
>
>
> as serviceId
>
>
> El miércoles, 28 de febrero de 2018, Andy Ng  > escribió:
>
>> Hi Manfredo,
>>
>> I have the custom theme loaded no problem without oauth, is just that 
>> when I do it with oauth, setting the theme seems like a difficult task.
>>
>> -Andy
>>
>> On Wednesday, 28 February 2018 11:55:23 UTC+8, Manfredo Hopp wrote:
>>>
>>>  open browser developper tool to see if itheme gets loaded
>>>
>>> El miércoles, 28 de febrero de 2018, Man H  
>>> escribió:
>>>
 Cant you just build a simple webapp with index.html

 El miércoles, 28 de febrero de 2018, Andy Ng  
 escribió:

> Thanks Manfedo,
>
> Do you mean that I should:
> - Redirect user to login using Non Oauth Service first (with theme)
> - Then redirect user to login using Oauth Service for actual Oauth 
> login
>
> Am I correct?
>
> I would prefer not to do the above, since that mean the service 
> provider need to change their code, but if needed I think the above is 
> still feasible, thanks Manfedo.
>
> I would like to see if there are a solution that, to not use non oauth 
> login first. Thanks.
>
> -Andy
>
> On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>>
>> Try to.load that theme on a regular service, that is non oauth
>>
>> El miércoles, 28 de febrero de 2018, Andy Ng  
>> escribió:
>>
>>> Hi all,
>>>
>>> I am using CAS 5.2.x, and using OAuth for one service provider. The 
>>> provider now would like to have a custom theme.
>>>
>>> I thought I can just do this:
>>>
>>> {
>>>   "@class" : 
>>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>>   "clientId": "OAuthApp",
>>>   "clientSecret": "xx",
>>>   "serviceId" : "^http://www.example.com/sp.*";,
>>>   "name" : "OAuthApp",
>>>   "id" : 1000,
>>>   "evaluationOrder" : 1000,
>>>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>>>   "supportedGrantTypes" : [ "java.util.HashSet",  [ 
>>> "authorization_code" , "refresh_token"] ],
>>>   "theme" : "awesome_theme"
>>> }
>>>
>>>
>>>
>>> However it seems that the service the returned service is the below:
>>>
>>> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
>>> client_name=XXX&
>>> client_id=OAuthApp&
>>> redirect_uri=http://www.example.com/sp&;
>>> response_type=code
>>>
>>>
>>> So the *theme *will not load. So my question is, is it possible for 
>>> me to make custom theme for my OAuth SP provider?
>>>
>>> Thanks in advance!
>>>
>>> - Andy
>>>
>>> -- 
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, 
>>> send an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f16%40apereo.org
>>>  
>>> 
>>> .
>>>
>> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google 
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-5d01101a4873%40apereo.org
>  
> 
> .
>
 -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-28 Thread Man H 
Try with


https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize
?
client_name=XXX&
client_id=OAuthApp&
redirect_uri=http://www.example.com/sp&;
response_type=code


as serviceId


El miércoles, 28 de febrero de 2018, Andy Ng  escribió:

> Hi Manfredo,
>
> I have the custom theme loaded no problem without oauth, is just that when
> I do it with oauth, setting the theme seems like a difficult task.
>
> -Andy
>
> On Wednesday, 28 February 2018 11:55:23 UTC+8, Manfredo Hopp wrote:
>>
>>  open browser developper tool to see if itheme gets loaded
>>
>> El miércoles, 28 de febrero de 2018, Man H 
>> escribió:
>>
>>> Cant you just build a simple webapp with index.html
>>>
>>> El miércoles, 28 de febrero de 2018, Andy Ng 
>>> escribió:
>>>
 Thanks Manfedo,

 Do you mean that I should:
 - Redirect user to login using Non Oauth Service first (with theme)
 - Then redirect user to login using Oauth Service for actual Oauth login

 Am I correct?

 I would prefer not to do the above, since that mean the service
 provider need to change their code, but if needed I think the above is
 still feasible, thanks Manfedo.

 I would like to see if there are a solution that, to not use non oauth
 login first. Thanks.

 -Andy

 On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>
> Try to.load that theme on a regular service, that is non oauth
>
> El miércoles, 28 de febrero de 2018, Andy Ng 
> escribió:
>
>> Hi all,
>>
>> I am using CAS 5.2.x, and using OAuth for one service provider. The
>> provider now would like to have a custom theme.
>>
>> I thought I can just do this:
>>
>> {
>>   "@class" : "org.apereo.cas.support.oauth.
>> services.OAuthRegisteredService",
>>   "clientId": "OAuthApp",
>>   "clientSecret": "xx",
>>   "serviceId" : "^http://www.example.com/sp.*";,
>>   "name" : "OAuthApp",
>>   "id" : 1000,
>>   "evaluationOrder" : 1000,
>>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>>   "supportedGrantTypes" : [ "java.util.HashSet",  [
>> "authorization_code" , "refresh_token"] ],
>>   "theme" : "awesome_theme"
>> }
>>
>>
>>
>> However it seems that the service the returned service is the below:
>>
>> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
>> client_name=XXX&
>> client_id=OAuthApp&
>> redirect_uri=http://www.example.com/sp&;
>> response_type=code
>>
>>
>> So the *theme *will not load. So my question is, is it possible for
>> me to make custom theme for my OAuth SP provider?
>>
>> Thanks in advance!
>>
>> - Andy
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa4
>> db3b-f7e5-4751-8ba6-f3ee872f0f16%40apereo.org
>> 
>> .
>>
> --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+u...@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/ap
 ereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-5d01101a48
 73%40apereo.org
 
 .

>>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/34df67cc-57aa-436a-90ef-
> be8643a385fa%40apereo.org
>

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-27 Thread Andy Ng 
Hi Manfredo,

I have the custom theme loaded no problem without oauth, is just that when 
I do it with oauth, setting the theme seems like a difficult task.

-Andy

On Wednesday, 28 February 2018 11:55:23 UTC+8, Manfredo Hopp wrote:
>
>  open browser developper tool to see if itheme gets loaded
>
> El miércoles, 28 de febrero de 2018, Man H  > escribió:
>
>> Cant you just build a simple webapp with index.html
>>
>> El miércoles, 28 de febrero de 2018, Andy Ng > > escribió:
>>
>>> Thanks Manfedo,
>>>
>>> Do you mean that I should:
>>> - Redirect user to login using Non Oauth Service first (with theme)
>>> - Then redirect user to login using Oauth Service for actual Oauth login
>>>
>>> Am I correct?
>>>
>>> I would prefer not to do the above, since that mean the service provider 
>>> need to change their code, but if needed I think the above is still 
>>> feasible, thanks Manfedo.
>>>
>>> I would like to see if there are a solution that, to not use non oauth 
>>> login first. Thanks.
>>>
>>> -Andy
>>>
>>> On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:

 Try to.load that theme on a regular service, that is non oauth

 El miércoles, 28 de febrero de 2018, Andy Ng  
 escribió:

> Hi all,
>
> I am using CAS 5.2.x, and using OAuth for one service provider. The 
> provider now would like to have a custom theme.
>
> I thought I can just do this:
>
> {
>   "@class" : 
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "clientId": "OAuthApp",
>   "clientSecret": "xx",
>   "serviceId" : "^http://www.example.com/sp.*";,
>   "name" : "OAuthApp",
>   "id" : 1000,
>   "evaluationOrder" : 1000,
>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>   "supportedGrantTypes" : [ "java.util.HashSet",  [ 
> "authorization_code" , "refresh_token"] ],
>   "theme" : "awesome_theme"
> }
>
>
>
> However it seems that the service the returned service is the below:
>
> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
> client_name=XXX&
> client_id=OAuthApp&
> redirect_uri=http://www.example.com/sp&;
> response_type=code
>
>
> So the *theme *will not load. So my question is, is it possible for 
> me to make custom theme for my OAuth SP provider?
>
> Thanks in advance!
>
> - Andy
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google 
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f16%40apereo.org
>  
> 
> .
>
 -- 
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-5d01101a4873%40apereo.org
>>>  
>>> 
>>> .
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/34df67cc-57aa-436a-90ef-be8643a385fa%40apereo.org.

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-27 Thread Man H 
 open browser developper tool to see if itheme gets loaded

El miércoles, 28 de febrero de 2018, Man H 
escribió:

> Cant you just build a simple webapp with index.html
>
> El miércoles, 28 de febrero de 2018, Andy Ng  escribió:
>
>> Thanks Manfedo,
>>
>> Do you mean that I should:
>> - Redirect user to login using Non Oauth Service first (with theme)
>> - Then redirect user to login using Oauth Service for actual Oauth login
>>
>> Am I correct?
>>
>> I would prefer not to do the above, since that mean the service provider
>> need to change their code, but if needed I think the above is still
>> feasible, thanks Manfedo.
>>
>> I would like to see if there are a solution that, to not use non oauth
>> login first. Thanks.
>>
>> -Andy
>>
>> On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>>>
>>> Try to.load that theme on a regular service, that is non oauth
>>>
>>> El miércoles, 28 de febrero de 2018, Andy Ng 
>>> escribió:
>>>
 Hi all,

 I am using CAS 5.2.x, and using OAuth for one service provider. The
 provider now would like to have a custom theme.

 I thought I can just do this:

 {
   "@class" : "org.apereo.cas.support.oauth.
 services.OAuthRegisteredService",
   "clientId": "OAuthApp",
   "clientSecret": "xx",
   "serviceId" : "^http://www.example.com/sp.*";,
   "name" : "OAuthApp",
   "id" : 1000,
   "evaluationOrder" : 1000,
   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
   "supportedGrantTypes" : [ "java.util.HashSet",  [
 "authorization_code" , "refresh_token"] ],
   "theme" : "awesome_theme"
 }



 However it seems that the service the returned service is the below:

 https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
 client_name=XXX&
 client_id=OAuthApp&
 redirect_uri=http://www.example.com/sp&;
 response_type=code


 So the *theme *will not load. So my question is, is it possible for me
 to make custom theme for my OAuth SP provider?

 Thanks in advance!

 - Andy

 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+u...@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/ap
 ereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f
 16%40apereo.org
 
 .

>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-5d01101a48
>> 73%40apereo.org
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midCJCmyEH_%3DQQC6F%2B4C5bo7KjHVAFcd-Y_FXpyiE7ND0Q%40mail.gmail.com.

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-27 Thread Man H 
Cant you just build a simple webapp with index.html

El miércoles, 28 de febrero de 2018, Andy Ng  escribió:

> Thanks Manfedo,
>
> Do you mean that I should:
> - Redirect user to login using Non Oauth Service first (with theme)
> - Then redirect user to login using Oauth Service for actual Oauth login
>
> Am I correct?
>
> I would prefer not to do the above, since that mean the service provider
> need to change their code, but if needed I think the above is still
> feasible, thanks Manfedo.
>
> I would like to see if there are a solution that, to not use non oauth
> login first. Thanks.
>
> -Andy
>
> On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>>
>> Try to.load that theme on a regular service, that is non oauth
>>
>> El miércoles, 28 de febrero de 2018, Andy Ng  escribió:
>>
>>> Hi all,
>>>
>>> I am using CAS 5.2.x, and using OAuth for one service provider. The
>>> provider now would like to have a custom theme.
>>>
>>> I thought I can just do this:
>>>
>>> {
>>>   "@class" : "org.apereo.cas.support.oauth.
>>> services.OAuthRegisteredService",
>>>   "clientId": "OAuthApp",
>>>   "clientSecret": "xx",
>>>   "serviceId" : "^http://www.example.com/sp.*";,
>>>   "name" : "OAuthApp",
>>>   "id" : 1000,
>>>   "evaluationOrder" : 1000,
>>>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>>>   "supportedGrantTypes" : [ "java.util.HashSet",  [ "authorization_code"
>>> , "refresh_token"] ],
>>>   "theme" : "awesome_theme"
>>> }
>>>
>>>
>>>
>>> However it seems that the service the returned service is the below:
>>>
>>> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
>>> client_name=XXX&
>>> client_id=OAuthApp&
>>> redirect_uri=http://www.example.com/sp&;
>>> response_type=code
>>>
>>>
>>> So the *theme *will not load. So my question is, is it possible for me
>>> to make custom theme for my OAuth SP provider?
>>>
>>> Thanks in advance!
>>>
>>> - Andy
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f
>>> 16%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-
> 5d01101a4873%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifHTaGJMRiMf3zOzcOoeu9QFtjzjjuCgAzYrNq9vivu7A%40mail.gmail.com.

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-27 Thread Andy Ng 
Thanks Manfedo,

Do you mean that I should:
- Redirect user to login using Non Oauth Service first (with theme)
- Then redirect user to login using Oauth Service for actual Oauth login

Am I correct?

I would prefer not to do the above, since that mean the service provider 
need to change their code, but if needed I think the above is still 
feasible, thanks Manfedo.

I would like to see if there are a solution that, to not use non oauth 
login first. Thanks.

-Andy

On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>
> Try to.load that theme on a regular service, that is non oauth
>
> El miércoles, 28 de febrero de 2018, Andy Ng  > escribió:
>
>> Hi all,
>>
>> I am using CAS 5.2.x, and using OAuth for one service provider. The 
>> provider now would like to have a custom theme.
>>
>> I thought I can just do this:
>>
>> {
>>   "@class" : 
>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>   "clientId": "OAuthApp",
>>   "clientSecret": "xx",
>>   "serviceId" : "^http://www.example.com/sp.*";,
>>   "name" : "OAuthApp",
>>   "id" : 1000,
>>   "evaluationOrder" : 1000,
>>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>>   "supportedGrantTypes" : [ "java.util.HashSet",  [ "authorization_code" 
>> , "refresh_token"] ],
>>   "theme" : "awesome_theme"
>> }
>>
>>
>>
>> However it seems that the service the returned service is the below:
>>
>> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
>> client_name=XXX&
>> client_id=OAuthApp&
>> redirect_uri=http://www.example.com/sp&;
>> response_type=code
>>
>>
>> So the *theme *will not load. So my question is, is it possible for me 
>> to make custom theme for my OAuth SP provider?
>>
>> Thanks in advance!
>>
>> - Andy
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f16%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-5d01101a4873%40apereo.org.

