date:20150202

Re: [cas-user] Cas client gateway mode

2015-02-02 Thread Carlos Olivera

No, I don't get to see the login page because I'm using gateway = true in 
the client configuration. I'm saying that it all works fine when I submit 
my form with GET method, because the parameters travel in the URL, when I 
try to use POST, I lost all parameters after the redirection, somehow it 
doesn't preserve post parameters. Maybe that's the way it is supposed to 
work, but if that is the case, I need to know how to submit with POST 
method without losing the form data.

El lunes, 2 de febrero de 2015, 17:54:19 (UTC-2), Waldbieser, Carl escribió:

 Carlos, 

 Are you saying that when you hit the login page with something like this: 
   
   
 https://cas.example.org/cas/login?service=https%3A%2F%2Fservice.example.net%2Flogin%3Fmyparam%3Dextra
  

 If you view the source on the form, the hidden service input does not 
 have the encoded myparam=extra part of the URL (i.e. the query)? 

 Thanks, 
 Carl 

 - Original Message - 
 From: Carlos Olivera carlosr...@gmail.com javascript: 
 To: jasig-c...@googlegroups.com javascript: 
 Cc: cas-...@lists.jasig.org javascript:, cas-...@lists.jasig.org 
 javascript:, wald...@lafayette.edu javascript: 
 Sent: Monday, February 2, 2015 2:34:38 PM 
 Subject: Re: [cas-user] Cas client gateway mode 

 No, it doesn't have the extra parameters, if I change the form to submit 
 data by GET method, then it works OK, but when I do it by POST, extra 
 parameters are discarded. 

 El lunes, 2 de febrero de 2015, 16:24:40 (UTC-2), Waldbieser, Carl 
 escribió: 
  
  Carlos, 
  
  When the user's browser is redirected to CAS for authentication, does 
 the 
  `service` parameter already have the extra parameters embedded and 
 properly 
  encoded in it? 
  
  I.e., can you use something like [developer tools] - [network] in 
 Chrome 
  and show us what the HTTP request parameters were, and then show the 
  `Location` from the HTTP response? 
  
  Thanks, 
  Carl Waldbieser 
  ITS System Programmer 
  Lafayette College 
  
  - Original Message - 
  From: Carlos Olivera carlosr...@gmail.com javascript: 
  To: cas-...@lists.jasig.org javascript: 
  Sent: Monday, February 2, 2015 1:14:23 PM 
  Subject: [cas-user] Cas client gateway mode 
  
  Hi everyone, maybe I'm wrong about this but I want you to tell me if 
 what 
  is happening to me, it's the normal operation of gateway mode. 
  
  My site has a public and a private section, in the public section I'm 
  running an authentication filter in gateway mode. I think that in order 
 to 
  get the ticket information, the CAS client (java client 3.3.2) redirects 
 to 
  CAS Server and when it comes back follows the filter chain depending if 
 one 
  ticket was found or not. My problems is that I'm losing my post 
 parameters 
  in that redirection, when it comes back struts2 filter has all 
 parameters 
  in null. Is this a common problem or I'm doing something wrong? 
  
  Thanks in advance. 
  -- 
  You are currently subscribed to cas-...@lists.jasig.org javascript: 
 as: 
  wald...@lafayette.edu javascript: 
  To unsubscribe, change settings or access archives, see 
  http://www.ja-sig.org/wiki/display/JSG/cas-user 
  
  -- 
  You are currently subscribed to cas-...@lists.jasig.org javascript: 
 as: 
  jasig-cas-user...@googlegroups.com javascript: 
  To unsubscribe, change settings or access archives, see 
  http://www.ja-sig.org/wiki/display/JSG/cas-user 
  

 -- 
 You are currently subscribed to cas-...@lists.jasig.org javascript: as: 
 jasig-cas-user...@googlegroups.com javascript: 
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] service url

2015-02-02 Thread Yannick MOLINET

HI all,

I'm working to use CAS with a fronted apache2 as proxy (mod_auth_cas, mod_jk).
When I call the url (https://mysite/share), CAS ask me for credential, but the 
service url is not correct 
(https://mysite/cas/login?service=https%3a%2f%2f127.0.0.1%2fshare).
Service url is changed to localhost instead of the external url.
My CAS server could answer on different url (subfolder of my web applications : 
https://mysite/cas and https://mysite2/cas is the same CAS server).
CAS is installed on the same machine as apache2 (mod_auth_cas, mod_jk).
Web apps are installed on separate computer.
In mod_jk configuration, I'm calling IP Server instead of DNS Name.

