Re: [cas-user] Sending domain parameter

[Alberto Cabello Sánchez]

On Wed, Nov 13, 2013 at 04:44:49PM +, Idan Fridman wrote:
> Hi Alberto,
> I am building cas.war with maven. But I don't havnt download the source code.
> I run maven install and copy the CAS.WAR into my tomcat deployment. That's
> how I should treat it right?
 
Hi, Idan,

Here is my entire source tree to build CAS with an additional Services Registry.
As you can see, I only have pom.xml, modified local configuration files and my
own JAVA source files:

pom.xml
src/
src/main
src/main/webapp
src/main/webapp/WEB-INF
src/main/webapp/WEB-INF/cas.properties
src/main/webapp/WEB-INF/deployerConfigContext.xml
src/main/webapp/WEB-INF/classes
src/main/webapp/WEB-INF/classes/log4j.xml
src/main/webapp/WEB-INF/classes/messages_es.properties
src/main/java
src/main/java/es
src/main/java/es/unex
src/main/java/es/unex/cas
src/main/java/es/unex/cas/services
src/main/java/es/unex/cas/services/kira
src/main/java/es/unex/cas/services/kira/KiraCASRegisterServicesTest.java
src/main/java/es/unex/cas/services/kira/KiraServiceRegistryDaoImpl.java
src/main/java/es/unex/cas/services/kira/KiraServiceRecord.java

Install is as usual: "mvn clean package" and deploy the resulting .WAR.

-- 
---
Alberto Cabello Sánchez
albe...@unex.es

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Shibboleth IDP with CAS

[H Sheth]

Hi 

I have CAS 3.5.2 server integrated with my application. 

We need SAML 2.0, hence we have decieded to use Shibboleth with CAS.


I have installed Shibboleth IDP . I have updated configuration in 
Shibboleth IDP as mentioned at 
https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration .

Now when i hit http://localhost:8090/idp//Authn/RemoteUSer,I am getting 
redirected to CAS Login page. After successfull authentication, I am being 
redirected back to IDP, with following error,

"An error occurred while processing your request. Please contact your 
helpdesk or user ID office for assistance. 
This service requires cookies. Please ensure that they are enabled and try 
your going back to your desired resource and trying to login again. 
Use of your browser's back button may cause specific errors that can be 
resolved by going back to your desired resource and trying to login again. 

If you think you were sent here in error, please contact technical support 
"
Both IDP and CAS are deployed on tomcat. I have enabled crossContext to 
true. In the log files it says, that Service Ticket is getting generated 
successfully. No other error is getting displayed.
In idp-process.log file it says "No login context available, unable to 
return to authentication engine". 
Can some one help. How to correct this ?






Hardik Jagatkumar Sheth
Tata Consultancy Services
Ph:- 9107966712785
Buzz:- 4792785
Cell:- +919879324464
Mailto: h.sh...@tcs.com
Website: http://www.tcs.com

Experience certainty.   IT Services
Business Solutions
Consulting

=-=-=
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Sequence number in ticket granting ticket id

[Guido Wimmel]

Hi,

 

is there a specific reason why CAS by default includes sequence numbers in the generated

ticket granting ticket ids? (e.g. TGT-1-x, TGT-2-x, ...)

 

With the help of the sequence numbers, one could perform traffic analyses (e.g. determining

how many logins there are in a given timespan), which might be undesired.

 

The default service tickets look similar, but in this case one can switch to SAML authentication,

where the ids are generated differently.

 

Could there be any potential problems in switching to SAML compliant ids for TGTs as well?

(I understand this might be possible by changing the configuration in uniqueIdGenerators.xml)

 

Best regards,

   Guido
-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.comTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Sequence number in ticket granting ticket id

[Pelit Mamani]

I'm no expert, but IMHO it seems like a cool "catch"  :)
Not critical for my project, but nice keep in mind.
Shouldn't it be easy to implement your own
org.jasin.cas.util.UniqueTicketIdGenerator?

Just a minor unrelated note - I hope your CAS connections are HTTPS...?
because when I hear "traffic analysis" I imaging those tools that monitor
masses of traffic; that should fail because TicketGrantingCookie should
travel on https.
That doesn't hurt the validity of your argument - a cracker can simply
performs several logins and watch the TGT's. I just brought it up because
of the phrase "traffic analysis" got me worried about encryption.


On Thu, Nov 14, 2013 at 1:14 PM, Guido Wimmel  wrote:

> Hi,
>
> is there a specific reason why CAS by default includes sequence numbers in
> the generated
> ticket granting ticket ids? (e.g. TGT-1-x, TGT-2-x, ...)
>
> With the help of the sequence numbers, one could perform traffic analyses
> (e.g. determining
> how many logins there are in a given timespan), which might be undesired.
>
> The default service tickets look similar, but in this case one can switch
> to SAML authentication,
> where the ids are generated differently.
>
> Could there be any potential problems in switching to SAML compliant ids
> for TGTs as well?
> (I understand this might be possible by changing the configuration in
> uniqueIdGenerators.xml)
>
> Best regards,
>Guido
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> pelmam@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] how to Retrieve more than one result for multiple rows attributeRepository

[ray]

Hi,
I am trying to setup CAS to return attributes(user permissions) related to an 
authenticated user. 
These attributes reside in an oracle database. 

I have managed to get some attributes returning correctly however the queries 
return only the first result. 

I can see in the logs that I am getting multiple results per that attribute but 
for some reason it's not passed within the saml request:

2013-11-14 14:16:33,384 DEBUG 
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao] - 


We can see here clearly we get two results from the DB: 
ROLE_PERMISSIONS_MY_EVENTS
ROLE_PERMISSIONS_CREATE_EVENTS

However only the first one is returned:

2013-11-14 14:16:33,409 DEBUG 

[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
 

RE: [cas-user] how to Retrieve more than one result for multiple rows attributeRepository

[Idan Fridman]

I'll try to give farther explanation:

I expect my multi-value Attribute: PERMISSION_NAME to be king of list or 
anything other type which hold multi valued results.