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-27 Thread Man H 
Try to.load that theme on a regular service, that is non oauth

El miércoles, 28 de febrero de 2018, Andy Ng  escribió:

> Hi all,
>
> I am using CAS 5.2.x, and using OAuth for one service provider. The
> provider now would like to have a custom theme.
>
> I thought I can just do this:
>
> {
>   "@class" : "org.apereo.cas.support.oauth.services.
> OAuthRegisteredService",
>   "clientId": "OAuthApp",
>   "clientSecret": "xx",
>   "serviceId" : "^http://www.example.com/sp.*";,
>   "name" : "OAuthApp",
>   "id" : 1000,
>   "evaluationOrder" : 1000,
>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>   "supportedGrantTypes" : [ "java.util.HashSet",  [ "authorization_code" ,
> "refresh_token"] ],
>   "theme" : "awesome_theme"
> }
>
>
>
> However it seems that the service the returned service is the below:
>
> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
> client_name=XXX&
> client_id=OAuthApp&
> redirect_uri=http://www.example.com/sp&;
> response_type=code
>
>
> So the *theme *will not load. So my question is, is it possible for me to
> make custom theme for my OAuth SP provider?
>
> Thanks in advance!
>
> - Andy
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-
> f3ee872f0f16%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micSfaC3Pb1GUOjZ2vkSvUCfKuiPoVioHJ%2Bfi%2Bcp7Gd%2B8w%40mail.gmail.com.

[cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

2018-02-27 Thread Andy Ng 
Hi all,

I am using CAS 5.2.x, and using OAuth for one service provider. The 
provider now would like to have a custom theme.

I thought I can just do this:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "OAuthApp",
  "clientSecret": "xx",
  "serviceId" : "^http://www.example.com/sp.*";,
  "name" : "OAuthApp",
  "id" : 1000,
  "evaluationOrder" : 1000,
  "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
  "supportedGrantTypes" : [ "java.util.HashSet",  [ "authorization_code" , 
"refresh_token"] ],
  "theme" : "awesome_theme"
}



However it seems that the service the returned service is the below:

https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
client_name=XXX&
client_id=OAuthApp&
redirect_uri=http://www.example.com/sp&;
response_type=code


So the *theme *will not load. So my question is, is it possible for me to 
make custom theme for my OAuth SP provider?

Thanks in advance!

- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f16%40apereo.org.

Re: [SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues

2018-02-15 Thread Misagh Moayyed 
Nice. If and when you get to it, turn it into once of these: 
https://apereo.github.io/cas/development/integration/Configuring-SAML-SP-Integrations.html
 

--Misagh 

> From: "vnick" 
> To: "CAS Community" 
> Cc: "Misagh Moayyed" 
> Sent: Thursday, February 15, 2018 11:46:57 AM
> Subject: Re: [SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues

> I'm writing a SAML authentication extension for the Guacamole Project
> (http://guacamole.apache.org).
> -Nick

> On Thursday, February 15, 2018 at 1:24:24 PM UTC-5, Misagh Moayyed wrote:
>> Cool. Who exactly is the SP in this scenario?

>> --Misagh

>>> From: "vnick" < nick.e@gmail.com >
>>> To: "CAS Community" < cas-...@apereo.org >
>>> Cc: "Misagh Moayyed" < mmoa...@unicon.net >
>>> Sent: Thursday, February 15, 2018 10:48:25 AM
>>> Subject: [SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues

>>> Well, this put me on the right path - turns out the number of services the 
>>> log
>>> file told me was loading just happened to match what was in the services
>>> directory, but the CAS configuration was not pointing at anything but the
>>> default location, so it wasn't actually loading my services. Problem is
>>> resolved - all works well, now!
>>> -Nick

>>> On Thursday, February 15, 2018 at 12:29:00 PM UTC-5, Misagh Moayyed wrote:
>>>> Do you have other JSON service definitions in the registry? Anything with a
>>>> lower evaluation order or a more relaxed regex pattern?

>>>> --Misagh

>>>>> From: "vnick" < nick.e@gmail.com >
>>>>> To: "CAS Community" < cas-...@apereo.org >
>>>>> Sent: Thursday, February 15, 2018 10:15:40 AM
>>>>> Subject: [cas-user] CAS 5.2.x SAML IdP Issues

>>>>> Hey, everyone,
>>>>> I'm trying to get SAML2 authentication working against my CAS server. 
>>>>> I've got
>>>>> CAS protocol authentications working just fine, but am struggling getting 
>>>>> the
>>>>> SAML IdP configured correctly. I have the following items configured in 
>>>>> my main
>>>>> CAS configuration:

>>>>> ## SAML Provider
>>>>> cas.authn.samlIdp.entityId= https://server.domain.com/cas/idp
>>>>> cas.authn.samlIdp.hostName= server.domain.com
>>>>> cas.authn.samlIdp.scope= domain.com
>>>>> cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
>>>>> cas.authn.samlIdp.metadata.failFast=true
>>>>> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
>>>>> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
>>>>> cas.authn.samlIdp.metadata.requireValidMetadata=true
>>>>> cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
>>>>> cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
>>>>> cas.authn.samlIdp.response.skewAllowance=0
>>>>> cas.authn.samlIdp.response.signError=false
>>>>> cas.authn.samlIdp.response.useAttributeFriendlyName=true

>>>>> I also have a JSON-based service registry configured, and have the 
>>>>> following
>>>>> entry for the SP that I'm trying to authenticate with:

>>>>> {
>>>>> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>>>> "serviceId": " https://1.2.3.4/guacamole/api/tokens ",
>>>>> "name": "GuacamoleSAML",
>>>>> "id": 1002,
>>>>> "evaluationsOrder": 1002,
>>>>> "metadataLocation": "file:///etc/cas/saml/sp-guacamole.xml"
>>>>> }

>>>>> and, finally, I used the web site mentioned in the CAS SAML IdP 
>>>>> documentation to
>>>>> generate the metadata:

>>>>> 
>>>>> >>>> validUntil="2018-02-17T03:16:28Z"
>>>>> cacheDuration="PT604800S"
>>>>> entityID=" https://1.2.3.4/guacamole/api/tokens ">
>>>>> >>>> WantAssertionsSigned="false"
>>>>> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
>>>>> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
>>>>> >>>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>>>>> Location=" https://1.2.

Re: [SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues

2018-02-15 Thread vnick 
I'm writing a SAML authentication extension for the Guacamole Project 
(http://guacamole.apache.org).

-Nick

On Thursday, February 15, 2018 at 1:24:24 PM UTC-5, Misagh Moayyed wrote:
>
> Cool. Who exactly is the SP in this scenario? 
>
> --Misagh
>
> --
>
> *From: *"vnick" >
> *To: *"CAS Community" >
> *Cc: *"Misagh Moayyed" >
> *Sent: *Thursday, February 15, 2018 10:48:25 AM
> *Subject: *[SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues
>
> Well, this put me on the right path - turns out the number of services the 
> log file told me was loading just happened to match what was in the 
> services directory, but the CAS configuration was not pointing at anything 
> but the default location, so it wasn't actually loading my services.  
> Problem is resolved - all works well, now!
> -Nick
>
> On Thursday, February 15, 2018 at 12:29:00 PM UTC-5, Misagh Moayyed wrote:
>>
>> Do you have other JSON service definitions in the registry? Anything with 
>> a lower evaluation order or a more relaxed regex pattern? 
>>
>> --Misagh
>>
>> --
>>
>> *From: *"vnick" http://JAVASCRIPT-BLOCKED>>
>> *To: *"CAS Community" http://JAVASCRIPT-BLOCKED>>
>> *Sent: *Thursday, February 15, 2018 10:15:40 AM
>> *Subject: *[cas-user] CAS 5.2.x SAML IdP Issues
>>
>> Hey, everyone,
>> I'm trying to get SAML2 authentication working against my CAS server.  
>> I've got CAS protocol authentications working just fine, but am struggling 
>> getting the SAML IdP configured correctly.  I have the following items 
>> configured in my main CAS configuration:
>>
>> ## SAML Provider
>> cas.authn.samlIdp.entityId=https://server.domain.com/cas/idp
>> cas.authn.samlIdp.hostName=server.domain.com
>> cas.authn.samlIdp.scope=domain.com
>> cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
>> cas.authn.samlIdp.metadata.failFast=true
>> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
>> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
>> cas.authn.samlIdp.metadata.requireValidMetadata=true
>> cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
>> cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
>> cas.authn.samlIdp.response.skewAllowance=0
>> cas.authn.samlIdp.response.signError=false
>> cas.authn.samlIdp.response.useAttributeFriendlyName=true
>>
>> I also have a JSON-based service registry configured, and have the 
>> following entry for the SP that I'm trying to authenticate with:
>>
>> {
>> "@class": 
>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>> "serviceId": "https://1.2.3.4/guacamole/api/tokens";,
>> "name": "GuacamoleSAML",
>> "id": 1002,
>> "evaluationsOrder": 1002,
>> "metadataLocation": "file:///etc/cas/saml/sp-guacamole.xml"
>> }
>>
>> and, finally, I used the web site mentioned in the CAS SAML IdP 
>> documentation to generate the metadata:
>>
>> 
>> >  validUntil="2018-02-17T03:16:28Z"
>>  cacheDuration="PT604800S"
>>  entityID="https://1.2.3.4/guacamole/api/tokens";>
>> > WantAssertionsSigned="false" 
>> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
>> 
>> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
>> > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>>  Location="
>> https://1.2.3.4/guacamole/api/ext/saml/callback";
>>  index="1" />
>> 
>> 
>> 
>>
>> However, every time I try to authenticate with this app, I receive the 
>> following error:
>>
>> 2018-02-15 12:12:52,559 INFO 
>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>  
>> - 
>> 2018-02-15 12:12:52,581 ERROR 
>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>  
>> - > https://1.2.3.4/guacamole/api/tokens] in registry but the match is not 
>> defined as a SAML service>
>>
>> I can't seem to get much more detail - I think something must be wrong 
>> with my logging configuration, because I can't get any debugging.  Also, 
>> most of

Re: [SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues

2018-02-15 Thread Misagh Moayyed 
Cool. Who exactly is the SP in this scenario? 

--Misagh 

> From: "vnick" 
> To: "CAS Community" 
> Cc: "Misagh Moayyed" 
> Sent: Thursday, February 15, 2018 10:48:25 AM
> Subject: [SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues

> Well, this put me on the right path - turns out the number of services the log
> file told me was loading just happened to match what was in the services
> directory, but the CAS configuration was not pointing at anything but the
> default location, so it wasn't actually loading my services. Problem is
> resolved - all works well, now!
> -Nick

> On Thursday, February 15, 2018 at 12:29:00 PM UTC-5, Misagh Moayyed wrote:
>> Do you have other JSON service definitions in the registry? Anything with a
>> lower evaluation order or a more relaxed regex pattern?

>> --Misagh

>>> From: "vnick" < nick.e@gmail.com >
>>> To: "CAS Community" < cas-...@apereo.org >
>>> Sent: Thursday, February 15, 2018 10:15:40 AM
>>> Subject: [cas-user] CAS 5.2.x SAML IdP Issues

>>> Hey, everyone,
>>> I'm trying to get SAML2 authentication working against my CAS server. I've 
>>> got
>>> CAS protocol authentications working just fine, but am struggling getting 
>>> the
>>> SAML IdP configured correctly. I have the following items configured in my 
>>> main
>>> CAS configuration:

>>> ## SAML Provider
>>> cas.authn.samlIdp.entityId= https://server.domain.com/cas/idp
>>> cas.authn.samlIdp.hostName= server.domain.com
>>> cas.authn.samlIdp.scope= domain.com
>>> cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
>>> cas.authn.samlIdp.metadata.failFast=true
>>> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
>>> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
>>> cas.authn.samlIdp.metadata.requireValidMetadata=true
>>> cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
>>> cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
>>> cas.authn.samlIdp.response.skewAllowance=0
>>> cas.authn.samlIdp.response.signError=false
>>> cas.authn.samlIdp.response.useAttributeFriendlyName=true

>>> I also have a JSON-based service registry configured, and have the following
>>> entry for the SP that I'm trying to authenticate with:

>>> {
>>> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>> "serviceId": " https://1.2.3.4/guacamole/api/tokens ",
>>> "name": "GuacamoleSAML",
>>> "id": 1002,
>>> "evaluationsOrder": 1002,
>>> "metadataLocation": "file:///etc/cas/saml/sp-guacamole.xml"
>>> }

>>> and, finally, I used the web site mentioned in the CAS SAML IdP 
>>> documentation to
>>> generate the metadata:

>>> 
>>> >> validUntil="2018-02-17T03:16:28Z"
>>> cacheDuration="PT604800S"
>>> entityID=" https://1.2.3.4/guacamole/api/tokens ">
>>> >> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
>>> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
>>> >> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>>> Location=" https://1.2.3.4/guacamole/api/ext/saml/callback "
>>> index="1" />
>>> 
>>> 

>>> However, every time I try to authenticate with this app, I receive the 
>>> following
>>> error:

>>> 2018-02-15 12:12:52,559 INFO
>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>> - 
>>> 2018-02-15 12:12:52,581 ERROR
>>> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>>> - https://1.2.3.4/guacamole/api/tokens 
>>> ]
>>> in registry but the match is not defined as a SAML service>

>>> I can't seem to get much more detail - I think something must be wrong with 
>>> my
>>> logging configuration, because I can't get any debugging. Also, most of the
>>> parameters in the cas configuration file for SAML (cas.authn.samlIdp.*) 
>>> seem to
>>> lack documentation - for example, I feel like this could be related to the
>>> "cas.authn.samlIdp.scope= domain.com ", but there's no documentation on 
>>> what's
>>> expected or acceptable for the scope, and whether this would generate the 
>>> error
>&g

[SOLVED] Re: [cas-user] CAS 5.2.x SAML IdP Issues

2018-02-15 Thread vnick 
Well, this put me on the right path - turns out the number of services the 
log file told me was loading just happened to match what was in the 
services directory, but the CAS configuration was not pointing at anything 
but the default location, so it wasn't actually loading my services.  
Problem is resolved - all works well, now!