Thanks for help,
Yannick



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas client gateway mode

2015-02-02 Thread Carlos Olivera

No, it doesn't have the extra parameters, if I change the form to submit 
data by GET method, then it works OK, but when I do it by POST, extra 
parameters are discarded.

El lunes, 2 de febrero de 2015, 16:24:40 (UTC-2), Waldbieser, Carl escribió:

 Carlos, 

 When the user's browser is redirected to CAS for authentication, does the 
 `service` parameter already have the extra parameters embedded and properly 
 encoded in it? 

 I.e., can you use something like [developer tools] - [network] in Chrome 
 and show us what the HTTP request parameters were, and then show the 
 `Location` from the HTTP response? 

 Thanks, 
 Carl Waldbieser 
 ITS System Programmer 
 Lafayette College 

 - Original Message - 
 From: Carlos Olivera carlosr...@gmail.com javascript: 
 To: cas-...@lists.jasig.org javascript: 
 Sent: Monday, February 2, 2015 1:14:23 PM 
 Subject: [cas-user] Cas client gateway mode 

 Hi everyone, maybe I'm wrong about this but I want you to tell me if what 
 is happening to me, it's the normal operation of gateway mode. 

 My site has a public and a private section, in the public section I'm 
 running an authentication filter in gateway mode. I think that in order to 
 get the ticket information, the CAS client (java client 3.3.2) redirects to 
 CAS Server and when it comes back follows the filter chain depending if one 
 ticket was found or not. My problems is that I'm losing my post parameters 
 in that redirection, when it comes back struts2 filter has all parameters 
 in null. Is this a common problem or I'm doing something wrong? 

 Thanks in advance. 
 -- 
 You are currently subscribed to cas-...@lists.jasig.org javascript: as: 
 wald...@lafayette.edu javascript: 
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 

 -- 
 You are currently subscribed to cas-...@lists.jasig.org javascript: as: 
 jasig-cas-user...@googlegroups.com javascript: 
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE:[cas-user] Intermittant Login Issues for one application

2015-02-02 Thread Whittaker, Geoffrey

I'm sorry, I forgot to mention, that this is the only application we have that 
is having this problem and it's the only one that uses SAML as well.

I've checked and rechecked configurations against both the new wiki 
(http://jasig.github.io/cas/4.0.x/protocol/SAML-Protocol.html) and the old 
casum wiki (https://wiki.jasig.org/display/CASUM/SAML+Support+in+CAS+4).


Thanks




From: Whittaker, Geoffrey [mailto:geoff.whitta...@unf.edu]
Sent: Monday, February 02, 2015 2:29 PM
To: cas-user@lists.jasig.org
Subject: [cas-user] Intermittant Login Issues for one application

I'm having intermittent issues with a single application and my CAS 4 instance.

When clicking login on the cas form sometimes the cas server returns 200  
instead of 302 directing me back to the application to initiate service ticket 
validation.  Other times, it works without issue.

I'm not sure what this could be as it's the first time I've come across it and 
it worked just fine in 3.5.2.

Has anyone come across anything like this before?

Geoff



--

You are currently subscribed to 
cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: 
geoff.whitta...@unf.edumailto:geoff.whitta...@unf.edu

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas client gateway mode

2015-02-02 Thread Andrew Morgan


On Mon, 2 Feb 2015, Carlos Olivera wrote:


No, I don't get to see the login page because I'm using gateway = true in
the client configuration. I'm saying that it all works fine when I submit
my form with GET method, because the parameters travel in the URL, when I
try to use POST, I lost all parameters after the redirection, somehow it
doesn't preserve post parameters. Maybe that's the way it is supposed to
work, but if that is the case, I need to know how to submit with POST
method without losing the form data.


POST parameters are not preserved with HTTP Redirect.  When CAS's login 
page is accessed with gateway=true, CAS checks the CASTGC cookie and then 
issues an HTTP Redirect to send the browser back to the Service URL.


Andy

--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] question about non-web console service registration

2015-02-02 Thread Milt Epstein

I'm not familiar with managementConfigContext.xml, but if you don't
need a web app for service registry, I suggest you consider JSON or
YAML file-based service registry.  At our site, we're running CAS
3.4.12 using a JSON config file for service registry, and we're about
to upgrade to CAS 4.0.1 using YAML.

Details on how to do this can be found online, or in the list archives
-- or if you have further questions, ask here.

Milt Epstein
Applications Developer
Graduate School of Library and Information Science (GSLIS)
University of Illinois at Urbana-Champaign (UIUC)
mepst...@illinois.edu


On Mon, 2 Feb 2015, Chris Adams wrote:

 Hello all,
 
 I built a Service Management webapp with Maven and was able to get it 
 working. Then I realized that the data was not persistent after restarting 
 Tomcat.
 
