Re: Re[cas-user] direction (?) loop of Granting service ticket
Hi Marvin,
I gave a look at the phpCAS examples and it's funny.
The phpCAS methods have no explicit call of any of the certificate
dealing functions.
So I just added a
phpCAS::setNoCasServerValidation();
immediately before of the call to:
if (phpCAS::checkAuthentication()) {
$frm-username=phpCAS::getUser();
// if (phpCAS::getUser()=='esup9992')
// $frm-username='erhar0062';
$frm-password=passwdCas;
return;
}
What happens is:
- withouth the call to setNoCasServerValidation(), I get the error
phpCAS error: phpCAS::checkAuthentication(): one of the methods
phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or
phpCAS::setNoCasServerValidation() must be called. in
/www/moodle/auth/cas/auth.php on line 111
- with the call, the browser seems to take the eternity to check it and
either stays in waiting for
https://moodle.myserver.../devmoodle/login/index.php; or - after over
4-5 minutes - CAS Authentication failed (despite seeing from the logs that
2009-10-20 10:14:57,978 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service
ticket [ST-3-MzeLUrYcohZvMaBLBbny-cas] for service
[https://moodle.myserver.../devmoodle/login/index.php] for user [user]
2009-10-20 10:15:08,169 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading
registered services.
2009-10-20 10:15:08,169 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 0 services.
I start being really puzzled -_-
Giuseppe
Marvin Addison wrote:
Or is it maybe a configuration issue? Do I have to activate the certificate
check somewhere?
Yes. Hopefully someone with Moodle experience can chime in here -- I
didn't even realize Moodle used phpCAS. Once you find the right place
in Moodle to configure the phpCAS client,
http://www.ja-sig.org/wiki/display/CASC/phpCAS+examples give examples
of both disabling the cert check (not recommended) and enabling an
explicity trust check.
M
--
Giuseppe Sollazzo
Systems Developer / Administrator
Computing Services
St. George's, University of London
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS - Nagios and inspektr
Hello, I would like to use inspektr to retrieve Performance Data for nagios. I see in web.xml that there is a pattern /services/viewStatistics.html but i cant find any jsp providing this file. I just want in-memory stats. Can you give me some clues to have theses stats throw a web page ? Thx for you anwsers, -- MARTEAU Christophe CICT 118, route de Narbonne 31000 Toulouse -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Using CAS with Mule
Has anyone used CAS with Mule? The Mule documentation (for version 2.2.1) states that Mule can use Acegi security provider for CAS and others. I want to use CAS to secure web services exposed by Mule. Aksel. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Fwd: Call for Proposals - Jasig 2010
All, The Jasig 2010 Call for Proposals is open! We invite you to submit your presentation proposal! For more details, see below! While we continue to be extremely interested in presentations related to CAS, uPortal, and other Jasig projects, we're looking to improve and expand upon the content we offer that you can use in your day-to-day jobs (unless you just happen to deploy CAS every day ;-)). Presentations on new languages such as Groovy and Scala, great frameworks such as Grails or Spring, methodologies such as Agile, architecture/design such as REST, and best practices such as for high availability, testing and Java development are being highly sought after. These are just examples of the things we're looking for. If you've got something you think would be interesting to your peers, submit your proposal now Also, if you're working on an application that you're thinking might benefit from a wider audience (i.e. you want to open source it), be sure to submit a presentation on it! If you have any questions, please feel free to contact me directly. Cheers, Scott -- Forwarded message -- From: Jonathan Markow jjmar...@jasig.org Date: Mon, Oct 19, 2009 at 2:01 PM Subject: [cas-steering-committee] Call for Proposals - Jasig 2010 To: JA-SIG Members jasig-memb...@lists.ja-sig.org, jasig-announce jasig-annou...@lists.ja-sig.org Cc: JA-SIG Board bo...@lists.ja-sig.org, cas-steering-commit...@lists.ja-sig.org, uportal-steering-commit...@lists.ja-sig.org *Ten Years of Open Source Innovation* March 8 - 10, 2009 The Town and Country Resort, San Diego, California Supplementary Seminars on March 7th and the afternoon of March 10th Developer Workshops, March 11 - 12 *Call for Proposals now open* Deadline for submission of proposals for half or full day seminars: November 4, 2009 Deadline for submission of proposals for all other sessions: November 18, 2009 Conference site: http://www.ja-sig.org/conferences/10spring/index.html Dear Colleague: Help us celebrate Jasig's 10th anniversary in San Diego with outstanding speakers and special events. The focus is on innovation this year. We'll be highlighting new and established work from higher education institutions: Projects you should know about; local projects in search of community; creative work by established communities of practice; projects that exist only as a gleam in the eye of a creative developer. Come and see presentations and seminars on new technologies soon to impact higher education. We're seeking talks on topics such as Scala, Spring 3, deployment to the Cloud, Groovy, Grails, REST, Jersey, mobile applications, etc. We invite you to propose talks, seminars, birds-of-a-feather sessions, demos, and poster session displays