-Nick

On Thursday, February 15, 2018 at 12:29:00 PM UTC-5, Misagh Moayyed wrote:
>
> Do you have other JSON service definitions in the registry? Anything with 
> a lower evaluation order or a more relaxed regex pattern? 
>
> --Misagh
>
> --
>
> *From: *"vnick" >
> *To: *"CAS Community" >
> *Sent: *Thursday, February 15, 2018 10:15:40 AM
> *Subject: *[cas-user] CAS 5.2.x SAML IdP Issues
>
> Hey, everyone,
> I'm trying to get SAML2 authentication working against my CAS server.  
> I've got CAS protocol authentications working just fine, but am struggling 
> getting the SAML IdP configured correctly.  I have the following items 
> configured in my main CAS configuration:
>
> ## SAML Provider
> cas.authn.samlIdp.entityId=https://server.domain.com/cas/idp
> cas.authn.samlIdp.hostName=server.domain.com
> cas.authn.samlIdp.scope=domain.com
> cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
> cas.authn.samlIdp.metadata.failFast=true
> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
> cas.authn.samlIdp.metadata.requireValidMetadata=true
> cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
> cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
> cas.authn.samlIdp.response.skewAllowance=0
> cas.authn.samlIdp.response.signError=false
> cas.authn.samlIdp.response.useAttributeFriendlyName=true
>
> I also have a JSON-based service registry configured, and have the 
> following entry for the SP that I'm trying to authenticate with:
>
> {
> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId": "https://1.2.3.4/guacamole/api/tokens";,
> "name": "GuacamoleSAML",
> "id": 1002,
> "evaluationsOrder": 1002,
> "metadataLocation": "file:///etc/cas/saml/sp-guacamole.xml"
> }
>
> and, finally, I used the web site mentioned in the CAS SAML IdP 
> documentation to generate the metadata:
>
> 
>   validUntil="2018-02-17T03:16:28Z"
>  cacheDuration="PT604800S"
>  entityID="https://1.2.3.4/guacamole/api/tokens";>
>  WantAssertionsSigned="false" 
> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
> 
> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>  Location="
> https://1.2.3.4/guacamole/api/ext/saml/callback";
>  index="1" />
> 
> 
> 
>
> However, every time I try to authenticate with this app, I receive the 
> following error:
>
> 2018-02-15 12:12:52,559 INFO 
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>  
> - 
> 2018-02-15 12:12:52,581 ERROR 
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>  
> - https://1.2.3.4/guacamole/api/tokens] 
> in registry but the match is not defined as a SAML service>
>
> I can't seem to get much more detail - I think something must be wrong 
> with my logging configuration, because I can't get any debugging.  Also, 
> most of the parameters in the cas configuration file for SAML 
> (cas.authn.samlIdp.*) seem to lack documentation - for example, I feel like 
> this could be related to the "cas.authn.samlIdp.scope=domain.com", but 
> there's no documentation on what's expected or acceptable for the scope, 
> and whether this would generate the error message I'm seeing above?  Other 
> than that, as far as I can tell, my JSON service entry matches the 
> documentation, is valid JSON, and defines the mentioned service as a SAML 
> service, so its unclear to me what's leading to this error.
>
> Any pointers would be appreciated!
>
> -Nick
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community&qu

Re: [cas-user] CAS 5.2.x SAML IdP Issues

2018-02-15 Thread vnick 
There are other service definitions in the registry, yes, but none that 
should overlap with this definition.  There are only two other service 
definitions - one is the OAuth Callback, which is automatically generated 
by CAS, and the other is one for the server on which CAS is running, which 
is different from the URL of the SAML application.  I will try disabling 
the one for the server where CAS is running just to be sure, but I the 
RegEx for that is pretty specific to that host and I don't see how it could 
overlap.

-Nick

On Thursday, February 15, 2018 at 12:29:00 PM UTC-5, Misagh Moayyed wrote:
>
> Do you have other JSON service definitions in the registry? Anything with 
> a lower evaluation order or a more relaxed regex pattern? 
>
> --Misagh
>
> --
>
> *From: *"vnick" >
> *To: *"CAS Community" >
> *Sent: *Thursday, February 15, 2018 10:15:40 AM
> *Subject: *[cas-user] CAS 5.2.x SAML IdP Issues
>
> Hey, everyone,
> I'm trying to get SAML2 authentication working against my CAS server.  
> I've got CAS protocol authentications working just fine, but am struggling 
> getting the SAML IdP configured correctly.  I have the following items 
> configured in my main CAS configuration:
>
> ## SAML Provider
> cas.authn.samlIdp.entityId=https://server.domain.com/cas/idp
> cas.authn.samlIdp.hostName=server.domain.com
> cas.authn.samlIdp.scope=domain.com
> cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
> cas.authn.samlIdp.metadata.failFast=true
> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
> cas.authn.samlIdp.metadata.requireValidMetadata=true
> cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
> cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
> cas.authn.samlIdp.response.skewAllowance=0
> cas.authn.samlIdp.response.signError=false
> cas.authn.samlIdp.response.useAttributeFriendlyName=true
>
> I also have a JSON-based service registry configured, and have the 
> following entry for the SP that I'm trying to authenticate with:
>
> {
> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId": "https://1.2.3.4/guacamole/api/tokens";,
> "name": "GuacamoleSAML",
> "id": 1002,
> "evaluationsOrder": 1002,
> "metadataLocation": "file:///etc/cas/saml/sp-guacamole.xml"
> }
>
> and, finally, I used the web site mentioned in the CAS SAML IdP 
> documentation to generate the metadata:
>
> 
>   validUntil="2018-02-17T03:16:28Z"
>  cacheDuration="PT604800S"
>  entityID="https://1.2.3.4/guacamole/api/tokens";>
>  WantAssertionsSigned="false" 
> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
> 
> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>  Location="
> https://1.2.3.4/guacamole/api/ext/saml/callback";
>  index="1" />
> 
> 
> 
>
> However, every time I try to authenticate with this app, I receive the 
> following error:
>
> 2018-02-15 12:12:52,559 INFO 
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>  
> - 
> 2018-02-15 12:12:52,581 ERROR 
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
>  
> - https://1.2.3.4/guacamole/api/tokens] 
> in registry but the match is not defined as a SAML service>
>
> I can't seem to get much more detail - I think something must be wrong 
> with my logging configuration, because I can't get any debugging.  Also, 
> most of the parameters in the cas configuration file for SAML 
> (cas.authn.samlIdp.*) seem to lack documentation - for example, I feel like 
> this could be related to the "cas.authn.samlIdp.scope=domain.com", but 
> there's no documentation on what's expected or acceptable for the scope, 
> and whether this would generate the error message I'm seeing above?  Other 
> than that, as far as I can tell, my JSON service entry matches the 
> documentation, is valid JSON, and defines the mentioned service as a SAML 
> service, so its unclear to me what's leading to this error.
>
> Any pointers would be appreciated!
>
> -Nick
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guide

Re: [cas-user] CAS 5.2.x SAML IdP Issues

2018-02-15 Thread Misagh Moayyed 
Do you have other JSON service definitions in the registry? Anything with a 
lower evaluation order or a more relaxed regex pattern? 

--Misagh 

> From: "vnick" 
> To: "CAS Community" 
> Sent: Thursday, February 15, 2018 10:15:40 AM
> Subject: [cas-user] CAS 5.2.x SAML IdP Issues

> Hey, everyone,
> I'm trying to get SAML2 authentication working against my CAS server. I've got
> CAS protocol authentications working just fine, but am struggling getting the
> SAML IdP configured correctly. I have the following items configured in my 
> main
> CAS configuration:

> ## SAML Provider
> cas.authn.samlIdp.entityId=https://server.domain.com/cas/idp
> cas.authn.samlIdp.hostName=server.domain.com
> cas.authn.samlIdp.scope=domain.com
> cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
> cas.authn.samlIdp.metadata.failFast=true
> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
> cas.authn.samlIdp.metadata.requireValidMetadata=true
> cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
> cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
> cas.authn.samlIdp.response.skewAllowance=0
> cas.authn.samlIdp.response.signError=false
> cas.authn.samlIdp.response.useAttributeFriendlyName=true

> I also have a JSON-based service registry configured, and have the following
> entry for the SP that I'm trying to authenticate with:

> {
> "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
> "serviceId": "https://1.2.3.4/guacamole/api/tokens";,
> "name": "GuacamoleSAML",
> "id": 1002,
> "evaluationsOrder": 1002,
> "metadataLocation": "file:///etc/cas/saml/sp-guacamole.xml"
> }

> and, finally, I used the web site mentioned in the CAS SAML IdP documentation 
> to
> generate the metadata:

> 
>  validUntil="2018-02-17T03:16:28Z"
> cacheDuration="PT604800S"
> entityID="https://1.2.3.4/guacamole/api/tokens";>
>  protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
>  Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
> Location="https://1.2.3.4/guacamole/api/ext/saml/callback";
> index="1" />
> 
> 

> However, every time I try to authenticate with this app, I receive the 
> following
> error:

> 2018-02-15 12:12:52,559 INFO
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
> - 
> 2018-02-15 12:12:52,581 ERROR
> [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
> - https://1.2.3.4/guacamole/api/tokens] in
> registry but the match is not defined as a SAML service>

> I can't seem to get much more detail - I think something must be wrong with my
> logging configuration, because I can't get any debugging. Also, most of the
> parameters in the cas configuration file for SAML (cas.authn.samlIdp.*) seem 
> to
> lack documentation - for example, I feel like this could be related to the
> "cas.authn.samlIdp.scope=domain.com", but there's no documentation on what's
> expected or acceptable for the scope, and whether this would generate the 
> error
> message I'm seeing above? Other than that, as far as I can tell, my JSON
> service entry matches the documentation, is valid JSON, and defines the
> mentioned service as a SAML service, so its unclear to me what's leading to
> this error.

> Any pointers would be appreciated!

> -Nick

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/abc5ef3d-26d5-4070-a08f-aa40db37a7fc%40apereo.org
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1493015488.14716721.1518715738613.JavaMail.zimbra%40unicon.net.

[cas-user] CAS 5.2.x SAML IdP Issues

2018-02-15 Thread vnick 
Hey, everyone,
I'm trying to get SAML2 authentication working against my CAS server.  I've 
got CAS protocol authentications working just fine, but am struggling 
getting the SAML IdP configured correctly.  I have the following items 
configured in my main CAS configuration:

## SAML Provider
cas.authn.samlIdp.entityId=https://server.domain.com/cas/idp
cas.authn.samlIdp.hostName=server.domain.com
cas.authn.samlIdp.scope=domain.com
cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
cas.authn.samlIdp.metadata.failFast=true
cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
cas.authn.samlIdp.metadata.requireValidMetadata=true
cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
cas.authn.samlIdp.response.skewAllowance=0
cas.authn.samlIdp.response.signError=false
cas.authn.samlIdp.response.useAttributeFriendlyName=true

I also have a JSON-based service registry configured, and have the 
following entry for the SP that I'm trying to authenticate with:

{
"@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "https://1.2.3.4/guacamole/api/tokens";,
"name": "GuacamoleSAML",
"id": 1002,
"evaluationsOrder": 1002,
"metadataLocation": "file:///etc/cas/saml/sp-guacamole.xml"
}

and, finally, I used the web site mentioned in the CAS SAML IdP 
documentation to generate the metadata:


https://1.2.3.4/guacamole/api/tokens";>


urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
https://1.2.3.4/guacamole/api/ext/saml/callback";
 index="1" />




However, every time I try to authenticate with this app, I receive the 
following error:

2018-02-15 12:12:52,559 INFO 
[org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
 
- 
2018-02-15 12:12:52,581 ERROR 
[org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController]
 
- https://1.2.3.4/guacamole/api/tokens] 
in registry but the match is not defined as a SAML service>

I can't seem to get much more detail - I think something must be wrong with 
my logging configuration, because I can't get any debugging.  Also, most of 
the parameters in the cas configuration file for SAML (cas.authn.samlIdp.*) 
seem to lack documentation - for example, I feel like this could be related 
to the "cas.authn.samlIdp.scope=domain.com", but there's no documentation 
on what's expected or acceptable for the scope, and whether this would 
generate the error message I'm seeing above?  Other than that, as far as I 
can tell, my JSON service entry matches the documentation, is valid JSON, 
and defines the mentioned service as a SAML service, so its unclear to me 
what's leading to this error.

Any pointers would be appreciated!

-Nick

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/abc5ef3d-26d5-4070-a08f-aa40db37a7fc%40apereo.org.

[cas-user] CAS 5.2.x Could not update the account password

2018-02-08 Thread casuser 
I am using CAS 5.2.x. For reset password, I get the reset password email 
and from the link I can get to the reset password page where I enter my new 
password and retype it but I get this error on the browser "Could not 
update the account password" and nothing in the server log. I am using LDAP 
active directory. 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/651db4bf-c702-42f1-9f08-30a9f2a8be54%40apereo.org.

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
Good for you David, 

We are still using LDAP with almost 200k users and maybe 30 attributes. 
Its complicated. 

Maybe M$ will loosen the cost of AD for a k-12 school district. 
Would be nice. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 12:31:22 PM 
Subject: Re: [cas-user] CAS 5.2.x 

It's a pain in the butt, mostly. :-) 

One of these days we're going to consolidate everything into the One True 
Active Directory and get rid of the second directory, which will make our lives 
easier in all sorts of ways, but that's still somewhere out on the horizon. 