 I read the docs and from what I understand, services can still be registered 
 and can be persistent across restarts, rather than held in memory, regardless 
 if I use the web console or not.
 
 Since I only have a handful of services to register, I don't want to create a 
 database just for the data.  I prefer not to utilize the web console.
 My question is where to list/register these services? After creating the 
 service management webapp, I see the file managerConfigContext.xml in the 
 /WEB-INF directory. The docs and the example indicate that the services can 
 be designated here. I assume that this is what is referred to in the section 
 that says, referring to InMemoryServiceRegistryDaoImpl:
 
 This component is NOT suitable for use with the service management console 
 since it does not persist data. On the other hand, it is perfectly acceptable 
 for deployments where the XML configuration is authoritative for service 
 registry data and the UI will not be used.
 
 Also:  It is perfectly acceptable to avoid the service management console 
 Web application for managing registered service data. In fact, 
 configuration-driven methods (e.g. XML, JSON) may be preferable in 
 environments where strict configuration management controls are required.
 
 Is the file 'managementConfigContext.xml' where I register these services ?
 
 Many thanks.
 
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 mepst...@illinois.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas client gateway mode

2015-02-02 Thread Waldbieser, Carl

Carlos,

Are you saying that when you hit the login page with something like this:
  
  
https://cas.example.org/cas/login?service=https%3A%2F%2Fservice.example.net%2Flogin%3Fmyparam%3Dextra

If you view the source on the form, the hidden service input does not have 
the encoded myparam=extra part of the URL (i.e. the query)?

Thanks,
Carl

- Original Message -
From: Carlos Olivera carlosroliv...@gmail.com
To: jasig-cas-u...@googlegroups.com
Cc: cas-user@lists.jasig.org, cas-user@lists.jasig.org, waldb...@lafayette.edu
Sent: Monday, February 2, 2015 2:34:38 PM
Subject: Re: [cas-user] Cas client gateway mode

No, it doesn't have the extra parameters, if I change the form to submit 
data by GET method, then it works OK, but when I do it by POST, extra 
parameters are discarded.

El lunes, 2 de febrero de 2015, 16:24:40 (UTC-2), Waldbieser, Carl escribió:

 Carlos, 

 When the user's browser is redirected to CAS for authentication, does the 
 `service` parameter already have the extra parameters embedded and properly 
 encoded in it? 

 I.e., can you use something like [developer tools] - [network] in Chrome 
 and show us what the HTTP request parameters were, and then show the 
 `Location` from the HTTP response? 

 Thanks, 
 Carl Waldbieser 
 ITS System Programmer 
 Lafayette College 

 - Original Message - 
 From: Carlos Olivera carlosr...@gmail.com javascript: 
 To: cas-...@lists.jasig.org javascript: 
 Sent: Monday, February 2, 2015 1:14:23 PM 
 Subject: [cas-user] Cas client gateway mode 

 Hi everyone, maybe I'm wrong about this but I want you to tell me if what 
 is happening to me, it's the normal operation of gateway mode. 

 My site has a public and a private section, in the public section I'm 
 running an authentication filter in gateway mode. I think that in order to 
 get the ticket information, the CAS client (java client 3.3.2) redirects to 
 CAS Server and when it comes back follows the filter chain depending if one 
 ticket was found or not. My problems is that I'm losing my post parameters 
 in that redirection, when it comes back struts2 filter has all parameters 
 in null. Is this a common problem or I'm doing something wrong? 

 Thanks in advance. 
 -- 
 You are currently subscribed to cas-...@lists.jasig.org javascript: as: 
 wald...@lafayette.edu javascript: 
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 

 -- 
 You are currently subscribed to cas-...@lists.jasig.org javascript: as: 
 jasig-cas-user...@googlegroups.com javascript: 
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] TGT expiration policy override not working

2015-02-02 Thread Misagh Moayyed

Well, if you started from that file you have referenced change/config that
does not exist in 4. You have used master instead. 

 

Try using this file instead:

https://github.com/Jasig/cas/blob/4.0.x/cas-server-webapp/src/main/webapp/
WEB-INF/spring-configuration/ticketExpirationPolicies.xml

 

Note the branch name: 4.0.x.