However I get only the first one: ROLE_PERMISSIONS_MY_EVENTS.

Any idea why ?



-Original Message-
From: ray [mailto:id...@cellebrite.com]
Sent: Thursday, November 14, 2013 2:21 PM
To: cas-user@lists.jasig.org
Subject: [cas-user] how to Retrieve more than one result for multiple rows 
attributeRepository

Hi,
I am trying to setup CAS to return attributes(user permissions) related to an 
authenticated user.
These attributes reside in an oracle database.

I have managed to get some attributes returning correctly however the queries 
return only the first result.

I can see in the logs that I am getting multiple results per that attribute but 
for some reason it's not passed within the saml request:

2013-11-14 14:16:33,384 DEBUG 
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao] - 


We can see here clearly we get two results from the DB:
ROLE_PERMISSIONS_MY_EVENTS
ROLE_PERMISSIONS_CREATE_EVENTS

However only the first one is returned:

2013-11-14 14:16:33,409 DEBUG

[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -  
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] how to Retrieve more than one result for multiple rows attributeRepository

[Idan Fridman]

Hi,
Maybe the problem appears because I am using MergingPersonAttributeDaoImpl 
which is wrapping the SingleRowJdbcPersonAttributeDao that I am using ?

-Original Message-
From: Idan Fridman
Sent: Thursday, November 14, 2013 2:41 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] how to Retrieve more than one result for multiple rows 
attributeRepository

I'll try to give farther explanation:

I expect my multi-value Attribute: PERMISSION_NAME to be king of list or 
anything other type which hold multi valued results.

However I get only the first one: ROLE_PERMISSIONS_MY_EVENTS.

Any idea why ?



-Original Message-
From: ray [mailto:id...@cellebrite.com]
Sent: Thursday, November 14, 2013 2:21 PM
To: cas-user@lists.jasig.org
Subject: [cas-user] how to Retrieve more than one result for multiple rows 
attributeRepository

Hi,
I am trying to setup CAS to return attributes(user permissions) related to an 
authenticated user.
These attributes reside in an oracle database.

I have managed to get some attributes returning correctly however the queries 
return only the first result.

I can see in the logs that I am getting multiple results per that attribute but 
for some reason it's not passed within the saml request:

2013-11-14 14:16:33,384 DEBUG 
[org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao] - 


We can see here clearly we get two results from the DB:
ROLE_PERMISSIONS_MY_EVENTS
ROLE_PERMISSIONS_CREATE_EVENTS

However only the first one is returned:

2013-11-14 14:16:33,409 DEBUG

[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -  
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Strange CAS (or Liferay) issue

[Angelo Immediata]

Hi there

I'm usign CAS with Liferay 5.2.3
I had this strange issue. An user tried to log on my portal
He used his own laptop and he confirmed to me that he never left this laptop to 
other colleagues; he is the only one in using this computer
When he tried to login on the Portal, the CAS login form has been displayed; he 
entered his own credentials and when he has been redirect to Liferay, he saw 
the welcome message for another user and an error page on Liferay
Can this be related to any issue on CAS client side? If so...what could be the 
issue? How can I solve it?
Please note that this issues appeared only once (only when this user told me); 
from that moment it no longer appeared

Any suggestion is really appreciated
Thank you

Angelo
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] How to config ServicesRegistry and Database Connection with POSTGRESQL

[Đào Văn Phong]

Hi everybody,

I tried config  ServicesRegistry and Database Connection with POSTGRESR
follow this guide https://wiki.jasig.org/display/CASUM/Configuring but
failed. I hope someone help me for issue.

Thank you so much.

-- 
*ĐÀO VĂN PHONG*
*Hai Phong Private University*

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Sequence number in ticket granting ticket id

[Marvin Addison]

> With the help of the sequence numbers, one could perform traffic analyses
> (e.g. determining
> how many logins there are in a given timespan), which might be undesired.

You would need credentials in order to perform such an analysis. I
suppose a curious user could perform this analysis on his or her SSO
domain using his or her own credentials, but I would hope vigilant IDM
sysadmins would note high rates of authentication for a single user
and investigate.

You suggested that the rates of authentication could be disclosed,
which at first glance appears the only meaningful information to be
gained from traffic analysis. I don't see how that information would
be useful to an attacker. You could probably estimate fairly
accurately the number of authentications per day by basing on
organizational size. It's perfectly reasonable to expect an SSO
session to last one day, so rough estimate on authentications per day
is simply the number of users. For public universities in the US that
information is publicly available; I would imagine it's not hard to
determine for an organization generally.

M

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Notifications

[Steve Cook]

Does anyone have a solution for displaying messages on the CAS login screen. I 
would like to post service outage notices and maybe even emergency 
notifications on the main login screen when appropriate.  I guess what makes 
this difficult is that there won't always be a message to display and it needs 
to be easy to modify on the fly.  Any suggestions?

Appreciate it.
Thanks!
Steve


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] RE : Notifications

[HURTEVENT VINCENT]

Hi,

we have the same interest in displaying messages or news on CAS login view and 
we're thinking about a Javascript code which fetchs feeds from our main 
institutionnal CMS.





De : Steve Cook [steve.c...@humber.ca]
Date d'envoi : jeudi 14 novembre 2013 16:42
À : cas-user@lists.jasig.org
Objet : [cas-user] Notifications

Does anyone have a solution for displaying messages on the CAS login screen. I 
would like to post service outage notices and maybe even emergency 
notifications on the main login screen when appropriate.  I guess what makes 
this difficult is that there won’t always be a message to display and it needs 
to be easy to modify on the fly.  Any suggestions?