The use of two AD configs just to handle two different OUs is mostly because 
there's another OU besides those two that we don't want to authenticate 
against, and so this was the simplest (although perhaps not the most efficient) 
way to do it. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 12:18 PM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



Thanks David, 

Thats a bit eye opening, the orders and different authorizing entites. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 12:13:48 PM 

Subject: Re: [cas-user] CAS 5.2.x 

These could probably be shortened up in a couple of ways by: 


* combining the [0] and [2] Active Directory configs, which go against 
different OUs of the same directory (but are otherwise identical), and 
* performing attribute resolution as part of the authentication process, 
which you can do now, but couldn't do in olden days. 

On the other hand, there's something to be said for configuring it in a way 
that makes sense to you, and this makes sense to me. And, of course, there's 
the fact that it works. :-) 

--Dave 

## 
## LDAP AUTHENTICATION CONFIGURATION 
## 
# 
# Active Directory LDAP authentication configuration (regular user accounts) 
# 
cas.authn.ldap[0].order: 0 
cas.authn.ldap[0].name: Active Directory 
cas.authn.ldap[0].type: AD 
cas.authn.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[0].validatePeriod: 270 
cas.authn.ldap[0].poolPassivator: NONE 
cas.authn.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.ldap[0].baseDn: ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[0].dnFormat: cn=%s,ou=TNSUsers,dc=tns,dc=newschool,dc=edu 

# 
# Luminis 5 LDAP authentication configuration (all user accounts) 
# 
cas.authn.ldap[1].order: 1 
cas.authn.ldap[1].name: Luminis LDAP 
cas.authn.ldap[1].type: AUTHENTICATED 
cas.authn.ldap[1].ldapUrl: ldaps:// janus.newschool.edu 
cas.authn.ldap[1].validatePeriod: 270 
cas.authn.ldap[1].userFilter: uid={user} 
cas.authn.ldap[1].baseDn: ou=People,o=cp 
cas.authn.ldap[1].bindDn: uid=ldap_ssotest,ou=People,o=cp 
cas.authn.ldap[1].bindCredential:  

# 
# Active Directory LDAP authentication configuration (admin user accounts) 
# 
cas.authn.ldap[2].order: 2 
cas.authn.ldap[2].name: Active Directory 
cas.authn.ldap[2].type: AD 
cas.authn.ldap[2].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[2].validatePeriod: 270 
cas.authn.ldap[2].poolPassivator: NONE 
cas.authn.ldap[2].userFilter: sAMAccountName={user} 
cas.authn.ldap[2].baseDn: ou=Network,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[2].dnFormat: cn=%s,ou=Network,dc=tns,dc=newschool,dc=edu 

## 
## LDAP ATTRIBUTE REPOSITORY CONFIGURATION 
## 
# 
# Collect attributes in the repository on a keep-first-value-found basis; 
# duplicate attributes (even if they have different values) in subsequent 
# sources will be ignored. 
# 
cas.authn.attributeRepository.merger: ADD 

# 
# Active Directory LDAP attribute lookup configuration (regular user accounts) 
# 
cas.authn.attributeRepository.ldap[0].order: 0 
cas.authn.attributeRepository.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.attributeRepository.ldap[0].validatePeriod: 270 
cas.authn.attributeRepository.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.attributeRepository.ldap[0].baseDn: 
ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[0].bindDn: 
cn=ldap_ssotest,ou=Service,ou=Users,ou=En

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
Yes I hear you. 

I got talked into using gradle by a senior co worker but I am scrapping that. 
I am not a developer and I am trying to understand the developers environment. 

I think NOW after Mr Curry helped me with the pom.xml I am now in 
cas.properties hell. 

There are just so many options and ways to do it. 

But thank you gentlemen , hopefully i can figure out the rest. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Chris Peck"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 11:38:10 AM 
Subject: Re: [cas-user] CAS 5.2.x 

All we do to build just the cas.war file is run this command in the directory 
with the pom.xml file & our src overlay directory: 
mvn clean package 
then it will poop out the warfile in target/cas.war 

We don't use their scripts. 
We keep the pom.xml file & our src overlay directory in git, when we push a 
change to our gitlab server it will build the warfile in a docker container, 
which then scp's the warfile to our cas servers automagically. This ensures a 
clean build environment every time. We don't do auto-deploy, we then ssh into 
the cas-servers and do the deploy manually. Eventually we plan on running CAS 
in docker, but, since we were under pressure to get it up version 5 we decided 
to do that later. 
Helpful - or - just more confusing? 
Chris 


On Thu, Feb 8, 2018 at 11:27 AM David Curry < david.cu...@newschool.edu > 
wrote: 




I'm afraid Gradle is a complete mystery to me. Hopefully someone else can jump 
in. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:49:08 AM 

Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread David Curry 
We're also using Shibboleth today, and we're also planning to drop it in
favor of CAS' SAML2 support. I have played a bit with using CAS as the IdP
and it seems to work in my limited testing against the Shibboleth SP
(mod_auth_shib) on Apache HTTPD.

My project this month is to actually move what I've been doing in dev into
test/prod with our Workday instance as the initial application, and Workday
wants SAML, so I'm about to learn more. :-)

The SAML stuff I've done is documented here:

https://dacurry-tns.github.io/deploying-apereo-cas/building_server_saml_overview.html
https://dacurry-tns.github.io/deploying-apereo-cas/building_samlclient_overview.html

--Dave



--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Feb 8, 2018 at 12:30 PM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> David,
>
> Thats really interesting actaully.
> Do you incorporate SAML2 proxy delegation in that properties file?
>
> We are using Shibboleth but plan to drop Shib and use SAML2 in CAS 5.
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> *From: *"David Curry" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 12:13:48 PM
>
> *Subject: *Re: [cas-user] CAS 5.2.x
>
> These could probably be shortened up in a couple of ways by:
>
>- combining the [0] and [2] Active Directory configs, which go against
>different OUs of the same directory (but are otherwise identical), and
>- performing attribute resolution as part of the authentication
>process, which you can do now, but couldn't do in olden days.
>
> On the other hand, there's something to be said for configuring it in a
> way that makes sense to you, and this makes sense to me. And, of course,
> there's the fact that it works. :-)
>
> --Dave
>
> 
> ##
> ## LDAP AUTHENTICATION CONFIGURATION
> 
> ##
> #
> # Active Directory LDAP authentication configuration (regular user
> accounts)
> #
> cas.authn.ldap[0].order:0
> cas.authn.ldap[0].name: Active Directory
> cas.authn.ldap[0].type: AD
> cas.authn.ldap[0].ldapUrl:  ldaps://zuul.newschool.edu
> cas.authn.ldap[0].validatePeriod:   270
> cas.authn.ldap[0].poolPassivator:   NONE
> cas.authn.ldap[0].userFilter:   sAMAccountName={user}
> cas.authn.ldap[0].baseDn:   ou=TNSUsers,dc=tns,dc=
> newschool,dc=edu
> cas.authn.ldap[0].dnFormat: cn=%s,ou=TNSUsers,dc=tns,dc=
> newschool,dc=edu
>
> #
> # Luminis 5 LDAP authentication configuration (all user accounts)
> #
> cas.authn.ldap[1].order:1
> cas.authn.ldap[1].name: Luminis LDAP
> cas.authn.ldap[1].type: AUTHENTICATED
> cas.authn.ldap[1].ldapUrl:  ldaps://janus.newschool.edu
> cas.authn.ldap[1].validatePeriod:   270
> cas.authn.ldap[1].userFilter:   uid={user}
> cas.authn.ldap[1].baseDn:   ou=People,o=cp
> cas.authn.ldap[1].bindDn:   uid=ldap_ssotest,ou=People,o=cp
> cas.authn.ldap[1].bindCredential:   
>
> #
> # Active Directory LDAP authentication configuration (admin user accounts)
> #
> cas.authn.ldap[2].order:2
> cas.authn.ldap[2].name: Active Directory
> cas.authn.ldap[2].type: AD
> cas.authn.ldap[2].ldapUrl:  ldaps://zuul.newschool.edu
> cas.authn.ldap[2].validatePeriod:   270
> cas.authn.ldap[2].poolPassivator:   NONE
> cas.authn.ldap[2].userFilter:   sAMAccountName={user}
> cas.authn.ldap[2].baseDn:   ou=Network,dc=tns,dc=
> newschool,dc=edu
> cas.authn.ldap[2].dnFormat: cn=%s,ou=Network,dc=tns,dc=
> newschool,dc=edu
>
> 
> ##
> ## LDAP ATTRIBUTE REPOSITORY CONFIGURATION
> 
> ##
> #
> # Collect attributes in the repository on a keep-first-value-found basis;
> # duplicate attributes (even if they have different values) in subsequent
> # sources will be ignored.
> #
> cas.authn.attributeRepository.merger:   ADD
>
>

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread David Curry 
It's a pain in the butt, mostly. :-)

One of these days we're going to consolidate everything into the One True
Active Directory and get rid of the second directory, which will make our
lives easier in all sorts of ways, but that's still somewhere out on the
horizon.

The use of two AD configs just to handle two different OUs is mostly
because there's another OU besides those two that we don't want to
authenticate against, and so this was the simplest (although perhaps not
the most efficient) way to do it.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Feb 8, 2018 at 12:18 PM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> Thanks David,
>
> Thats a bit eye opening, the orders and different authorizing entites.
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> *From: *"David Curry" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 12:13:48 PM
>
> *Subject: *Re: [cas-user] CAS 5.2.x
>
> These could probably be shortened up in a couple of ways by:
>
>- combining the [0] and [2] Active Directory configs, which go against
>different OUs of the same directory (but are otherwise identical), and
>- performing attribute resolution as part of the authentication
>process, which you can do now, but couldn't do in olden days.
>
> On the other hand, there's something to be said for configuring it in a
> way that makes sense to you, and this makes sense to me. And, of course,
> there's the fact that it works. :-)
>
> --Dave
>
> 
> ##
> ## LDAP AUTHENTICATION CONFIGURATION
> 
> ##
> #
> # Active Directory LDAP authentication configuration (regular user
> accounts)
> #
> cas.authn.ldap[0].order:0
> cas.authn.ldap[0].name: Active Directory
> cas.authn.ldap[0].type: AD
> cas.authn.ldap[0].ldapUrl:  ldaps://zuul.newschool.edu
> cas.authn.ldap[0].validatePeriod:   270
> cas.authn.ldap[0].poolPassivator:   NONE
> cas.authn.ldap[0].userFilter:   sAMAccountName={user}
> cas.authn.ldap[0].baseDn:   ou=TNSUsers,dc=tns,dc=
> newschool,dc=edu
> cas.authn.ldap[0].dnFormat: cn=%s,ou=TNSUsers,dc=tns,dc=
> newschool,dc=edu
>
> #
> # Luminis 5 LDAP authentication configuration (all user accounts)
> #
> cas.authn.ldap[1].order:1
> cas.authn.ldap[1].name: Luminis LDAP
> cas.authn.ldap[1].type: AUTHENTICATED
> cas.authn.ldap[1].ldapUrl:  ldaps://janus.newschool.edu
> cas.authn.ldap[1].validatePeriod:   270
> cas.authn.ldap[1].userFilter:   uid={user}
> cas.authn.ldap[1].baseDn:   ou=People,o=cp
> cas.authn.ldap[1].bindDn:   uid=ldap_ssotest,ou=People,o=cp
> cas.authn.ldap[1].bindCredential:   
>
> #
> # Active Directory LDAP authentication configuration (admin user accounts)
> #
> cas.authn.ldap[2].order:2
> cas.authn.ldap[2].name: Active Directory
> cas.authn.ldap[2].type: AD
> cas.authn.ldap[2].ldapUrl:  ldaps://zuul.newschool.edu
> cas.authn.ldap[2].validatePeriod:   270
> cas.authn.ldap[2].poolPassivator:   NONE
> cas.authn.ldap[2].userFilter:   sAMAccountName={user}
> cas.authn.ldap[2].baseDn:   ou=Network,dc=tns,dc=
> newschool,dc=edu
> cas.authn.ldap[2].dnFormat: cn=%s,ou=Network,dc=tns,dc=
> newschool,dc=edu
>
> 
> ##
> ## LDAP ATTRIBUTE REPOSITORY CONFIGURATION
> 
> ##
> #
> # Collect attributes in the repository on a keep-first-value-found basis;
> # duplicate attributes (even if they have different values) in subsequent
> # sources will be ignored.
> #
> cas.authn.attributeRepository.merger:   ADD
>
> #
> # Active Directory LDAP attribute lookup configuration (regular user
> accounts)
> #
> cas.authn.attributeRepository.ldap[0].order:0
> cas.authn.attributeRepository.ldap[0].ldapUrl:  ldaps://
> zuul.newschool.edu
> cas.authn.attributeRep

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
David, 

Thats really interesting actaully. 
Do you incorporate SAML2 proxy delegation in that properties file? 

We are using Shibboleth but plan to drop Shib and use SAML2 in CAS 5. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 12:13:48 PM 
Subject: Re: [cas-user] CAS 5.2.x 

These could probably be shortened up in a couple of ways by: 


* combining the [0] and [2] Active Directory configs, which go against 
different OUs of the same directory (but are otherwise identical), and 
* performing attribute resolution as part of the authentication process, 
which you can do now, but couldn't do in olden days. 