 

From: Zac Harvey [mailto:zhar...@commercehub.com] 
Sent: Monday, February 2, 2015 1:18 PM
To: cas-user@lists.jasig.org
Subject: [cas-user] TGT expiration policy override not working

 

On CAS 4 here; I am trying to extend the TGT expiration policy from 2
hours (default) to 9 hours, and so I started with the file located at
https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp
/WEB-INF/spring-configuration/ticketExpirationPolicies.xml and then just
changed:

 

bean id=grantingTicketExpirationPolicy
class=org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy

  c:maxTimeToLive=${tgt.maxTimeToLiveInSeconds:28800}
c:timeToKill=${tgt.timeToKillInSeconds:7200} c:timeUnit-ref=SECONDS /

 

To:

 

bean id=grantingTicketExpirationPolicy
class=org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy

  c:maxTimeToLive=${tgt.maxTimeToLiveInSeconds:32400}
c:timeToKill=${tgt.timeToKillInSeconds:32400} c:timeUnit-ref=SECONDS
/

 

When I go to restart the server I get a Spring/Beans exception:

 

SEVERE: Exception starting filter springSecurityFilterChain

org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'grantingTicketExpirationPolicy' defined in ServletContext
resource [/WEB-INF/spring-configuration/ticketExpirationPolicies.xml]:
Could not resolve matching constructor (hint: specify index/type/name
arguments for simple parameters to avoid type ambiguities)

at
org.springframework.beans.factory.support.ConstructorResolver.autowireCons
tructor(ConstructorResolver.java:250)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFacto
ry.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFacto
ry.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFacto
ry.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFacto
ry.createBean(AbstractAutowireCapableBeanFactory.java:458)

at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(
AbstractBeanFactory.java:296)

at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.get
Singleton(DefaultSingletonBeanRegistry.java:223)

at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(Ab
stractBeanFactory.java:293)

at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(Abst
ractBeanFactory.java:194)

at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preIn
stantiateSingletons(DefaultListableBeanFactory.java:628)

at
org.springframework.context.support.AbstractApplicationContext.finishBeanF
actoryInitialization(AbstractApplicationContext.java:932)

at
org.springframework.context.support.AbstractApplicationContext.refresh(Abs
tractApplicationContext.java:479)

at
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplic
ationContext(ContextLoader.java:389)

at
org.springframework.web.context.ContextLoader.initWebApplicationContext(Co
ntextLoader.java:294)

at
org.springframework.web.context.ContextLoaderListener.contextInitialized(C
ontextLoaderListener.java:112)

at
org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeCo
ntextLoaderListener.java:75)

at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.jav
a:4779)

at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.jav
a:5273)

at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)

at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java
:895)

at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:871)

at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)

at
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:958)

at
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1599)

at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

at java.util.concurrent.FutureTask.run(FutureTask.java:262)

at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
1145)

at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
:615)

at java.lang.Thread.run(Thread.java:745)

 


What is

Re: [cas-user] Cas client gateway mode

2015-02-02 Thread Waldbieser, Carl

Carlos,

I am actually a bit surprised that CAS /login accepts POST, but when I re-read 
the protocol, I didn't see that GET was required, which I had previously 
assumed.

When you POST to the CAS /login, is does the `action` of your form contain the 
service parameter, or the is it included in your form?  If the latter, I am 
assuming CAS is assuming these parameters to be request parameters rather than 
part of a POST payload.  

You could try updating your form's action to include the parameters.  I would 
guess that would work even though you are hitting /login with a POST.

Thanks,
Carl

- Original Message -
From: Carlos Olivera carlosroliv...@gmail.com
To: jasig-cas-u...@googlegroups.com
Cc: cas-user@lists.jasig.org, cas-user@lists.jasig.org, 
cas-user@lists.jasig.org, waldb...@lafayette.edu
Sent: Monday, February 2, 2015 3:10:52 PM
Subject: Re: [cas-user] Cas client gateway mode

No, I don't get to see the login page because I'm using gateway = true in 
the client configuration. I'm saying that it all works fine when I submit 
my form with GET method, because the parameters travel in the URL, when I 
try to use POST, I lost all parameters after the redirection, somehow it 
doesn't preserve post parameters. Maybe that's the way it is supposed to 
work, but if that is the case, I need to know how to submit with POST 
method without losing the form data.

El lunes, 2 de febrero de 2015, 17:54:19 (UTC-2), Waldbieser, Carl escribió:

 Carlos, 

 Are you saying that when you hit the login page with something like this: 
   
   
 https://cas.example.org/cas/login?service=https%3A%2F%2Fservice.example.net%2Flogin%3Fmyparam%3Dextra
  

 If you view the source on the form, the hidden service input does not 
 have the encoded myparam=extra part of the URL (i.e. the query)? 

