Re: [cas-user] Inclusion of auditTrailManager.xml
Good Afternoon from the cold, dark north as we near winter solstice. Yikes! It's hard to imagine only a few hours of light per day. How much overhead does adding the audit trail logging add? It logs to a file on a background worker thread, so hardly any. You can choose other backends, but file is simplest and arguably fastest. Where is this documented so I can control how much it spews? https://wiki.jasig.org/display/CASUM/Auditing+and+Statistics+Via+Inspektr Not sure it provides much guidance on controlling verbosity, though it's certainly possible to tweak. I'd recommend using the default and tweaking as needed after you collect some data. I'm optimistic what we provide out of box will be suitable. M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS MultipleAuthentication Sources
Same here unsubscribe me from this list From: Aaron [aaron.e...@sungardhe.com] Sent: Tuesday, August 12, 2014 10:21 AM To: cas-user@lists.jasig.org Subject: [cas-user] CAS MultipleAuthentication Sources Using CAS 3.5.2 I have multiple Authentication Handlers each with their own ContextSource as well. What I would like it to do is this. UserA exist in ldapA and LdapB But with different passwords. The multiple Auth handlers are working fine... If UserA logs in with ldapA password it works fine... But if UserA logs in with LdapB password it fails... I would like it to fall through to the second AuthenticationHandler if the password Fails. Is there any way to do this at all. The fall through works... If USERB does not exist in ldapA the authentication falls through to LdapB. The only issue I have is if users exist in both ldap servers... I would like it to fall through to the second if the wrong password is entered. Thank you in advance -- You are currently subscribed to cas-user@lists.jasig.org as: pow...@liberty.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] attempting to access CAS login via https
Hello all, I have CAS server set up and accessible using http and port 8080. I would like to secure it by requiring https on port 8443. I followed some instructions and generated a security certificate, which I imported into Java cacerts. Then I modified the server.xml file in Tomcat to allow access on port 8443 using TLS. I modified iptables to allow port 8443. I restarted Tomcat, but still can't access via port 8443. What might I be missing? Many thanks for your suggestions. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] attempting to access CAS login via https
Hi, What do you exactly mean by can't access via port 8443? Anything relevant in your logs? This guide should provide you some help: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide . Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-12-15 19:51 GMT+01:00 Chris Adams chris.a.ad...@state.or.us: Hello all, I have CAS server set up and accessible using http and port 8080. I would like to secure it by requiring https on port 8443. I followed some instructions and generated a security certificate, which I imported into Java cacerts. Then I modified the server.xml file in Tomcat to allow access on port 8443 using TLS. I modified iptables to allow port 8443. I restarted Tomcat, but still can’t access via port 8443. What might I be missing? Many thanks for your suggestions. -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] attempting to access CAS login via https
Honestly, the logs don’t show much other than a http 302 error, as it is trying to do redirect. Maybe I am not looking in the right place. In the Tomcat server.xml file, I have SSL defined and a redirect, like the following. However, when I use netstat to see what is listening on port 8443, there is nothing. That may be a large part of why this isn’t working Connector protocol=HTTP/1.1 port=8080 maxthreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/etc/pki/java/cacerts keystorePass=changeit truststoreFIle=/etc/pki/java/cacerts truststorePass=changeit clientAuth=false sslProtocol=TLS redirectPort=8443 / I generated the SSL certificate using the domain name that I am using to access the login page: https://mydomain.com:8443/cas-server-webapp/login Again, I can access the login page using http on port 8080, but not using port https on port 8443 I looked over the troubleshooting page that you referenced, and things seem to check out. Thank you for any suggestions that you might have. From: Jérôme LELEU [mailto:lel...@gmail.com] Sent: Monday, December 15, 2014 11:03 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] attempting to access CAS login via https Hi, What do you exactly mean by can't access via port 8443? Anything relevant in your logs? This guide should provide you some help: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.comhttp://www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cashttp://www.jasig.org/cas | Creator of pac4j: www.pac4j.orghttp://www.pac4j.org 2014-12-15 19:51 GMT+01:00 Chris Adams chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us: Hello all, I have CAS server set up and accessible using http and port 8080. I would like to secure it by requiring https on port 8443. I followed some instructions and generated a security certificate, which I imported into Java cacerts. Then I modified the server.xml file in Tomcat to allow access on port 8443 using TLS. I modified iptables to allow port 8443. I restarted Tomcat, but still can’t access via port 8443. What might I be missing? Many thanks for your suggestions. -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: lel...@gmail.commailto:lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] attempting to access CAS login via https