On the other hand, there's something to be said for configuring it in a way 
that makes sense to you, and this makes sense to me. And, of course, there's 
the fact that it works. :-) 

--Dave 

## 
## LDAP AUTHENTICATION CONFIGURATION 
## 
# 
# Active Directory LDAP authentication configuration (regular user accounts) 
# 
cas.authn.ldap[0].order: 0 
cas.authn.ldap[0].name: Active Directory 
cas.authn.ldap[0].type: AD 
cas.authn.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[0].validatePeriod: 270 
cas.authn.ldap[0].poolPassivator: NONE 
cas.authn.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.ldap[0].baseDn: ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[0].dnFormat: cn=%s,ou=TNSUsers,dc=tns,dc=newschool,dc=edu 

# 
# Luminis 5 LDAP authentication configuration (all user accounts) 
# 
cas.authn.ldap[1].order: 1 
cas.authn.ldap[1].name: Luminis LDAP 
cas.authn.ldap[1].type: AUTHENTICATED 
cas.authn.ldap[1].ldapUrl: ldaps:// janus.newschool.edu 
cas.authn.ldap[1].validatePeriod: 270 
cas.authn.ldap[1].userFilter: uid={user} 
cas.authn.ldap[1].baseDn: ou=People,o=cp 
cas.authn.ldap[1].bindDn: uid=ldap_ssotest,ou=People,o=cp 
cas.authn.ldap[1].bindCredential:  

# 
# Active Directory LDAP authentication configuration (admin user accounts) 
# 
cas.authn.ldap[2].order: 2 
cas.authn.ldap[2].name: Active Directory 
cas.authn.ldap[2].type: AD 
cas.authn.ldap[2].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[2].validatePeriod: 270 
cas.authn.ldap[2].poolPassivator: NONE 
cas.authn.ldap[2].userFilter: sAMAccountName={user} 
cas.authn.ldap[2].baseDn: ou=Network,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[2].dnFormat: cn=%s,ou=Network,dc=tns,dc=newschool,dc=edu 

## 
## LDAP ATTRIBUTE REPOSITORY CONFIGURATION 
## 
# 
# Collect attributes in the repository on a keep-first-value-found basis; 
# duplicate attributes (even if they have different values) in subsequent 
# sources will be ignored. 
# 
cas.authn.attributeRepository.merger: ADD 

# 
# Active Directory LDAP attribute lookup configuration (regular user accounts) 
# 
cas.authn.attributeRepository.ldap[0].order: 0 
cas.authn.attributeRepository.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.attributeRepository.ldap[0].validatePeriod: 270 
cas.authn.attributeRepository.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.attributeRepository.ldap[0].baseDn: 
ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[0].bindDn: 
cn=ldap_ssotest,ou=Service,ou=Users,ou=Enterprise 
Support,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[0].bindCredential:  
cas.authn.attributeRepository.ldap[0]. attributes.cn : uid 
cas.authn.attributeRepository.ldap[0].attributes.displayName: displayName 
cas.authn.attributeRepository.ldap[0].attributes.givenName: givenName 
cas.authn.attributeRepository.ldap[0].attributes.mail: mail 
cas.authn.attributeRepository.ldap[0]. attributes.sn : sn 
cas.authn.attributeRepository.ldap[0].attributes.tnsGoogleAppsRole: role 
cas.authn.attributeRepository.ldap[0].attributes.tnsIDNumber: cn 

# 
# Luminis 5 LDAP attribute lookup configuration (all user accounts) 
# 
cas.authn.attributeRepository.ldap[1].order: 1 
cas.authn.attributeRepository.ldap[1].ldapUrl: ldaps:// janus.newschool.edu 
cas.authn.attributeRepository.ldap[1].validatePeriod: 270 
cas.authn.attributeRepository.ldap[1].userFilter: uid={user} 
cas.authn.attributeRepository.ldap[1].baseDn: ou=People,o=cp 
cas.authn.attributeRepository.ldap[1].bindDn: uid=ldap_ssotest,ou=People,o=cp 
cas.authn.attributeRepository.ldap[1].bindCredential:  
cas.authn.attributeRepository.ldap[1]. attributes.cn : cn 
cas.authn.attributeRepository.ldap[1].attributes.displayName: displayName 
cas.authn.attributeRepository.ldap[1].attributes.givenName: givenName 
c

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
Thanks David, 

Thats a bit eye opening, the orders and different authorizing entites. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 12:13:48 PM 
Subject: Re: [cas-user] CAS 5.2.x 

These could probably be shortened up in a couple of ways by: 


* combining the [0] and [2] Active Directory configs, which go against 
different OUs of the same directory (but are otherwise identical), and 
* performing attribute resolution as part of the authentication process, 
which you can do now, but couldn't do in olden days. 

On the other hand, there's something to be said for configuring it in a way 
that makes sense to you, and this makes sense to me. And, of course, there's 
the fact that it works. :-) 

--Dave 

## 
## LDAP AUTHENTICATION CONFIGURATION 
## 
# 
# Active Directory LDAP authentication configuration (regular user accounts) 
# 
cas.authn.ldap[0].order: 0 
cas.authn.ldap[0].name: Active Directory 
cas.authn.ldap[0].type: AD 
cas.authn.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[0].validatePeriod: 270 
cas.authn.ldap[0].poolPassivator: NONE 
cas.authn.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.ldap[0].baseDn: ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[0].dnFormat: cn=%s,ou=TNSUsers,dc=tns,dc=newschool,dc=edu 

# 
# Luminis 5 LDAP authentication configuration (all user accounts) 
# 
cas.authn.ldap[1].order: 1 
cas.authn.ldap[1].name: Luminis LDAP 
cas.authn.ldap[1].type: AUTHENTICATED 
cas.authn.ldap[1].ldapUrl: ldaps:// janus.newschool.edu 
cas.authn.ldap[1].validatePeriod: 270 
cas.authn.ldap[1].userFilter: uid={user} 
cas.authn.ldap[1].baseDn: ou=People,o=cp 
cas.authn.ldap[1].bindDn: uid=ldap_ssotest,ou=People,o=cp 
cas.authn.ldap[1].bindCredential:  

# 
# Active Directory LDAP authentication configuration (admin user accounts) 
# 
cas.authn.ldap[2].order: 2 
cas.authn.ldap[2].name: Active Directory 
cas.authn.ldap[2].type: AD 
cas.authn.ldap[2].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[2].validatePeriod: 270 
cas.authn.ldap[2].poolPassivator: NONE 
cas.authn.ldap[2].userFilter: sAMAccountName={user} 
cas.authn.ldap[2].baseDn: ou=Network,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[2].dnFormat: cn=%s,ou=Network,dc=tns,dc=newschool,dc=edu 

## 
## LDAP ATTRIBUTE REPOSITORY CONFIGURATION 
## 
# 
# Collect attributes in the repository on a keep-first-value-found basis; 
# duplicate attributes (even if they have different values) in subsequent 
# sources will be ignored. 
# 
cas.authn.attributeRepository.merger: ADD 

# 
# Active Directory LDAP attribute lookup configuration (regular user accounts) 
# 
cas.authn.attributeRepository.ldap[0].order: 0 
cas.authn.attributeRepository.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.attributeRepository.ldap[0].validatePeriod: 270 
cas.authn.attributeRepository.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.attributeRepository.ldap[0].baseDn: 
ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[0].bindDn: 
cn=ldap_ssotest,ou=Service,ou=Users,ou=Enterprise 
Support,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[0].bindCredential:  
cas.authn.attributeRepository.ldap[0]. attributes.cn : uid 
cas.authn.attributeRepository.ldap[0].attributes.displayName: displayName 
cas.authn.attributeRepository.ldap[0].attributes.givenName: givenName 
cas.authn.attributeRepository.ldap[0].attributes.mail: mail 
cas.authn.attributeRepository.ldap[0]. attributes.sn : sn 
cas.authn.attributeRepository.ldap[0].attributes.tnsGoogleAppsRole: role 
cas.authn.attributeRepository.ldap[0].attributes.tnsIDNumber: cn 

# 
# Luminis 5 LDAP attribute lookup configuration (all user accounts) 
# 
cas.authn.attributeRepository.ldap[1].order: 1 
cas.authn.attributeRepository.ldap[1].ldapUrl: ldaps:// janus.newschool.edu 
cas.authn.attributeRepository.ldap[1].validatePeriod: 270 
cas.authn.attributeRepository.ldap[1].userFilter: uid={user} 
cas.authn.attributeRepository.ldap[1].baseDn: ou=People,o=cp 
cas.authn.attributeRepository.ldap[1].bindDn: uid=ldap_ssotest,ou=People,o=cp 
cas.authn.attributeRepository.ldap[1].bindCredential:  
cas.authn.attributeRepository.ldap[1]. attributes.cn : cn 
cas.authn.attributeRepository.ldap[1].attributes.displayName: displayName 
cas.authn.attributeRepository.ldap[1].attributes.givenName: givenName 
cas.authn.attributeRepository.ldap[1].attributes.mail: mail 
cas.authn.attributeRep

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread David Curry 
 UDC_IDENTIFIER
cas.authn.attributeRepository.ldap[1].attributes.uid:   uid

#
# Active Directory LDAP attribute lookup configuration (admin user accounts)
#
cas.authn.attributeRepository.ldap[2].order:2
cas.authn.attributeRepository.ldap[2].ldapUrl:  ldaps://
zuul.newschool.edu
cas.authn.attributeRepository.ldap[2].validatePeriod:   270
cas.authn.attributeRepository.ldap[2].userFilter:
 sAMAccountName={user}
cas.authn.attributeRepository.ldap[2].baseDn:
 ou=Network,dc=tns,dc=newschool,dc=edu
cas.authn.attributeRepository.ldap[2].bindDn:
 cn=ldap_ssotest,ou=Service,ou=Users,ou=Enterprise
Support,dc=tns,dc=newschool,dc=edu
cas.authn.attributeRepository.ldap[2].bindCredential:   
cas.authn.attributeRepository.ldap[2].attributes.cn:uid
cas.authn.attributeRepository.ldap[2].attributes.displayName:   displayName
cas.authn.attributeRepository.ldap[2].attributes.givenName: givenName
cas.authn.attributeRepository.ldap[2].attributes.mail:  mail
cas.authn.attributeRepository.ldap[2].attributes.sn:sn




--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Feb 8, 2018 at 11:54 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> David,
>
> Would you be able to share your Cas 5 cas.properties section?
> please make sure and blank out like passwords.
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> *From: *"David Curry" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 11:27:48 AM
>
> *Subject: *Re: [cas-user] CAS 5.2.x
>
>
> I'm afraid Gradle is a complete mystery to me. Hopefully someone else can
> jump in.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
>> David,
>>
>> Unfortunately that did not make a difference when I built the cas.war
>> with gradle.
>> When I used maven I got the same list you have.
>>
>> [root@devcas5 lib]# ll | grep ldap
>> -rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.
>> jar
>> -rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-
>> 5.2.2.jar
>> -rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar
>> -rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar
>> -rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar
>> -rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar
>> -rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar
>> -rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar
>>
>> The bad news is I have to rebuild cas.properties because the maven build
>> wiped it out.
>> Bummer ...
>>
>> Hope this is the issue.
>>
>> Thanks David.
>>
>>
>>
>> ===
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025
>> Cell # 215-301-6571
>>
>> --
>> *From: *"David Curry" 
>> *To: *"cas-user" 
>> *Sent: *Thursday, February 8, 2018 10:49:08 AM
>>
>> *Subject: *Re: [cas-user] CAS 5.2.x
>>
>> Try changing what you have:
>>
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> 
>>
>> to this:
>>
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> ${cas.version}
>> 
>>
>> I'm pretty sure you have to have a version in there, so Maven knows which
>> one to give you.
>>
>> --Dave
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>> +1 212 229-5300 x4728 • dav

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
David, 

Would you be able to share your Cas 5 cas.properties section? 
please make sure and blank out like passwords. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 11:27:48 AM 
Subject: Re: [cas-user] CAS 5.2.x 


I'm afraid Gradle is a complete mystery to me. Hopefully someone else can jump 
in. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:49:08 AM 

Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


and when I build from the same pom.xml but with that dependency removed, here's 
what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


So that tells me (or suggests, anyway) that you should be seeing 

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 

(and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar ). 

Are you building with the Maven overlay? Have you tried deleting your Maven 
cache directory and re-doing the " mvnw clean package "? 