Appreciate it.
Thanks!
Steve


--
You are currently subscribed to cas-user@lists.jasig.org as: 
vincent.hurtev...@univ-lyon1.fr
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] RE : Notifications

[HURTEVENT VINCENT]

RSS feeds,




De : HURTEVENT VINCENT
Date d'envoi : jeudi 14 novembre 2013 16:48
À : cas-user@lists.jasig.org
Objet : RE : Notifications

Hi,

we have the same interest in displaying messages or news on CAS login view and 
we're thinking about a Javascript code which fetchs feeds from our main 
institutionnal CMS.





De : Steve Cook [steve.c...@humber.ca]
Date d'envoi : jeudi 14 novembre 2013 16:42
À : cas-user@lists.jasig.org
Objet : [cas-user] Notifications

Does anyone have a solution for displaying messages on the CAS login screen. I 
would like to post service outage notices and maybe even emergency 
notifications on the main login screen when appropriate.  I guess what makes 
this difficult is that there won’t always be a message to display and it needs 
to be easy to modify on the fly.  Any suggestions?

Appreciate it.
Thanks!
Steve


--
You are currently subscribed to cas-user@lists.jasig.org as: 
vincent.hurtev...@univ-lyon1.fr
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Notifications

[Laura McCord]

Hi Steve,

We customized our login to allow a dept to add custom messaging using 
information that is stored in a xml file (accessible through a url). 
Then, we add the url to the "Theme Name" field in the services registry. 
Our customizations look to see if there is any information in the xml 
file and if not nothing will be displayed, else, it will write the 
information to the screen. I imagine you can tweak this to suit your needs.

If you are interested I can send you more details.

Laura



On 11/14/13 9:42 AM, Steve Cook wrote:
>
> Does anyone have a solution for displaying messages on the CAS login 
> screen. I would like to post service outage notices and maybe even 
> emergency notifications on the main login screen when appropriate.  I 
> guess what makes this difficult is that there won't always be a 
> message to display and it needs to be easy to modify on the fly.  Any 
> suggestions?
>
> Appreciate it.
>
> Thanks!
>
> Steve
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> lmcc...@ucmerced.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE:[cas-user] Notifications

[Ted Fisher]

That is what we do - although ours is just retrieving a JSON feed.

Ted F. Fisher
Information Technology Services
[Description: BGSU]

From: HURTEVENT VINCENT [mailto:vincent.hurtev...@univ-lyon1.fr]
Sent: Thursday, November 14, 2013 10:49 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] RE : Notifications

RSS feeds,




De : HURTEVENT VINCENT
Date d'envoi : jeudi 14 novembre 2013 16:48
À : cas-user@lists.jasig.org
Objet : RE : Notifications
Hi,

we have the same interest in displaying messages or news on CAS login view and 
we're thinking about a Javascript code which fetchs feeds from our main 
institutionnal CMS.





De : Steve Cook [steve.c...@humber.ca]
Date d'envoi : jeudi 14 novembre 2013 16:42
À : cas-user@lists.jasig.org
Objet : [cas-user] Notifications
Does anyone have a solution for displaying messages on the CAS login screen. I 
would like to post service outage notices and maybe even emergency 
notifications on the main login screen when appropriate.  I guess what makes 
this difficult is that there won't always be a message to display and it needs 
to be easy to modify on the fly.  Any suggestions?

Appreciate it.
Thanks!
Steve


--
You are currently subscribed to 
cas-user@lists.jasig.org as: 
vincent.hurtev...@univ-lyon1.fr
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to 
cas-user@lists.jasig.org as: 
tffi...@bgsu.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user<>

RE: [cas-user] CAS/ADFS/WS-Federation

[Gasper, John]

Hi Brian,

Sorry I'm late to the ball. Did you get this figured out? I'd start by 
examining the data posted to CAS from ADFS. In Chrome you can use the Network 
tab in the Dev tools and look at the post headers. I'd take the posted response 
and save it to an .xml and open it in IE or Chrome for easier reading. That 
will make it very clear what is being passed to ADFS.

John

-Original Message-
From: Brian Clayton [mailto:bclay...@clarku.edu] 
Sent: Thursday, November 7, 2013 11:11 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] CAS/ADFS/WS-Federation

I'm using John Gasper's WS-Federation module, setup for full delegation. I have 
the configuration working to the point that it redirects to the ADFS server for 
login, then redirects back to the CAS server upon success. At that point, I get 
the attached error message from the CAS server. I'm speculating that it might 
have to do with the AD attributes passed from ADFS to CAS (claims/assertions), 
but I'm not sure. I've tried everything I can think of, simplifying the claims 
to just UPN, and doing my own version of WsFedAttributeMutatorImpl accordingly. 
Nothing seems to be working. I figure I must have something misconfigured, but 
I'm at a complete loss so I'm hoping someone might have seen this before or 
have some idea of what's going on.
--
You are currently subscribed to cas-user@lists.jasig.org as: jgas...@ewu.edu To 
unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Aw: Re: [cas-user] Sequence number in ticket granting ticket id

[Guido Wimmel]

Hi,

 

I also think that the information that can be gained in this way

is of limited use, but if you were very strict, you could still

demand that no such such information could be obtainable.

 

I still wonder what's the purpose of the sequence numbers -

probably to absolutely ensure uniqueness?

(which would be extremely unlikely with the appended

35 random characters, and could possibly also be checked against

the ticket registry on creation)

 

Best regards,

   Guido

 

Gesendet: Donnerstag, 14. November 2013 um 15:35 Uhr
Von: "Marvin Addison" 
An: cas-user@lists.jasig.org
Betreff: Re: [cas-user] Sequence number in ticket granting ticket id

> With the help of the sequence numbers, one could perform traffic analyses
> (e.g. determining
> how many logins there are in a given timespan), which might be undesired.