Hi, Chris, The excerpt from server.xml that you pasted indicates that you enabled HTTPS on port 8080. If you try https://yourserver:8080/.., I bet it’ll work. For it to work the way that you intend, you’ll need two connectors, like this: Connector protocol=HTTP/1.1 port=8080 maxthreads=200 redirectPort=8443 / Connector protocol=HTTP/1.1 port=8443 maxthreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/etc/pki/java/cacerts keystorePass=changeit truststoreFIle=/etc/pki/java/cacerts truststorePass=changeit clientAuth=false sslProtocol=TLS / Best regards, -- Carlos. From: Chris Adams [mailto:chris.a.ad...@state.or.us] Sent: Monday, 15 December, 2014 15:28 To: cas-user@lists.jasig.org Subject: RE: [cas-user] attempting to access CAS login via https Honestly, the logs don’t show much other than a http 302 error, as it is trying to do redirect. Maybe I am not looking in the right place. In the Tomcat server.xml file, I have SSL defined and a redirect, like the following. However, when I use netstat to see what is listening on port 8443, there is nothing. That may be a large part of why this isn’t working Connector protocol=HTTP/1.1 port=8080 maxthreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/etc/pki/java/cacerts keystorePass=changeit truststoreFIle=/etc/pki/java/cacerts truststorePass=changeit clientAuth=false sslProtocol=TLS redirectPort=8443 / I generated the SSL certificate using the domain name that I am using to access the login page: https://mydomain.com:8443/cas-server-webapp/login Again, I can access the login page using http on port 8080, but not using port https on port 8443 I looked over the troubleshooting page that you referenced, and things seem to check out. Thank you for any suggestions that you might have. From: Jérôme LELEU [mailto:lel...@gmail.com] Sent: Monday, December 15, 2014 11:03 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] attempting to access CAS login via https Hi, What do you exactly mean by can't access via port 8443? Anything relevant in your logs? This guide should provide you some help: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-12-15 19:51 GMT+01:00 Chris Adams chris.a.ad...@state.or.us: Hello all, I have CAS server set up and accessible using http and port 8080. I would like to secure it by requiring https on port 8443. I followed some instructions and generated a security certificate, which I imported into Java cacerts. Then I modified the server.xml file in Tomcat to allow access on port 8443 using TLS. I modified iptables to allow port 8443. I restarted Tomcat, but still can’t access via port 8443. What might I be missing? Many thanks for your suggestions. -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: chris.a.ad...@state.or.us To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] attempting to access CAS login via https
You are correct, Carlos. Thank you for spotting that. I did have another Connector defined for port 8080 with a redirect, but had mixed things up in the SSL Connector. Thank you, again. On to the next challenge….. From: Carlos Fernandez [mailto:cfern...@sju.edu] Sent: Monday, December 15, 2014 12:36 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] attempting to access CAS login via https Hi, Chris, The excerpt from server.xml that you pasted indicates that you enabled HTTPS on port 8080. If you try https://yourserver:8080/.., I bet it’ll work. For it to work the way that you intend, you’ll need two connectors, like this: Connector protocol=HTTP/1.1 port=8080 maxthreads=200 redirectPort=8443 / Connector protocol=HTTP/1.1 port=8443 maxthreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/etc/pki/java/cacerts keystorePass=changeit truststoreFIle=/etc/pki/java/cacerts truststorePass=changeit clientAuth=false sslProtocol=TLS / Best regards, -- Carlos. From: Chris Adams [mailto:chris.a.ad...@state.or.us] Sent: Monday, 15 December, 2014 15:28 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: RE: [cas-user] attempting to access CAS login via https Honestly, the logs don’t show much other than a http 302 error, as it is trying to do redirect. Maybe I am not looking in the right place. In the Tomcat server.xml file, I have SSL defined and a redirect, like the following. However, when I use netstat to see what is listening on port 8443, there is nothing. That may be a large part of why this isn’t working Connector protocol=HTTP/1.1 port=8080 maxthreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/etc/pki/java/cacerts keystorePass=changeit truststoreFIle=/etc/pki/java/cacerts truststorePass=changeit clientAuth=false sslProtocol=TLS redirectPort=8443 / I generated the SSL certificate using the domain name that I am using to access the login page: https://mydomain.com:8443/cas-server-webapp/login Again, I can access the login page using http on port 8080, but not using port https on port 8443 I looked over the troubleshooting page that you referenced, and things seem to check out. Thank you for any suggestions that you might have. From: Jérôme LELEU [mailto:lel...