--Dave 





-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Chris Peck 
All we do to build just the cas.war file is run this command in the
directory with the pom.xml file & our src overlay directory:
*mvn clean package*
then it will poop out the warfile in *target/cas.war*

We don't use their scripts.
We keep the pom.xml file & our src overlay directory in git, when we push a
change to our gitlab server it will build the warfile in a docker
container, which then scp's the warfile to our cas servers automagically.
This ensures a clean build environment every time. We don't do
auto-deploy, we then ssh into the cas-servers and do the deploy manually.
Eventually we plan on running CAS in docker, but, since we were under
pressure to get it up version 5 we decided to do that later.
Helpful - or - just more confusing?
Chris


On Thu, Feb 8, 2018 at 11:27 AM David Curry 
wrote:

>
> I'm afraid Gradle is a complete mystery to me. Hopefully someone else can
> jump in.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
> +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
>> David,
>>
>> Unfortunately that did not make a difference when I built the cas.war
>> with gradle.
>> When I used maven I got the same list you have.
>>
>> [root@devcas5 lib]# ll | grep ldap
>> -rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar
>> -rw-r- 1 root root 35536 Feb 8 11:02
>> cas-server-support-ldap-core-5.2.2.jar
>> -rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar
>> -rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar
>> -rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar
>> -rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar
>> -rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar
>> -rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar
>>
>> The bad news is I have to rebuild cas.properties because the maven build
>> wiped it out.
>> Bummer ...
>>
>> Hope this is the issue.
>>
>> Thanks David.
>>
>>
>>
>> ===
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025 <(215)%20400-5025>
>> Cell # 215-301-6571 <(215)%20301-6571>
>>
>> --
>> *From: *"David Curry" 
>> *To: *"cas-user" 
>> *Sent: *Thursday, February 8, 2018 10:49:08 AM
>>
>> *Subject: *Re: [cas-user] CAS 5.2.x
>>
>> Try changing what you have:
>>
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> 
>>
>> to this:
>>
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> ${cas.version}
>> 
>>
>> I'm pretty sure you have to have a version in there, so Maven knows which
>> one to give you.
>>
>> --Dave
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>> +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris <
>> ccheltenham-...@philasd.org> wrote:
>>
>>> David,
>>>
>>> These are my my pom.xml dependencies.
>>> Its funny we are all kind of guessing , that's why we are here I suppose.
>>> I certainly am guessing.
>>>
>>>
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-ldap
>>> 
>>>
>>> 
>>> org.apereo.cas
>>> cas-server-webapp${app.server}
>>> ${cas.version}
>>> war
>>> runtime
>>> 
>>> 
>>>
>>> ===
>>>
>>>
>>> Thank You;
>>>
>>> Chris Cheltenham
>>> Technology Services
>>> The School District of Philadelphia
>>>
>>>

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread David Curry 
I'm afraid Gradle is a complete mystery to me. Hopefully someone else can
jump in.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> David,
>
> Unfortunately that did not make a difference when I built the cas.war with
> gradle.
> When I used maven I got the same list you have.
>
> [root@devcas5 lib]# ll | grep ldap
> -rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar
> -rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-
> 5.2.2.jar
> -rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar
> -rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar
> -rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar
> -rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar
> -rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar
> -rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar
>
> The bad news is I have to rebuild cas.properties because the maven build
> wiped it out.
> Bummer ...
>
> Hope this is the issue.
>
> Thanks David.
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> ----------
> *From: *"David Curry" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 10:49:08 AM
>
> *Subject: *Re: [cas-user] CAS 5.2.x
>
> Try changing what you have:
>
> 
> org.apereo.cas
> cas-server-support-ldap
> 
>
> to this:
>
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
>
> I'm pretty sure you have to have a version in there, so Maven knows which
> one to give you.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
>> David,
>>
>> These are my my pom.xml dependencies.
>> Its funny we are all kind of guessing , that's why we are here I suppose.
>> I certainly am guessing.
>>
>>
>> 
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> 
>>
>> 
>> org.apereo.cas
>> cas-server-webapp${app.server}
>> ${cas.version}
>> war
>> runtime
>> 
>> 
>>
>> ===
>>
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025
>> Cell # 215-301-6571
>>
>> --
>> *From: *"David Curry" 
>> *To: *"cas-user" 
>> *Sent: *Thursday, February 8, 2018 10:18:41 AM
>>
>> *Subject: *Re: [cas-user] CAS 5.2.x
>>
>> I do not see this one:
>>
>> cas-server-support-ldap-5.2.2.jar
>>
>>
>> which, I believe, is the one you need. I don't pretend to be an expert on
>> these things. But when I build from the Maven overlay with this dependency
>> included in pom.xml:
>>
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> ${cas.version}
>> 
>>
>> Here's what I get:
>>
>> WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
>> WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
>> WEB-INF/lib/ldaptive-1.2.3.jar
>> WEB-INF/lib/ldaptive-beans-1.2.3.jar
>> WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
>> WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar
>> WEB-INF/lib/ldaptive-apache-1.2.3.jar
>> WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar
>>
>>
>> and when I build from the same pom.xml but with that dependency removed,
>> here's what I get:
>>
>> WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
>> WEB-INF/lib/ldaptive-apache-1.2.3.jar
>> WEB-INF/lib/ldaptive-beans-1.2.3.jar
>> WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
>> WEB-INF/lib/ldaptive-1.2.

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:49:08 AM 
Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


and when I build from the same pom.xml but with that dependency removed, here's 
what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


So that tells me (or suggests, anyway) that you should be seeing 

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 

(and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar ). 

Are you building with the Maven overlay? Have you tried deleting your Maven 
cache directory and re-doing the " mvnw clean package "? 

--Dave 





-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authenticatio

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread David Curry 
Try changing what you have:


org.apereo.cas
cas-server-support-ldap


to this:


org.apereo.cas
cas-server-support-ldap
${cas.version}


I'm pretty sure you have to have a version in there, so Maven knows which
one to give you.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> David,
>
> These are my my pom.xml dependencies.
> Its funny we are all kind of guessing , that's why we are here I suppose.
> I certainly am guessing.
>
>
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> 
>
> 
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
> 
> 
>
> ===
>
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> ------
> *From: *"David Curry" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 10:18:41 AM
>
> *Subject: *Re: [cas-user] CAS 5.2.x
>
> I do not see this one:
>
> cas-server-support-ldap-5.2.2.jar
>
>
> which, I believe, is the one you need. I don't pretend to be an expert on
> these things. But when I build from the Maven overlay with this dependency
> included in pom.xml:
>
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
>
> Here's what I get:
>
> WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
> WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
> WEB-INF/lib/ldaptive-1.2.3.jar
> WEB-INF/lib/ldaptive-beans-1.2.3.jar
> WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
> WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar
> WEB-INF/lib/ldaptive-apache-1.2.3.jar
> WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar
>
>
> and when I build from the same pom.xml but with that dependency removed,
> here's what I get:
>
> WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
> WEB-INF/lib/ldaptive-apache-1.2.3.jar
> WEB-INF/lib/ldaptive-beans-1.2.3.jar
> WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
> WEB-INF/lib/ldaptive-1.2.3.jar
> WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar
>
>
> So that tells me (or suggests, anyway) that you should be seeing
>
> WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
>
> (and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar).
>
> Are you building with the Maven overlay? Have you tried deleting your
> Maven cache directory and re-doing the "mvnw clean package"?
>
> --Dave
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
>> David,
>>
>> I have the following jars.
>> Is this sufficient for ldap support?
>>
>> [root@devcas5 lib]# pwd
>> /opt/tcat/webapps/cas/WEB-INF/lib
>> [root@devcas5 lib]# ll | grep ldap
>> -rw-r- 1 root root 35536 Jan 26 13:26 cas-server-support-ldap-core-
>> 5.2.2.jar
>> -rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar
>> -rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar
>> -rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar
>> -rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar
>> -rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar
>> [root@devcas5 lib]#
>>
>> My error is this -
>> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
>> support.AbstractUsernamePasswordAuthenticationHandler] - > credential [ccheltenham-ext] eligibility for authentication handler [
>> AcceptUsersAuthenticationHandler]>
>> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
>> support.AbstractUsernamePasswordAuthenticationHandler] - > [ccheltenham-ext] eligibility is [AcceptUsersAuthenticationHandler] for
>> authentication handler [true]>
>> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.handler.
>> support.AbstractUsernamePasswordAuthenticationHandler] - > encode cred

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Man H 
I mean startup log and relevant log relating connection to LDAP. there is a
constant poll to ldap looged

2018-02-08 12:41 GMT-03:00 Cheltenham, Chris :

> Man,
>
> Here is the debug info and the error.
>
> [root@devcas5 logs]# tail catalina.out
> 2018-02-08 10:08:50,014 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] -  [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]:
> PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
> 2018-02-08 10:08:50,014 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] -  [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]:
> PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
> 2018-02-08 10:08:50,014 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-02-08 10:08:50,014 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-02-08 10:08:50,014 INFO 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - <[0] expired tickets removed.>
> 2018-02-08 10:08:50,014 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-02-08 10:08:50,014 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-02-08 10:08:50,014 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] - 
> 2018-02-08 10:08:50,014 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] -  completion of inner transaction>
> 2018-02-08 10:08:50,014 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] - 
> [root@devcas5 logs]# cat catalina.out | grep ccheltenham
> 2018-02-08 10:08:40,992 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  credential [ccheltenham-ext] eligibility for authentication handler [
> AcceptUsersAuthenticationHandler]>
> 2018-02-08 10:08:40,992 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  [ccheltenham-ext] eligibility is [AcceptUsersAuthenticationHandler] for
> authentication handler [true]>
> 2018-02-08 10:08:40,993 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  encode credential password via [org.springframework.security.
> crypto.password.NoOpPasswordEncoder] for ccheltenham-ext]>
> 2018-02-08 10:08:40,993 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  authentication internally for transformed credential [ccheltenham-ext]>
> 2018-02-08 10:08:40,993 DEBUG [org.apereo.cas.authentication.
> AcceptUsersAuthenticationHandler] - <[ccheltenham-ext] was not found in
> the map.>
> 2018-02-08 10:08:40,993 DEBUG [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] - <[AcceptUsersAuthenticationHandler]
> exception details: [ccheltenham-ext not found in backing map.].>
> 2018-02-08 10:08:40,994 ERROR [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] -  Credentials may be incorrect or CAS cannot find authentication handler that
> supports [ccheltenham-ext] of type [UsernamePasswordCredential].>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> *From: *"Man H" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 10:37:01 AM
>
> *Subject: *Re: [cas-user] CAS 5.2.x
>
> With debug you can see if cas gets connected to Ldap
>
> 2018-02-08 12:27 GMT-03:00 Cheltenham, Chris 
> :
>
>> Man,
>>
>> The basedn is correct in cas.properties.
>>
>>
>> This search returns data so you can see the base dn.
>> ldapsearch -H "ldaps://testldap.philasd.net" -x -w 'x' -LLL -b
>> "dc=philasd,dc=org" -D "uid=shibauth,ou=svc_accts,dc=philasd,dc=org"
>> "uid=ccheltenham-ext"
>>
>>
>> [root@devcas5 config]# cat cas.properties | grep basedn
>> [root@devcas5 config]# cat cas.properties | grep -i basedn
>> *cas.authn.ldap[0].baseDn=dc=philasd,dc=org*
>>
>> ===
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025
>> Cell # 215-301-6571
>>
>> --
>> *From: *"Man H" 
>> *To: *"cas-user" 
>> *Sent: *Thursday, February 8, 2018 10:17:57 AM
&

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
Man, 

Here is the debug info and the error. 

[root@devcas5 logs]# tail catalina.out 
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 INFO 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired 
tickets removed.> 
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
[root@devcas5 logs]# cat catalina.out | grep ccheltenham 
2018-02-08 10:08:40,992 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,992 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-08 10:08:40,994 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 



=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Man H"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:37:01 AM 
Subject: Re: [cas-user] CAS 5.2.x 

With debug you can see if cas gets connected to Ldap 

2018-02-08 12:27 GMT-03:00 Cheltenham, Chris < ccheltenham-...@philasd.org > : 



Man, 

The basedn is correct in cas.properties. 


This search returns data so you can see the base dn. 
ldapsearch -H "ldaps:// testldap.philasd.net " -x -w 'x' -LLL -b 
"dc=philasd,dc=org" -D "uid=shibauth,ou=svc_accts,dc=philasd,dc=org" 
"uid=ccheltenham-ext" 


[root@devcas5 config]# cat cas.properties | grep basedn 
[root@devcas5 config]# cat cas.properties | grep -i basedn 
cas.authn.ldap[0].baseDn=dc=philasd,dc=org 



=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Man H" < info.ings...@gmail.com > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:17:57 AM 

Subject: Re: [cas-user] CAS 5.2.x 

this is an Ldap error check your properties probably baseDn 

2018-02-08 12:00 GMT-03:00 Cheltenham, Chris < ccheltenham-...@philasd.org > : 

BQ_BEGIN

David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthent

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Man H 
With debug you can see if cas gets connected to Ldap

2018-02-08 12:27 GMT-03:00 Cheltenham, Chris :

> Man,
>
> The basedn is correct in cas.properties.
>
>
> This search returns data so you can see the base dn.
> ldapsearch -H "ldaps://testldap.philasd.net" -x -w 'x' -LLL -b
> "dc=philasd,dc=org" -D "uid=shibauth,ou=svc_accts,dc=philasd,dc=org"
> "uid=ccheltenham-ext"
>
>
> [root@devcas5 config]# cat cas.properties | grep basedn
> [root@devcas5 config]# cat cas.properties | grep -i basedn
> *cas.authn.ldap[0].baseDn=dc=philasd,dc=org*
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> ------------------
> *From: *"Man H" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 10:17:57 AM
>
> *Subject: *Re: [cas-user] CAS 5.2.x
>
> this is an Ldap error check your properties probably baseDn
>
> 2018-02-08 12:00 GMT-03:00 Cheltenham, Chris 
> :
>
>> David,
>>
>> I have the following jars.
>> Is this sufficient for ldap support?
>>
>> [root@devcas5 lib]# pwd
>> /opt/tcat/webapps/cas/WEB-INF/lib
>> [root@devcas5 lib]# ll | grep ldap
>> -rw-r- 1 root root 35536 Jan 26 13:26 cas-server-support-ldap-core-
>> 5.2.2.jar
>> -rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar
>> -rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar
>> -rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar
>> -rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar
>> -rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar
>> [root@devcas5 lib]#
>>
>> My error is this -
>> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
>> support.AbstractUsernamePasswordAuthenticationHandler] - > credential [ccheltenham-ext] eligibility for authentication handler [
>> AcceptUsersAuthenticationHandler]>
>> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
>> support.AbstractUsernamePasswordAuthenticationHandler] - > [ccheltenham-ext] eligibility is [AcceptUsersAuthenticationHandler] for
>> authentication handler [true]>
>> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.handler.
>> support.AbstractUsernamePasswordAuthenticationHandler] - > encode credential password via [org.springframework.security.
>> crypto.password.NoOpPasswordEncoder] for ccheltenham-ext]>
>> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.handler.
>> support.AbstractUsernamePasswordAuthenticationHandler] - > authentication internally for transformed credential [ccheltenham-ext]>
>> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.
>> AcceptUsersAuthenticationHandler] - <[ccheltenham-ext] was not found in
>> the map.>
>> 2018-02-07 15:28:16,452 DEBUG [org.apereo.cas.authentication.
>> PolicyBasedAuthenticationManager] - <[AcceptUsersAuthenticationHandler]
>> exception details: [ccheltenham-ext not found in backing map.].>
>> 2018-02-07 15:28:16,452 ERROR [org.apereo.cas.authentication.
>> PolicyBasedAuthenticationManager] - > Credentials may be incorrect or CAS cannot find authentication handler that
>> supports [ccheltenham-ext] of type [UsernamePasswordCredential].>
>>
>> ===
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025
>> Cell # 215-301-6571
>>
>> --
>> *From: *"David Curry" 
>> *To: *"cas-user" 
>> *Sent: *Thursday, February 8, 2018 7:54:21 AM
>> *Subject: *Re: [cas-user] CAS 5.2.x
>>
>>
>> $ jar tvf cas.war | grep ldap
>> WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
>> WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
>> WEB-INF/lib/ldaptive-1.2.3.jar
>> WEB-INF/lib/ldaptive-beans-1.2.3.jar
>> WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
>> WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar
>> WEB-INF/lib/ldaptive-apache-1.2.3.jar
>> WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar
>> $
>>
>> The cas-server-support-ldap-5.2.2.jar is the one you're looking for.
>>
>> --Dave
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> <https://map

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
Man, 

The basedn is correct in cas.properties. 