You would need credentials in order to perform such an analysis. I
suppose a curious user could perform this analysis on his or her SSO
domain using his or her own credentials, but I would hope vigilant IDM
sysadmins would note high rates of authentication for a single user
and investigate.

You suggested that the rates of authentication could be disclosed,
which at first glance appears the only meaningful information to be
gained from traffic analysis. I don't see how that information would
be useful to an attacker. You could probably estimate fairly
accurately the number of authentications per day by basing on
organizational size. It's perfectly reasonable to expect an SSO
session to last one day, so rough estimate on authentications per day
is simply the number of users. For public universities in the US that
information is publicly available; I would imagine it's not hard to
determine for an organization generally.

M

--
You are currently subscribed to cas-user@lists.jasig.org as: guido.wim...@gmx.net
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user



-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.comTo unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

RE:[cas-user] Notifications

[Ben Branch]

Steve,

We made direct modifications to the 
$CAS_APP/WEB-INF/view/jsp/default/ui/casLoginView.jsp file to display messages 
on the login screen.  Maybe not ideal, but it did work for what we needed.  I 
hope this helps.

Ben Branch
UNIX/Linux Administrator
University of Central Oklahoma
ITIL Foundation v3, Network+, RHCSA

100 N. University Drive, Box 122
Edmond, OK 73034
D: 405.974.2649 | M: 405.550.6804 | bbranch@uco.edu | 
www.uco.edu

"I am wiser than this man, for neither of us appears to know anything great and 
good; but he fancies he knows something, although he knows nothing; whereas I, 
as I do not know anything, so I do not fancy I do. In this trifling particular, 
then, I appear to be wiser than he, because I do not fancy I know what I do not 
know."  - Socrates

From: Steve Cook [mailto:steve.c...@humber.ca]
Sent: Thursday, November 14, 2013 9:42 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] Notifications

Does anyone have a solution for displaying messages on the CAS login screen. I 
would like to post service outage notices and maybe even emergency 
notifications on the main login screen when appropriate.  I guess what makes 
this difficult is that there won't always be a message to display and it needs 
to be easy to modify on the fly.  Any suggestions?

Appreciate it.
Thanks!
Steve


--
You are currently subscribed to 
cas-user@lists.jasig.org as: 
bbra...@uco.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


**Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and 
Green! Please print this e-mail only if absolutely necessary! 

**CONFIDENTIALITY** This e-mail (including any attachments) may contain 
confidential, proprietary and privileged information. Any unauthorized 
disclosure or use of this information is prohibited.


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: Re: [cas-user] Sequence number in ticket granting ticket id

[Marvin Addison]

> I still wonder what's the purpose of the sequence numbers -
> probably to absolutely ensure uniqueness?

I believe that's correct. The guidelines for unique identifiers that
I'm familiar with recommend including both sequential data and secure
random data, and the format of CAS TGTs is consistent with that
practice. I should note that the only requirement mentioned of tickets
in the CAS protocol doc is that identifiers SHOULD start with a
particular prefix and MUST contain adequate random data to prevent
guessing. So you can change the format with confidence you won't have
trouble with well-behaved CAS clients. In practice I'm pretty sure you
could switch to another IdGenerator component and not run into
trouble.

M

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE:[cas-user] ClearPass with Load-Balanced CAS

[St Laurent, Mark]

Still having issues with this. We've narrowed it down to the 
EncryptedMapDecorator. If we implement it without the encryption it works, but 
then the ClearPass credentials are stored in clear text, which isn't an 
acceptable solution. If anyone who has deployed ClearPass in a load-balanced 
CAS environment could just post your clearpass-configuration.xml that would be 
most helpful.

Thanks,

--
Mark St. Laurent
Web Systems Administrator
Yavapai College
(928) 717-7654
http://www.yc.edu

From: St Laurent, Mark
Sent: Tuesday, November 12, 2013 7:51 AM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] ClearPass with Load-Balanced CAS

Really having problems with this. If anyone out there has ever made ClearPass 
work in a load-balanced environment I'd really appreciate it if I could get 
some help from you.

Thanks,

--
Mark St. Laurent
Web Systems Administrator
Yavapai College
(928) 717-7654
http://www.yc.edu

From: St Laurent, Mark
Sent: Friday, November 08, 2013 4:36 PM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] ClearPass with Load-Balanced CAS

So, I have made some progress. I've discovered that if I change the key prefix 
from clearPass_ to something unique for each server (such as "cas0_clearPass_") 
then the error below goes away. However, it appears that the servers cannot 
read each other's credential cache, successful proxy tickets don't get a 
password in the returned information. Still looking for help on this, anything 
would be appreciated.

Thanks,

--
Mark St. Laurent
Web Systems Administrator
Yavapai College
(928) 717-7654
http://www.yc.edu

From: St Laurent, Mark
Sent: Friday, November 08, 2013 8:16 AM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] ClearPass with Load-Balanced CAS

After more testing last night, I discovered that it is leaving an error message 
in the CAS log:

2013-11-07 19:40:55,307 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully 
authenticated [username: anaylor]
2013-11-07 19:40:55,307 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal 
anaylor
2013-11-07 19:40:55,307 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler@41589833
 authenticated anaylor with credential [username: anaylor].
2013-11-07 19:40:55,322 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail 
record BEGIN
=
WHO: [username: anaylor]
WHAT: supplied credentials: [username: anaylor]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Nov 07 19:40:55 MST 2013
CLIENT IP ADDRESS: 198.60.125.12
SERVER IP ADDRESS: 198.60.125.94
=


2013-11-07 19:40:55,322 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail 
record BEGIN
=
WHO: [username: anaylor]
WHAT: javax.crypto.BadPaddingException: Given final block not properly padded
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Thu Nov 07 19:40:55 MST 2013
CLIENT IP ADDRESS: 198.60.125.12
SERVER IP ADDRESS: 198.60.125.94
=

If anyone could provide any assistance on this, I'd really appreciate it.