@gmail.com] Sent: Monday, December 15, 2014 11:03 AM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: Re: [cas-user] attempting to access CAS login via https Hi, What do you exactly mean by can't access via port 8443? Anything relevant in your logs? This guide should provide you some help: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.comhttp://www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cashttp://www.jasig.org/cas | Creator of pac4j: www.pac4j.orghttp://www.pac4j.org 2014-12-15 19:51 GMT+01:00 Chris Adams chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us: Hello all, I have CAS server set up and accessible using http and port 8080. I would like to secure it by requiring https on port 8443. I followed some instructions and generated a security certificate, which I imported into Java cacerts. Then I modified the server.xml file in Tomcat to allow access on port 8443 using TLS. I modified iptables to allow port 8443. I restarted Tomcat, but still can’t access via port 8443. What might I be missing? Many thanks for your suggestions. -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: lel...@gmail.commailto:lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: cfern...@sju.edumailto:cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as:
[cas-user] CAS and BlackBoard
Good afternoon, Has anyone tried to setup BlackBoard to authenticate against CAS? I have configured the CAS server settings in blackboard, however, when I click the login link, the CAS server redirects to a blank page. Thanks, -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Reg : SAML integration with CAS4.0
Dear Support, I've configured the SAML integration with CAS 4.0 and deployed it as per the link https://wiki.jasig.org/display/CASUM/SAML+Support+in+CAS+4. But when I checked the response from browser using /samlValidate its throwing 'service' and 'ticket' parameters are both required as status message. Can you please help me to fix this issue immediately ? Thanks and Regards, Basith -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Reg : SAML integration with CAS4.0
What are you using as your CAS client? mod_auth_cas, by chance? IIRC, I was getting a similar error when I didn't have: CASValidateSaml On in my apache/mod_auth_cas config. If you're not using mod_auth_cas, perhaps there's some similar config that's missing for the client you are using, that specifies that you're doing SAML validation, and hence sends the appropriate parameters to the CAS server on the validation call. Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu On Mon, 15 Dec 2014, Abdul Basith S wrote: Dear Support, I've configured the SAML integration with CAS 4.0 and deployed it as per??the link https://wiki.jasig.org/display/CASUM/SAML+Support+in+CAS+4.?? But when I checked the response from browser using /samlValidate its??throwing 'service' and 'ticket' parameters are both required ??as status??message. Can you please help me to fix this issue immediately ??? Thanks and Regards, Basith -- You are currently subscribed to cas-user@lists.jasig.org as: mepst...@illinois.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS and BlackBoard
We have it working with CAS 3.5.2.1. At least since 9.1 SP8 or thereabouts it's been exceptionally effortless to get it to use CAS. Probably the trickiest part involved setting up the registry entry with Blackboard's service URL -- it appears automatically in the login page when you configure the CAS auth provider. How did you set up your CAS auth config? Best regards, -- Carlos M. Fernández Sr. Enterprise Systems Admin Saint Joseph's University W: 610-660-1501 M: 215-316-1193 E: cfern...@sju.edu On Dec 15, 2014, at 16:42, Stephen Meier stephe...@cos.edu wrote: Good afternoon, Has anyone tried to setup BlackBoard to authenticate against CAS? I have configured the CAS server settings in blackboard, however, when I click the login link, the CAS server redirects to a blank page. Thanks, -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE:[cas-user] CAS and BlackBoard
From: Stephen Meier Sent: Monday, December 15, 2014 1:41 PM Has anyone tried to setup BlackBoard to authenticate against CAS? I have configured the CAS server settings in blackboard, however, when I click the login link, the CAS server redirects to a blank page. Our blackboard administrator configured the native CAS client and it seems to be working okay. It does force you to choose between either ignoring an existing CAS session and always requiring a username/password when accessing blackboard, or accepting an existing CAS session without requiring reauthentication but destroying the session when you click the blackboard logout link 8-/. Seems kind of stupid. I don't really know the details, I could put you in touch with our blackboard administrator off-line if you would like. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