This search returns data so you can see the base dn. 
ldapsearch -H "ldaps://testldap.philasd.net" -x -w 'x' -LLL -b 
"dc=philasd,dc=org" -D "uid=shibauth,ou=svc_accts,dc=philasd,dc=org" 
"uid=ccheltenham-ext" 


[root@devcas5 config]# cat cas.properties | grep basedn 
[root@devcas5 config]# cat cas.properties | grep -i basedn 
cas.authn.ldap[0].baseDn=dc=philasd,dc=org 



=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Man H"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:17:57 AM 
Subject: Re: [cas-user] CAS 5.2.x 

this is an Ldap error check your properties probably baseDn 

2018-02-08 12:00 GMT-03:00 Cheltenham, Chris < ccheltenham-...@philasd.org > : 



David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-07 15:28:16,452 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@philasd.org 
> wrote: 

BQ_BEGIN

Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org
 . 






-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Comm

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:18:41 AM 
Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 




cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


and when I build from the same pom.xml but with that dependency removed, here's 
what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


So that tells me (or suggests, anyway) that you should be seeing 

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 

(and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar ). 

Are you building with the Maven overlay? Have you tried deleting your Maven 
cache directory and re-doing the " mvnw clean package "? 

--Dave 





-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-07 15:28:16,452 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@phila

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread David Curry 
I do not see this one:

cas-server-support-ldap-5.2.2.jar


which, I believe, is the one you need. I don't pretend to be an expert on
these things. But when I build from the Maven overlay with this dependency
included in pom.xml:


org.apereo.cas
cas-server-support-ldap
${cas.version}


Here's what I get:

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
WEB-INF/lib/ldaptive-1.2.3.jar
WEB-INF/lib/ldaptive-beans-1.2.3.jar
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar
WEB-INF/lib/ldaptive-apache-1.2.3.jar
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar


and when I build from the same pom.xml but with that dependency removed,
here's what I get:

WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
WEB-INF/lib/ldaptive-apache-1.2.3.jar
WEB-INF/lib/ldaptive-beans-1.2.3.jar
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
WEB-INF/lib/ldaptive-1.2.3.jar
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar


So that tells me (or suggests, anyway) that you should be seeing

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar

(and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar).

Are you building with the Maven overlay? Have you tried deleting your Maven
cache directory and re-doing the "mvnw clean package"?

--Dave



--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> David,
>
> I have the following jars.
> Is this sufficient for ldap support?
>
> [root@devcas5 lib]# pwd
> /opt/tcat/webapps/cas/WEB-INF/lib
> [root@devcas5 lib]# ll | grep ldap
> -rw-r- 1 root root 35536 Jan 26 13:26 cas-server-support-ldap-core-
> 5.2.2.jar
> -rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar
> -rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar
> -rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar
> -rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar
> -rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar
> [root@devcas5 lib]#
>
> My error is this -
> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  credential [ccheltenham-ext] eligibility for authentication handler [
> AcceptUsersAuthenticationHandler]>
> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  [ccheltenham-ext] eligibility is [AcceptUsersAuthenticationHandler] for
> authentication handler [true]>
> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  encode credential password via [org.springframework.security.
> crypto.password.NoOpPasswordEncoder] for ccheltenham-ext]>
> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  authentication internally for transformed credential [ccheltenham-ext]>
> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.
> AcceptUsersAuthenticationHandler] - <[ccheltenham-ext] was not found in
> the map.>
> 2018-02-07 15:28:16,452 DEBUG [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] - <[AcceptUsersAuthenticationHandler]
> exception details: [ccheltenham-ext not found in backing map.].>
> 2018-02-07 15:28:16,452 ERROR [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] -  Credentials may be incorrect or CAS cannot find authentication handler that
> supports [ccheltenham-ext] of type [UsernamePasswordCredential].>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> *From: *"David Curry" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 7:54:21 AM
> *Subject: *Re: [cas-user] CAS 5.2.x
>
>
> $ jar tvf cas.war | grep ldap
> WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
> WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
> WEB-INF/lib/ldaptive-1.2.3.jar
> WEB-INF/lib/ldaptive-beans-1.2.3.jar
> WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
> WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar
> WEB-INF/lib/ldaptive-apache-1.2.3.jar
> WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar
> $
>
> The cas-server-support-ldap-5.2.2.jar is the one you're looking for.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMAT

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Man H 
this is an Ldap error check your properties probably baseDn

2018-02-08 12:00 GMT-03:00 Cheltenham, Chris :

> David,
>
> I have the following jars.
> Is this sufficient for ldap support?
>
> [root@devcas5 lib]# pwd
> /opt/tcat/webapps/cas/WEB-INF/lib
> [root@devcas5 lib]# ll | grep ldap
> -rw-r- 1 root root 35536 Jan 26 13:26 cas-server-support-ldap-core-
> 5.2.2.jar
> -rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar
> -rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar
> -rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar
> -rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar
> -rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar
> [root@devcas5 lib]#
>
> My error is this -
> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  credential [ccheltenham-ext] eligibility for authentication handler [
> AcceptUsersAuthenticationHandler]>
> 2018-02-07 15:28:16,450 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  [ccheltenham-ext] eligibility is [AcceptUsersAuthenticationHandler] for
> authentication handler [true]>
> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  encode credential password via [org.springframework.security.
> crypto.password.NoOpPasswordEncoder] for ccheltenham-ext]>
> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  authentication internally for transformed credential [ccheltenham-ext]>
> 2018-02-07 15:28:16,451 DEBUG [org.apereo.cas.authentication.
> AcceptUsersAuthenticationHandler] - <[ccheltenham-ext] was not found in
> the map.>
> 2018-02-07 15:28:16,452 DEBUG [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] - <[AcceptUsersAuthenticationHandler]
> exception details: [ccheltenham-ext not found in backing map.].>
> 2018-02-07 15:28:16,452 ERROR [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] -  Credentials may be incorrect or CAS cannot find authentication handler that
> supports [ccheltenham-ext] of type [UsernamePasswordCredential].>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> *From: *"David Curry" 
> *To: *"cas-user" 
> *Sent: *Thursday, February 8, 2018 7:54:21 AM
> *Subject: *Re: [cas-user] CAS 5.2.x
>
>
> $ jar tvf cas.war | grep ldap
> WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
> WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
> WEB-INF/lib/ldaptive-1.2.3.jar
> WEB-INF/lib/ldaptive-beans-1.2.3.jar
> WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
> WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar
> WEB-INF/lib/ldaptive-apache-1.2.3.jar
> WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar
> $
>
> The cas-server-support-ldap-5.2.2.jar is the one you're looking for.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
>> Hello folks,
>>
>> I think I have been confusing everyone with too much incongruent
>> information.
>>
>> If I may I will ask things in a more logical manner.
>>
>> I an still not able to connect with CAS 5 via LDAP.
>>
>> My first question is , how do I know the ldap dependency was built into
>> the cas.war file?
>>
>>
>>
>>
>>
>> ===
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025
>> Cell # 215-301-6571
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-07 15:28:16,452 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@philasd.org 
> wrote: 



Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org
 . 






-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANEt0K3ugKG7O5%3DT9p5C8%3DsVOnqsz50xuU0wrfmkFg7mg%40mail.gmail.com
 . 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/642964186.44524329.1518102001703.JavaMail.zimbra%40philasd.org.

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 

David, 

Thank You !! 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@philasd.org 
> wrote: 



Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org
 . 






-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANEt0K3ugKG7O5%3DT9p5C8%3DsVOnqsz50xuU0wrfmkFg7mg%40mail.gmail.com
 . 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7875795.44497543.1518095082367.JavaMail.zimbra%40philasd.org.

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread David Curry 
$ jar tvf cas.war | grep ldap
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar
WEB-INF/lib/ldaptive-1.2.3.jar
WEB-INF/lib/ldaptive-beans-1.2.3.jar
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar
WEB-INF/lib/ldaptive-apache-1.2.3.jar
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar
$

The cas-server-support-ldap-5.2.2.jar is the one you're looking for.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> Hello folks,
>
> I think I have been confusing everyone with too much incongruent
> information.
>
> If I may I will ask things in a more logical manner.
>
> I an still not able to connect with CAS 5 via LDAP.
>
> My first question is , how do I know the ldap dependency was built into
> the cas.war file?
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/341032203.44492473.
> 1518092860963.JavaMail.zimbra%40philasd.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANEt0K3ugKG7O5%3DT9p5C8%3DsVOnqsz50xuU0wrfmkFg7mg%40mail.gmail.com.

Re: [cas-user] CAS 5.2.x

2018-02-08 Thread Uxío Prego 
If you are using UNIX-like, do:

$ 7z l cas_without_ldap_support.war >cas_without_ldap_support_listing
$ 7z l cas_supposedly_with_ldap_support.war
>cas_supposedly_with_ldap_support_listing
$ diff cas_*_listing
> [...]ldap[...]
$ _

If you are not, you can easily get a Cygwin equivalent of that.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-02-08 12:27 GMT+00:00 Cheltenham, Chris :

> Hello folks,
>
> I think I have been confusing everyone with too much incongruent
> information.
>
> If I may I will ask things in a more logical manner.
>
> I an still not able to connect with CAS 5 via LDAP.
>
> My first question is , how do I know the ldap dependency was built into
> the cas.war file?
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025 <(215)%20400-5025>
> Cell # 215-301-6571 <(215)%20301-6571>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/341032203.44492473.
> 1518092860963.JavaMail.zimbra%40philasd.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYmBy%2Bd1jyLqm8m%2BDnf9_ZQ7FP2K19TYrC%2BSaYOxuFG2g%40mail.gmail.com.

[cas-user] CAS 5.2.x

2018-02-08 Thread Cheltenham, Chris 
Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org.

Re: [cas-user] CAS 5.2.x Password management

2018-02-06 Thread Man H 
That is only achieved through extending CA's functionality which means
development.
This could be an enhancement for future versions if Cas people agree its
worth.

El martes, 6 de febrero de 2018, casuser 
escribió:

> thanks for the answer but I am not sure how to do that?  is there any
> example that I can follow?
>
> _Fazla
>
> On Tuesday, February 6, 2018 at 10:41:40 AM UTC+8, Manfredo Hopp wrote:
>>
>> I think this would be posible only if you include pm properties as part
>> of LDAP properties
>>
>> El lunes, 5 de febrero de 2018, casuser  escribió:
>>
>>> How to set a LDAP password management for 2 different OU's? Using the
>>> current documentation password management can be configured for one OU and
>>> it works. but like the authentication there is an option LDAP[0], LDAP[1]
>>> there is no such option for password management. So the authentication
>>> works for both the OU's but only one can be configured for password
>>> management that is the reset password and other password management, How to
>>> implement that ?
>>>
>>> example for AD 1
>>>
>>> cas.authn.ldap[0].type=AD
>>>
>>> example for AD 2
>>> cas.authn.ldap[1].type=AD
>>>
>>> Password Management
>>>
>>> cas.authn.pm.ldap.type=AD
>>>
>>>
>>> Thanks in advance
>>>
>>> -Fazla
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/f88bead1-793f-48b6-8233-2c45ca51e5
>>> a9%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/075d9a8f-1e57-4475-8e8c-
> 3e49912e6448%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midiedx8u2%2BxFCi3vQkJP%3DbmfwbN3vK6ZCdYrPNCbAS-7Q%40mail.gmail.com.

Re: [cas-user] CAS 5.2.x Password management

2018-02-05 Thread casuser 
thanks for the answer but I am not sure how to do that?  is there any 
example that I can follow?

_Fazla

On Tuesday, February 6, 2018 at 10:41:40 AM UTC+8, Manfredo Hopp wrote:
>
> I think this would be posible only if you include pm properties as part of 
> LDAP properties
>
> El lunes, 5 de febrero de 2018, casuser  > escribió:
>
>> How to set a LDAP password management for 2 different OU's? Using the 
>> current documentation password management can be configured for one OU and 
>> it works. but like the authentication there is an option LDAP[0], LDAP[1] 
>> there is no such option for password management. So the authentication 
>> works for both the OU's but only one can be configured for password 
>> management that is the reset password and other password management, How to 
>> implement that ?
>>
>> example for AD 1
>>
>> cas.authn.ldap[0].type=AD
>>
>> example for AD 2
>> cas.authn.ldap[1].type=AD 
>>
>> Password Management 
>>
>> cas.authn.pm.ldap.type=AD
>>
>>
>> Thanks in advance
>>
>> -Fazla
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f88bead1-793f-48b6-8233-2c45ca51e5a9%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/075d9a8f-1e57-4475-8e8c-3e49912e6448%40apereo.org.