Thanks,

--
Mark St. Laurent
Web Systems Administrator
Yavapai College
(928) 717-7654
http://www.yc.edu

From: St Laurent, Mark
Sent: Thursday, November 07, 2013 3:11 PM
To: cas-user@lists.jasig.org
Subject: [cas-user] ClearPass with Load-Balanced CAS

So, I'm trying to get ClearPass working in a load-balanced CAS environment with 
a memcache ticket registry. I discovered this Wiki entry:

https://wiki.jasig.org/display/CASUM/ClearPass+and+Multiple+Server+Configurations

But I can't seem to get it working. My clearpass-configuration.xml is as 
follows:



http://www.springframework.org/schema/beans";
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
   xmlns:p="http://www.springframework.org/schema/p";
   xmlns:sec="http://www.springframework.org/schema/security";
   xmlns:util="http://www.springframework.org/schema/util";
   xsi:schemaLocation="
   http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
   http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.1.xsd
   http://www.springframework.org/schema/util 
http:/

Re: [cas-user] How to config ServicesRegistry and Database Connection with POSTGRESQL

[Marvin Addison]

> I tried config  ServicesRegistry and Database Connection with POSTGRESR
> follow this guide https://wiki.jasig.org/display/CASUM/Configuring but
> failed. I hope someone help me for issue.


Here's the data source config for our overlay that used PG:

  

  


  


  


  
${database.dialect}
update
  

  

https://wiki.jasig.org/display/CASUM/JpaTicketRegistry#JpaTicketRegistry-DatabaseConnectionPooling
has reasonable values or examples of the properties above.

M

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Notifications

[MichaelEDLICH]

Hi,

It´s very interresting,

We havn't java devolpers in our organization, and we have this need for long 
time! 

Envoyé de mon iPhone

Le 14 nov. 2013 à 16:50, Laura McCord  a écrit :

> Hi Steve,
> 
> We customized our login to allow a dept to add custom messaging using 
> information that is stored in a xml file (accessible through a url). Then, we 
> add the url to the "Theme Name" field in the services registry. Our 
> customizations look to see if there is any information in the xml file and if 
> not nothing will be displayed, else, it will write the information to the 
> screen. I imagine you can tweak this to suit your needs.
> 
> If you are interested I can send you more details.
> 
> Laura
> 
>  
> 
> On 11/14/13 9:42 AM, Steve Cook wrote:
>> 
>> Does anyone have a solution for displaying messages on the CAS login screen. 
>> I would like to post service outage notices and maybe even emergency 
>> notifications on the main login screen when appropriate.  I guess what makes 
>> this difficult is that there won’t always be a message to display and it 
>> needs to be easy to modify on the fly.  Any suggestions?
>>  
>> Appreciate it.
>> Thanks!
>> Steve
>>  
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> lmcc...@ucmerced.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mich...@edlich.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Notifications

[MichaelEDLICH]

Can you send some détails ?

Thanks !

Michael.

Le 14 nov. 2013 à 21:59, MichaelEDLICH  a écrit :

> Hi,
> 
> It´s very interresting,
> 
> We havn't java devolpers in our organization, and we have this need for long 
> time! 
> 
> Envoyé de mon iPhone
> 
> Le 14 nov. 2013 à 16:50, Laura McCord  a écrit :
> 
>> Hi Steve,
>> 
>> We customized our login to allow a dept to add custom messaging using 
>> information that is stored in a xml file (accessible through a url). Then, 
>> we add the url to the "Theme Name" field in the services registry. Our 
>> customizations look to see if there is any information in the xml file and 
>> if not nothing will be displayed, else, it will write the information to the 
>> screen. I imagine you can tweak this to suit your needs.
>> 
>> If you are interested I can send you more details.
>> 
>> Laura
>> 
>>  
>> 
>> On 11/14/13 9:42 AM, Steve Cook wrote:
>>> 
>>> Does anyone have a solution for displaying messages on the CAS login 
>>> screen. I would like to post service outage notices and maybe even 
>>> emergency notifications on the main login screen when appropriate.  I guess 
>>> what makes this difficult is that there won’t always be a message to 
>>> display and it needs to be easy to modify on the fly.  Any suggestions?
>>>  
>>> Appreciate it.
>>> Thanks!
>>> Steve
>>>  
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> lmcc...@ucmerced.edu
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> mich...@edlich.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Notifications

[Laura McCord]

Sure, no problem. Let me take a moment to package it up and I'll send it 
to your email address.

Laura


On 11/14/13 3:01 PM, MichaelEDLICH wrote:
> Can you send some détails ?
>
> Thanks !
>
> Michael.
>
> Le 14 nov. 2013 à 21:59, MichaelEDLICH  > a écrit :
>
>> Hi,
>>
>> It´s very interresting,
>>
>> We havn't java devolpers in our organization, and we have this need 
>> for long time!
>>
>> Envoyé de mon iPhone
>>
>> Le 14 nov. 2013 à 16:50, Laura McCord > > a écrit :
>>
>>> Hi Steve,
>>>
>>> We customized our login to allow a dept to add custom messaging 
>>> using information that is stored in a xml file (accessible through a 
>>> url). Then, we add the url to the "Theme Name" field in the services 
>>> registry. Our customizations look to see if there is any information 
>>> in the xml file and if not nothing will be displayed, else, it will 
>>> write the information to the screen. I imagine you can tweak this to 
>>> suit your needs.
>>>
>>> If you are interested I can send you more details.
>>>
>>> Laura
>>>
>>>
>>>
>>> On 11/14/13 9:42 AM, Steve Cook wrote:

 Does anyone have a solution for displaying messages on the CAS 
 login screen. I would like to post service outage notices and maybe 
 even emergency notifications on the main login screen when 
 appropriate.  I guess what makes this difficult is that there won’t 
 always be a message to display and it needs to be easy to modify on 
 the fly.  Any suggestions?