on new and current campus applications: Enterprise portlets, CAS, uPortal, Bedework Calendar, Identity Access Management, Fluid, ESUP Helpdesk, OpenRegistry, Sakai, Kuali, Internet2 Middleware Solutions, Fedora and DSpace, and others. Talks will be presented in one of four tracks: - *Designing Developing* For developers, architects, UX designers, testers. Presentations for people who build applications. - *Deploying Integrating* For people who need to make applications work on campus: developers, content providers, team leaders, evangelists. In particular, we would like to highlight work that integrates open source projects within the enterprise infrastructure and with each other. - *Managing Governing* What are best practices for managing community source projects or their deployments on campus? For encouraging adoption? For gaining acceptance and campus buy-in? For engaging your community in the processes? Presentations for managers, team leaders, executives, planners and strategists. - *Looking Ahead* What are the technologies that will impact higher education in the coming years? What project work, prototypes, plans, and local campus applications would you like to share with a community of your peers? Half-day Supplementary Seminars will be held in the morning and afternoon on Sunday, March 7th as well as on Wednesday (March 10th) afternoon. Proposals may be entered on the Jasig Conference Website. Proposals require a Title, an Abstract (under 500 words), a Presenter Profile, and some basic affiliation information. This year we are also asking proposal submitters to select tags that best describe their proposals. Submit your proposal directly at http://www.ja-sig.org/jasigconf/call-form.jsp?conf_id=jasig17 or from the conference home page, where you can find all the details: http://www.ja-sig.org/conferences/10spring/index.html (Click the Call for Proposals link on the left). We look forward to seeing you at *Ten Years of Open Source Innovation*! -The Jasig 2010 Spring Conference Planning Committee -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access
Re:[cas-user] Ensure the same credentials could be used only by one user at the same time
Guys, Any help would be appreciated. Even some links to get started. Thank you, Yuriy On Mon, Oct 19, 2009 at 6:03 PM, Yuriy Zubarev yuriyzubar...@gmail.com wrote: Hi, We have a business rule that forbids two different users to be logged in the system under the same set of credentials at the same time. Does CAS have a support for this? Does this feature have a common name? Non sharable credentials, or something similar? I tried to search archives to see if the question was already asked but WiscList is hardly usable. Thank you, Yuriy Zubarev -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Ensure the same credentials could be used only by one user at the same time
We have a business rule that forbids two different users to be logged in the system under the same set of credentials at the same time. Does CAS have a support for this? No. Does this feature have a common name? Not that I'm aware of. Any help would be appreciated. You will have to develop this functionality on your own. If you don't do any credential-to-principal resolution, this can probably be straightforward. In that case I would recommend extending an authentication handler suitable for your authentication source (e.g. LDAP) that uses a post-authentication process to search the TicketRegistry for TGTs with a principal matching the username of the given credential. If you find a match, return false for the postAuthenticate method. We discussed post-authentication handlers today on another thread if you'd like more background. M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Ensure the same credentials could be used only by one user at the same time
We use JPA so I will investigate the table structure and try to come up with efficient queries. Thank you, Yuriy On Tue, Oct 20, 2009 at 6:09 PM, Scott Battaglia scott.battag...@gmail.com wrote: Just a note that not all ticket registries are searchable, nor is it possibly efficient to search them. The default registry will return an entire collection of tickets, while the memcache registry is unable to. The JPA one will, but to load the entire table of tickets may not be efficient. Cheers, Scott On Tue, Oct 20, 2009 at 9:05 PM, Yuriy Zubarev yuriyzubar...@gmail.com wrote: Thank you, It helps a lot. Yuriy On Tue, Oct 20, 2009 at 5:41 PM, Marvin Addison marvin.addi...@gmail.com wrote: We have a business rule that forbids two different users to be logged in the system under the same set of credentials at the same time. Does CAS have a support for this? No. Does this feature have a common name? Not that I'm aware of. Any help would be appreciated. You will have to develop this functionality on your own. If you don't do any credential-to-principal resolution, this can probably be straightforward. In that case I would recommend extending an authentication handler suitable for your authentication source (e.g. LDAP) that uses a post-authentication process to search the TicketRegistry for TGTs with a principal matching the username of the given credential. If you find a match, return false for the postAuthenticate method. We discussed post-authentication handlers today on another thread if you'd like more background. M -- You are currently subscribed to cas-user@lists.jasig.org as: yuriyzubar...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: yuriyzubar...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