Re: [cas-user] CAS 5.2.x Password management

2018-02-05 Thread Man H 
I think this would be posible only if you include pm properties as part of
LDAP properties

El lunes, 5 de febrero de 2018, casuser 
escribió:

> How to set a LDAP password management for 2 different OU's? Using the
> current documentation password management can be configured for one OU and
> it works. but like the authentication there is an option LDAP[0], LDAP[1]
> there is no such option for password management. So the authentication
> works for both the OU's but only one can be configured for password
> management that is the reset password and other password management, How to
> implement that ?
>
> example for AD 1
>
> cas.authn.ldap[0].type=AD
>
> example for AD 2
> cas.authn.ldap[1].type=AD
>
> Password Management
>
> cas.authn.pm.ldap.type=AD
>
>
> Thanks in advance
>
> -Fazla
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/f88bead1-793f-48b6-8233-
> 2c45ca51e5a9%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif7ZT3AVs1QAcg_-g60y54q2iU5VPcscV54_buvdRjExA%40mail.gmail.com.

[cas-user] CAS 5.2.x Password management

2018-02-05 Thread casuser 
How to set a LDAP password management for 2 different OU's? Using the 
current documentation password management can be configured for one OU and 
it works. but like the authentication there is an option LDAP[0], LDAP[1] 
there is no such option for password management. So the authentication 
works for both the OU's but only one can be configured for password 
management that is the reset password and other password management, How to 
implement that ?

example for AD 1

cas.authn.ldap[0].type=AD

example for AD 2
cas.authn.ldap[1].type=AD 

Password Management 

cas.authn.pm.ldap.type=AD


Thanks in advance

-Fazla

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f88bead1-793f-48b6-8233-2c45ca51e5a9%40apereo.org.

Re: [cas-user] CAS 5.2.x

2018-02-05 Thread David Curry 
To be fair, I probably find Maven slightly easier because it's what I
started with (Jasig's CAS 3.5.x tutorial used Maven). But honestly, while
it's not a complete black box to me any more, it's still a pretty dark gray
one. :-)

If starting from scratch, Unicon is probably right that learning Gradle
makes more sense, since it's what the developers principally use.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Mon, Feb 5, 2018 at 2:08 PM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> David,
>
>
>
> I am using gradle because Unicon told me it is the preferred build tool.
>
> Our management wants me to use what Unicon suggests because we pay for
> their support.
>
> However I realize they support both.
>
> In actuality I want to know how to build with either in case one is
> problematic.
>
>
>
> I appreciate your help and I will read your overlay tomorrow.
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David
> Curry
> *Sent:* Monday, February 5, 2018 1:57 PM
>
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] CAS 5.2.x
>
>
>
> Chris,
>
>
>
> Are you using the Gradle overlay because you need to, or because you don't
> know which one to use. IMHO, unless you're going to be building CAS from
> source, the Maven overlay is easier to work with if you're not familiar
> with either tool.
>
>
>
> If you use the Maven overlay (https://github.com/apereo/
> cas-overlay-template), then you'd add the  lines Man provided
> to the  section of pom.xml (around line 69) so that you end
> up with something like this:
>
> **
>
> **
>
> **org.apereo.cas**
>
> **cas-server-webapp${app.server}**
>
> **${cas.version}**
>
> **war**
>
> **runtime**
>
> **
>
> **
>
> **org.apereo.cas**
>
> **cas-server-support-json-service-registry**
>
> **${cas.version}**
>
> **
>
> **
>
> **org.apereo.cas**
>
> **cas-server-support-ldap**
>
> **${cas.version}**
>
> **
>
> **
>
> Then re-build the WAR file with
>
>
>
> ./mvnw clean package
>
>
>
> If you're not a developer (I'm not a Java developer either), you might
> find the documentation I've been assembling helpful. It's not official, and
> it's certainly not the only way to do things, but it's one step at a time
> and full of examples...
>
>
>
> https://dacurry-tns.github.io/deploying-apereo-cas/
> introduction_overview.html
>
>
>
> --Dave
>
>
>
>
>
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Mon, Feb 5, 2018 at 1:40 PM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
> Man,
>
>
>
> Are you saying the dependency goes into build.gradle?
>
>
>
> See the problem with CAS documentation, if you are not a developer, you
> don’t know what anyone is talking about.
>
> So I apologize if I am asking rudimentary questions.
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Man
> H
> *Sent:* Monday, February 5, 2018 1:38 PM
>
>
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] CAS 5.2.x
>
>
>
> dee https://github.com/apereo/cas-gradle-overlay-template
>
>
>
> CAS modules may be specified under the dependencies block of the CAS
> subproject
> <https://github.com/apereo/cas-gradle-overlay-template/blob/master/cas/build.gradle>
> :
>
> dependencies {
>
> compile 
> "org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}@war"
>
> compile "org.apereo.cas:cas-server-some-module:${pr

RE: [cas-user] CAS 5.2.x

2018-02-05 Thread Cheltenham, Chris 
David,



I am using gradle because Unicon told me it is the preferred build tool.

Our management wants me to use what Unicon suggests because we pay for their 
support.

However I realize they support both.

In actuality I want to know how to build with either in case one is 
problematic.



I appreciate your help and I will read your overlay tomorrow.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Monday, February 5, 2018 1:57 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 5.2.x



Chris,



Are you using the Gradle overlay because you need to, or because you don't 
know which one to use. IMHO, unless you're going to be building CAS from 
source, the Maven overlay is easier to work with if you're not familiar with 
either tool.



If you use the Maven overlay 
(https://github.com/apereo/cas-overlay-template), then you'd add the 
 lines Man provided to the  section of pom.xml 
(around line 69) so that you end up with something like this:



org.apereo.cas
cas-server-webapp${app.server}
${cas.version}
war
runtime


org.apereo.cas
cas-server-support-json-service-registry
${cas.version}


org.apereo.cas
cas-server-support-ldap
${cas.version}



Then re-build the WAR file with



./mvnw clean package



If you're not a developer (I'm not a Java developer either), you might find 
the documentation I've been assembling helpful. It's not official, and it's 
certainly not the only way to do things, but it's one step at a time and 
full of examples...



https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html



--Dave








--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 5, 2018 at 1:40 PM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Man,



Are you saying the dependency goes into build.gradle?



See the problem with CAS documentation, if you are not a developer, you don’t 
know what anyone is talking about.

So I apologize if I am asking rudimentary questions.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Monday, February 5, 2018 1:38 PM


To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS 5.2.x



dee https://github.com/apereo/cas-gradle-overlay-template



CAS modules may be specified under the dependencies block of the CAS 
subproject 
<https://github.com/apereo/cas-gradle-overlay-template/blob/master/cas/build.gradle>
 
:

dependencies {
compile 
"org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}@war"
compile "org.apereo.cas:cas-server-some-module:${project.'cas.version'}"
...
}





2018-02-05 15:31 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:

Thanks I get that.



But to what and where.



I in the cas-gradle-overlay-template-master

There’s not pom.xml in the git repo I cloned.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Monday, February 5, 2018 1:21 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS 5.2.x



just add

org.apereo.cas
cas-server-support-ldap




2018-02-05 15:14 GMT-03:00 Chris Cheltenham mailto:ccheltenham-...@philasd.org> >:

Hello,

I am not understanding how to bundle the LDAP authentication handler into 
the cas.war file.

Any suggestions?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.o

Re: [cas-user] CAS 5.2.x

2018-02-05 Thread David Curry 
Chris,

Are you using the Gradle overlay because you need to, or because you don't
know which one to use. IMHO, unless you're going to be building CAS from
source, the Maven overlay is easier to work with if you're not familiar
with either tool.

If you use the Maven overlay (https://github.com/apereo/cas-overlay-template),
then you'd add the  lines Man provided to the 
section of pom.xml (around line 69) so that you end up with something like
this:



org.apereo.cas
cas-server-webapp${app.server}
${cas.version}
war
runtime


org.apereo.cas
cas-server-support-json-service-registry
${cas.version}


org.apereo.cas
cas-server-support-ldap
${cas.version}


Then re-build the WAR file with

./mvnw clean package


If you're not a developer (I'm not a Java developer either), you might find
the documentation I've been assembling helpful. It's not official, and it's
certainly not the only way to do things, but it's one step at a time and
full of examples...

https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html


--Dave



--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Mon, Feb 5, 2018 at 1:40 PM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:

> Man,
>
>
>
> Are you saying the dependency goes into build.gradle?
>
>
>
> See the problem with CAS documentation, if you are not a developer, you
> don’t know what anyone is talking about.
>
> So I apologize if I am asking rudimentary questions.
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Man
> H
> *Sent:* Monday, February 5, 2018 1:38 PM
>
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] CAS 5.2.x
>
>
>
> dee https://github.com/apereo/cas-gradle-overlay-template
>
>
>
> CAS modules may be specified under the dependencies block of the CAS
> subproject
> <https://github.com/apereo/cas-gradle-overlay-template/blob/master/cas/build.gradle>
> :
>
> dependencies {
>
> compile 
> "org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}@war"
>
> compile "org.apereo.cas:cas-server-some-module:${project.'cas.version'}"
>
> ...
>
> }
>
>
>
>
>
> 2018-02-05 15:31 GMT-03:00 Cheltenham, Chris  >:
>
> Thanks I get that.
>
>
>
> But to what and where.
>
>
>
> I in the cas-gradle-overlay-template-master
>
> There’s not pom.xml in the git repo I cloned.
>
>
>
>
>
>
>
> ===========
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Man
> H
> *Sent:* Monday, February 5, 2018 1:21 PM
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] CAS 5.2.x
>
>
>
> just add
> 
> org.apereo.cas
> cas-server-support-ldap
> 
>
>
>
> 2018-02-05 15:14 GMT-03:00 Chris Cheltenham :
>
> Hello,
>
> I am not understanding how to bundle the LDAP authentication handler into
> the cas.war file.
>
> Any suggestions?
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-
> ea7162e43678%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.

RE: [cas-user] CAS 5.2.x

2018-02-05 Thread Cheltenham, Chris 
Man,



Are you saying the dependency goes into build.gradle?



See the problem with CAS documentation, if you are not a developer, you don’t 
know what anyone is talking about.

So I apologize if I am asking rudimentary questions.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Monday, February 5, 2018 1:38 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 5.2.x



dee https://github.com/apereo/cas-gradle-overlay-template



CAS modules may be specified under the dependencies block of the CAS 
subproject 
<https://github.com/apereo/cas-gradle-overlay-template/blob/master/cas/build.gradle>
 
:

dependencies {
compile 
"org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}@war"
compile "org.apereo.cas:cas-server-some-module:${project.'cas.version'}"
...
}





2018-02-05 15:31 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:

Thanks I get that.



But to what and where.



I in the cas-gradle-overlay-template-master

There’s not pom.xml in the git repo I cloned.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Monday, February 5, 2018 1:21 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS 5.2.x



just add

org.apereo.cas
cas-server-support-ldap




2018-02-05 15:14 GMT-03:00 Chris Cheltenham mailto:ccheltenham-...@philasd.org> >:

Hello,

I am not understanding how to bundle the LDAP authentication handler into 
the cas.war file.

Any suggestions?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .

To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%24c3186b30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%24c3186b30%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mierN2xc_dVMM1h8%3D5GwK-6%2Bb3gydqMHNe84hOCABEBCUg%40mail.gmail.com
 
<https://groups.go

Re: [cas-user] CAS 5.2.x

2018-02-05 Thread Man H 
dee https://github.com/apereo/cas-gradle-overlay-template


CAS modules may be specified under the dependencies block of the CAS
subproject
<https://github.com/apereo/cas-gradle-overlay-template/blob/master/cas/build.gradle>
:

dependencies {
compile 
"org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}@war"
compile "org.apereo.cas:cas-server-some-module:${project.'cas.version'}"
...
}



2018-02-05 15:31 GMT-03:00 Cheltenham, Chris :

> Thanks I get that.
>
>
>
> But to what and where.
>
>
>
> I in the cas-gradle-overlay-template-master
>
> There’s not pom.xml in the git repo I cloned.
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Man
> H
> *Sent:* Monday, February 5, 2018 1:21 PM
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] CAS 5.2.x
>
>
>
> just add
> 
> org.apereo.cas
> cas-server-support-ldap
> 
>
>
>
> 2018-02-05 15:14 GMT-03:00 Chris Cheltenham :
>
> Hello,
>
> I am not understanding how to bundle the LDAP authentication handler into
> the cas.war file.
>
> Any suggestions?
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-
> ea7162e43678%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%
> 2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%
> 24c3186b30%24%40philasd.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%24c3186b30%24%40philasd.org?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mierN2xc_dVMM1h8%3D5GwK-6%2Bb3gydqMHNe84hOCABEBCUg%40mail.gmail.com.

RE: [cas-user] CAS 5.2.x

2018-02-05 Thread Cheltenham, Chris 
Thanks I get that.



But to what and where.



I in the cas-gradle-overlay-template-master

There’s not pom.xml in the git repo I cloned.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Monday, February 5, 2018 1:21 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 5.2.x



just add

org.apereo.cas
cas-server-support-ldap




2018-02-05 15:14 GMT-03:00 Chris Cheltenham mailto:ccheltenham-...@philasd.org> >:

Hello,

I am not understanding how to bundle the LDAP authentication handler into 
the cas.war file.

Any suggestions?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%24c3186b30%24%40philasd.org.

Re: [cas-user] CAS 5.2.x

2018-02-05 Thread Man H 
just add

org.apereo.cas
cas-server-support-ldap


2018-02-05 15:14 GMT-03:00 Chris Cheltenham :

> Hello,
>
> I am not understanding how to bundle the LDAP authentication handler into
> the cas.war file.
>
> Any suggestions?
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-
> ea7162e43678%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com.

[cas-user] CAS 5.2.x

2018-02-05 Thread Chris Cheltenham 
Hello,

I am not understanding how to bundle the LDAP authentication handler into 
the cas.war file.

Any suggestions?
 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org.

[cas-user] CAS 5.2.X service theme workaround

2018-01-07 Thread BinSys 


"theme" : "classpath:apereo",



The solution is very simple, add “classpath:” as theme name prefix.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/217fdb2c-ff76-4928-8f0f-0707230217c4%40apereo.org.