 Appreciate it.

 Thanks!

 Steve

 -- 
 You are currently subscribed tocas-u...@lists.jasig.org  
 as:lmcc...@ucmerced.edu
 To unsubscribe, change settings or access archives, 
 seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>> -- 
>>> You are currently subscribed tocas-u...@lists.jasig.org  
>>>   as:mich...@edlich.net  
>>> 
>>> To unsubscribe, change settings or access archives, 
>>> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> lmcc...@ucmerced.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE:[cas-user] Notifications

[Mosior, Benjamin]

Just to chime in, we use jQuery Ajax to integrate with the Ektron CMS for our 
"announcements" and "information" sections. The CMS returns some XML, we parse 
out the HTML element, and then populate the empty  that have specific 
IDs.

You can see it in action here: https://manifestdev.ship.edu/myship/login

And check out the code here: https://gist.github.com/bemosior/7474856

Feel free to let me know if anything isn't clear.

Benjamin Mosior
Shippensburg University of Pennsylvania

From: Steve Cook [mailto:steve.c...@humber.ca]
Sent: Thursday, November 14, 2013 10:42 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] Notifications

Does anyone have a solution for displaying messages on the CAS login screen. I 
would like to post service outage notices and maybe even emergency 
notifications on the main login screen when appropriate.  I guess what makes 
this difficult is that there won't always be a message to display and it needs 
to be easy to modify on the fly.  Any suggestions?

Appreciate it.
Thanks!
Steve


--
You are currently subscribed to 
cas-user@lists.jasig.org as: 
bemos...@ship.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] CAS/ADFS/WS-Federation

[Brian Clayton]

Hi John,
Thanks for the response (and creating the ws-federation module!). I haven't 
gotten it working yet, although I took a bit of a break to catch up on other 
stuff. I've attached the wresult form data as an XML file. The only other form 
element passed was "wa=wsignin1.0". The XML from ADFS looks reasonable to me, 
but I'm not at all well-versed in the ws-federation specification. It includes 
upn as the only attribute (as expected). On a related note, does the backingMap 
for the attributeRepository bean in deployerConfigContext.xml have to match the 
claims/attributes sent from ADFS? Or the modified attribute map?
Thanks,
Brian

-Original Message-
From: Gasper, John [mailto:jgas...@ewu.edu] 
Sent: Thursday, November 14, 2013 1:08 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] CAS/ADFS/WS-Federation

Hi Brian,

Sorry I'm late to the ball. Did you get this figured out? I'd start by 
examining the data posted to CAS from ADFS. In Chrome you can use the Network 
tab in the Dev tools and look at the post headers. I'd take the posted response 
and save it to an .xml and open it in IE or Chrome for easier reading. That 
will make it very clear what is being passed to ADFS.

John

-Original Message-
From: Brian Clayton [mailto:bclay...@clarku.edu]
Sent: Thursday, November 7, 2013 11:11 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] CAS/ADFS/WS-Federation

I'm using John Gasper's WS-Federation module, setup for full delegation. I have 
the configuration working to the point that it redirects to the ADFS server for 
login, then redirects back to the CAS server upon success. At that point, I get 
the attached error message from the CAS server. I'm speculating that it might 
have to do with the AD attributes passed from ADFS to CAS (claims/assertions), 
but I'm not sure. I've tried everything I can think of, simplifying the claims 
to just UPN, and doing my own version of WsFedAttributeMutatorImpl accordingly. 
Nothing seems to be working. I figure I must have something misconfigured, but 
I'm at a complete loss so I'm hoping someone might have seen this before or 
have some idea of what's going on.
--
You are currently subscribed to cas-user@lists.jasig.org as: jgas...@ewu.edu To 
unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as: 
bclay...@clarku.edu To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
http://schemas.xmlsoap.org/ws/2005/02/trust";>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2013-11-14T22:03:22.609Zhttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2013-11-14T23:03:22.609Zhttp://schemas.xmlsoap.org/ws/2004/09/policy";>http://www.w3.org/2005/08/addressing";>urn:federation:devcashttp://adfs.clarku.edu/adfs/services/trust"; IssueInstant="2013-11-14T22:03:22.609Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">urn:federation:devcasurn:oasis:names:tc:SAML:1.0:cm:bearerhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims";>bclay...@clarku.eduurn:oasis:names:tc:SAML:1.0:cm:bearerhttp://www.w3.org/2000/09/xmldsig#";>http://www.w3.org/2001/10/xml-exc-c14n#"; />http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />http://www.w3.org/2001/10/xml-exc-c14n#"; />http://www.w3.org/2000/09/xmldsig#sha1"; />UOFP38uQt9rGUxfchbdqsxlt+XY=QRMPDEiUXh0BXU62tuyLMI0GMjisaX8/A424Qe5Pe3LbzEiaHmg3k61aR+L2LzjRQwJrzHUchLdJ2WO2dN9o2ll+NvlE40BAKfQf6yxntdxz9QYkensoD3kND18EF6z0dLb6JcARLX8CODeNL16Iu/msqxT3SZvsAOgiszXw2ryBotCKV3tOq7+eOOxgRC/ITFxYO0ocYLStjV1RYeAbdRKa51Aaq6ol+aXDrvbn6uRaEm7BJL4FBYtKWF5UBmFvxtDhpbSdYsGW3ARAtOIUiKdrMIaygRpLhtjHRNj7p9KgOuZ+WVX+Yr34bNr2J3BufYhe+En5JcyKeH6Lg4pcLw==http://www.w3.org/2000/09/xmldsig#";>MIIC2jCCAcKgAwIBAgIQNDMlEvXrpKtMqvghoZxAQjANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDEx5BREZTIFNpZ25pbmcgLSBhZGZzLmNsYXJrdS5lZHUwHhcNMTMwMjIyMTc0NDAyWhcNMTQwMjIyMTc0NDAyWjApMScwJQYDVQQDEx5BREZTIFNpZ25pbmcgLSBhZGZzLmNsYXJrdS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm3swkJoVOR9AuuZl0xVvj6peiivufUzv3k4INmMT2qzNGB+4I4W2dLQoExNx5yPxzoyTCLE3oN2Bow97KiGD0l+fBgWiX9+OJgWAqM6B8wPpb8tVlOaU4S47tB7HgsnmMYh2vU41LXsNB6LkzW66qnBhVil8ZXTpmrMYGwbuGVFW8/VJte7B1WOzrMsWL/B0X2tt2Frg8nYCCLUMLCgzT011ecVnIk0FMcHVMfv/CEJ3J80ncSx1JUs8dDBx2yTNRYZYgZgosv0kmxm92WiTgNnHOQRcqp3+VMmXJ+fDO6QCx+8WLKW1n0avs92nSKFtMt2AAn5g5aHAGa/xM2OVXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAB8jsBIm7qKib4u91xH4bA7BsGf9YUWE7lNTCVaFN0bVMdeqV6wO4hJSF4PGtzgIttvaN51GRu3ee8nFDxYdqdJJyJkFySajLqkvP6SE/pm9nV0BpnWPX/bKkpbIajDBcDYQVEkdRSYFe3xccP8oGf5yigL8XROj7r+tqeL2w2IYsnNafqV1iAKVeKu6Wm5He5+DfYX/6uRBl058dVZWriJbfTpP+uLnbwAZCHWgFboSRuiZaI0Ztu6SQe8SrZwt20IcVbixHKY

Re: [cas-user] ClearPass with Load-Balanced CAS

[Tom Poage]

On 11/14/2013 12:50 PM, St Laurent, Mark wrote:
> Still having issues with this. We’ve narrowed it down to the
> EncryptedMapDecorator. If we implement it without the encryption it
> works, but then the ClearPass credentials are stored in clear text,
> which isn’t an acceptable solution. If anyone who has deployed ClearPass
> in a load-balanced CAS environment could just post your
> clearpass-configuration.xml that would be most helpful.

Are you using the JCE Unlimited Strength Jurisdiction Policy? Might be 
something to try, if not.

E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and 
suspect it may not be supported with the standard JCE policy.

Tom.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] ClearPass with Load-Balanced CAS

[Tom Poage]

On 11/14/2013 03:07 PM, Tom Poage wrote:
> E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and
> suspect it may not be supported with the standard JCE policy.

Nope, that's wrong:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest

Tom.


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Notifications

[Isaac Davis-King]

We have a cron job (perl script) on our CAS servers that grabs an RSS feed
of our IT alerts as well as a couple of marketing messages and images, and
parses them into html fragments that are written to local files.  These
files are incorporated into the login page template via jsp includes.

This process runs every 5 minutes. If there is an error connecting to the
feeds, the previously cached version of the files are left untouched.

This allows our marketing department to post content to defined sections of
our login page via the normal publishing process in our Drupal CMS without
having to touch the CAS application itself.

 - Isaac Stefanek


>
>
> *From:* HURTEVENT VINCENT [mailto:vincent.hurtev...@univ-lyon1.fr]
> *Sent:* Thursday, November 14, 2013 10:49 AM
> *To:* cas-user@lists.jasig.org
> *Subject:* [cas-user] RE : Notifications
>
>
>
> RSS feeds,
>
>
>
>
>
>
>  --
>
> *De :* HURTEVENT VINCENT
> *Date d'envoi :* jeudi 14 novembre 2013 16:48
> *À :* cas-user@lists.jasig.org
> *Objet :* RE : Notifications
>
> Hi,
>
>
>
> we have the same interest in displaying messages or news on CAS login view
> and we're thinking about a Javascript code which fetchs feeds from our main
> institutionnal CMS.
>
>
>
>
>
>
>
>
>  --
>
> *De :* Steve Cook [steve.c...@humber.ca]
> *Date d'envoi :* jeudi 14 novembre 2013 16:42
> *À :* cas-user@lists.jasig.org
> *Objet :* [cas-user] Notifications
>
> Does anyone have a solution for displaying messages on the CAS login
> screen. I would like to post service outage notices and maybe even
> emergency notifications on the main login screen when appropriate.  I guess
> what makes this difficult is that there won’t always be a message to
> display and it needs to be easy to modify on the fly.  Any suggestions?
>
>
>
> Appreciate it.
>
> Thanks!
>
> Steve
>
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vincent.hurtev...@univ-lyon1.fr
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: tffi...@bgsu.edu
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> idavis-k...@csumb.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] ClearPass with Load-Balanced CAS

[St Laurent, Mark]

Yeah, just got done trying it in the test environment, no effect.

Thanks, 

--
Mark St. Laurent
Web Systems Administrator
Yavapai College
(928) 717-7654
http://www.yc.edu 

-Original Message-
From: Tom Poage [mailto:tfpo...@ucdavis.edu] 
Sent: Thursday, November 14, 2013 4:14 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] ClearPass with Load-Balanced CAS

On 11/14/2013 03:07 PM, Tom Poage wrote:
> E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and 
> suspect it may not be supported with the standard JCE policy.

Nope, that's wrong:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest

Tom.


--
You are currently subscribed to cas-user@lists.jasig.org as: 
mark.stlaur...@yc.edu To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] ClearPass with Load-Balanced CAS

[Misagh]

Mark could u please post relevant snippets of your clearpass and deployer
config context xml files perhaps as github gists?
On Nov 14, 2013 3:35 PM, "St Laurent, Mark"  wrote:

> Yeah, just got done trying it in the test environment, no effect.
>
> Thanks,
>
> --
> Mark St. Laurent
> Web Systems Administrator
> Yavapai College
> (928) 717-7654
> http://www.yc.edu
>
> -Original Message-
> From: Tom Poage [mailto:tfpo...@ucdavis.edu]
> Sent: Thursday, November 14, 2013 4:14 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] ClearPass with Load-Balanced CAS
>
> On 11/14/2013 03:07 PM, Tom Poage wrote:
> > E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and
> > suspect it may not be supported with the standard JCE policy.
>
> Nope, that's wrong:
>
>
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest
>
> Tom.
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> mark.stlaur...@yc.edu To unsubscribe, change settings or access archives,
> see http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> misagh.moay...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] CAS/ADFS/WS-Federation

[Gasper, John]

Hi Brian,

You are welcome. Hopefully we can get you going here.

Your saml11/wsfed response looks appropriate to me. Here's a copy of my backing 
map:
















UPN is not listed here because the attribute is passed as the principal name.

Is there an error message being dumped in the logs right before this exception? 
It would likely be labelled in the WsFederationAction class. The workflow 
action has a generic exception handler that might show more details before 
re-throwing the exception and then producing the trace you passed along. The 
other error handlers in the class should do the same thing.

John

-Original Message-
From: Brian Clayton [mailto:bclay...@clarku.edu] 
Sent: Thursday, November 14, 2013 2:18 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] CAS/ADFS/WS-Federation

Hi John,
Thanks for the response (and creating the ws-federation module!). I haven't 
gotten it working yet, although I took a bit of a break to catch up on other 
stuff. I've attached the wresult form data as an XML file. The only other form 
element passed was "wa=wsignin1.0". The XML from ADFS looks reasonable to me, 
but I'm not at all well-versed in the ws-federation specification. It includes 
upn as the only attribute (as expected). On a related note, does the backingMap 
for the attributeRepository bean in deployerConfigContext.xml have to match the 
claims/attributes sent from ADFS? Or the modified attribute map?
Thanks,
Brian

-Original Message-
From: Gasper, John [mailto:jgas...@ewu.edu]
Sent: Thursday, November 14, 2013 1:08 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] CAS/ADFS/WS-Federation

Hi Brian,

Sorry I'm late to the ball. Did you get this figured out? I'd start by 
examining the data posted to CAS from ADFS. In Chrome you can use the Network 
tab in the Dev tools and look at the post headers. I'd take the posted response 
and save it to an .xml and open it in IE or Chrome for easier reading. That 
will make it very clear what is being passed to ADFS.

John

-Original Message-
From: Brian Clayton [mailto:bclay...@clarku.edu]
Sent: Thursday, November 7, 2013 11:11 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] CAS/ADFS/WS-Federation

I'm using John Gasper's WS-Federation module, setup for full delegation. I have 
the configuration working to the point that it redirects to the ADFS server for 
login, then redirects back to the CAS server upon success. At that point, I get 
the attached error message from the CAS server. I'm speculating that it might 
have to do with the AD attributes passed from ADFS to CAS (claims/assertions), 
but I'm not sure. I've tried everything I can think of, simplifying the claims 
to just UPN, and doing my own version of WsFedAttributeMutatorImpl accordingly. 
Nothing seems to be working. I figure I must have something misconfigured, but 
I'm at a complete loss so I'm hoping someone might have seen this before or 
have some idea of what's going on.
--
You are currently subscribed to cas-user@lists.jasig.org as: jgas...@ewu.edu To 
unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as: 
bclay...@clarku.edu To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as: jgas...@ewu.edu To 
unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] Demo CAS Protocol Support in Shib IdPv3

[Paul B. Henson]

> From: Marvin Addison [mailto:marvin.addi...@gmail.com]
> Sent: Friday, November 08, 2013 7:07 AM
>
> I have a working demo that showcases basic CAS protocol v2 support in
> the Shib IdPv3.

Hmm, interesting; is this just an exercise in seeing whether or not it could be 
done, or are there plans to make it so functional as to negate the need to run 
a separate CAS server if you already have shibboleth deployed?


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] How to config ServicesRegistry and Database Connection with POSTGRESQL

[Đào Văn Phong]

Dear Sir,


Thank for your helping. Can you guide to me for step by step. I'm newbie so
dont have much experience.

2013/11/15 Marvin Addison 

> > I tried config  ServicesRegistry and Database Connection with POSTGRESR
> > follow this guide https://wiki.jasig.org/display/CASUM/Configuring but
> > failed. I hope someone help me for issue.
>
>
> Here's the data source config for our overlay that used PG:
>
>id="dataSource"
> class="com.mchange.v2.c3p0.ComboPooledDataSource"
> p:driverClass="${database.driverClass}"
> p:jdbcUrl="${database.url}"
> p:user="${database.user}"
> p:password="${database.password}"
> p:initialPoolSize="${database.pool.minSize}"
> p:minPoolSize="${database.pool.minSize}"
> p:maxPoolSize="${database.pool.maxSize}"
> p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
> p:checkoutTimeout="${database.pool.maxWait}"
> p:acquireIncrement="${database.pool.acquireIncrement}"
> p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
> p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
> p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
> p:preferredTestQuery="${database.pool.connectionHealthQuery}"
>   />
>
>   
> class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
> 
> 
>class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
> 
> 
>   
> 
> 
>   
> ${database.dialect}
> update
>   
> 
>   
>
>
> https://wiki.jasig.org/display/CASUM/JpaTicketRegistry#JpaTicketRegistry-DatabaseConnectionPooling
> has reasonable values or examples of the properties above.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> daovanphon...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>



-- 
*ĐÀO VĂN PHONG*
*Hai Phong Private University*

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user