 Thanks, 
 Carl 

 - Original Message - 
 From: Carlos Olivera carlosr...@gmail.com javascript: 
 To: jasig-c...@googlegroups.com javascript: 
 Cc: cas-...@lists.jasig.org javascript:, cas-...@lists.jasig.org 
 javascript:, wald...@lafayette.edu javascript: 
 Sent: Monday, February 2, 2015 2:34:38 PM 
 Subject: Re: [cas-user] Cas client gateway mode 

 No, it doesn't have the extra parameters, if I change the form to submit 
 data by GET method, then it works OK, but when I do it by POST, extra 
 parameters are discarded. 

 El lunes, 2 de febrero de 2015, 16:24:40 (UTC-2), Waldbieser, Carl 
 escribió: 
  
  Carlos, 
  
  When the user's browser is redirected to CAS for authentication, does 
 the 
  `service` parameter already have the extra parameters embedded and 
 properly 
  encoded in it? 
  
  I.e., can you use something like [developer tools] - [network] in 
 Chrome 
  and show us what the HTTP request parameters were, and then show the 
  `Location` from the HTTP response? 
  
  Thanks, 
  Carl Waldbieser 
  ITS System Programmer 
  Lafayette College 
  
  - Original Message - 
  From: Carlos Olivera carlosr...@gmail.com javascript: 
  To: cas-...@lists.jasig.org javascript: 
  Sent: Monday, February 2, 2015 1:14:23 PM 
  Subject: [cas-user] Cas client gateway mode 
  
  Hi everyone, maybe I'm wrong about this but I want you to tell me if 
 what 
  is happening to me, it's the normal operation of gateway mode. 
  
  My site has a public and a private section, in the public section I'm 
  running an authentication filter in gateway mode. I think that in order 
 to 
  get the ticket information, the CAS client (java client 3.3.2) redirects 
 to 
  CAS Server and when it comes back follows the filter chain depending if 
 one 
  ticket was found or not. My problems is that I'm losing my post 
 parameters 
  in that redirection, when it comes back struts2 filter has all 
 parameters 
  in null. Is this a common problem or I'm doing something wrong? 
  
  Thanks in advance. 
  -- 
  You are currently subscribed to cas-...@lists.jasig.org javascript: 
 as: 
  wald...@lafayette.edu javascript: 
  To unsubscribe, change settings or access archives, see 
  http://www.ja-sig.org/wiki/display/JSG/cas-user 
  
  -- 
  You are currently subscribed to cas-...@lists.jasig.org javascript: 
 as: 
  jasig-cas-user...@googlegroups.com javascript: 
  To unsubscribe, change settings or access archives, see 
  http://www.ja-sig.org/wiki/display/JSG/cas-user 
  

 -- 
 You are currently subscribed to cas-...@lists.jasig.org javascript: as: 
 jasig-cas-user...@googlegroups.com javascript: 
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] question about non-web console service registration

2015-02-02 Thread Chris Adams

Hello all,

I built a Service Management webapp with Maven and was able to get it working. 
Then I realized that the data was not persistent after restarting Tomcat.

I read the docs and from what I understand, services can still be registered 
and can be persistent across restarts, rather than held in memory, regardless 
if I use the web console or not.

Since I only have a handful of services to register, I don't want to create a 
database just for the data.  I prefer not to utilize the web console.
My question is where to list/register these services? After creating the 
service management webapp, I see the file managerConfigContext.xml in the 
/WEB-INF directory. The docs and the example indicate that the services can be 
designated here. I assume that this is what is referred to in the section that 
says, referring to InMemoryServiceRegistryDaoImpl:

This component is NOT suitable for use with the service management console 
since it does not persist data. On the other hand, it is perfectly acceptable 
for deployments where the XML configuration is authoritative for service 
registry data and the UI will not be used.

Also:  It is perfectly acceptable to avoid the service management console Web 
application for managing registered service data. In fact, configuration-driven 
methods (e.g. XML, JSON) may be preferable in environments where strict 
configuration management controls are required.

Is the file 'managementConfigContext.xml' where I register these services ?

Many thanks.


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] TGT expiration policy override not working

2015-02-02 Thread Zac Harvey

On CAS 4 here; I am trying to extend the TGT expiration policy from 2 hours 
(default) to 9 hours, and so I started with the file located at 
https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml
 and then just changed:


bean id=grantingTicketExpirationPolicy 
class=org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy
  c:maxTimeToLive=${tgt.maxTimeToLiveInSeconds:28800} 
c:timeToKill=${tgt.timeToKillInSeconds:7200} c:timeUnit-ref=SECONDS /


To:


bean id=grantingTicketExpirationPolicy 
class=org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy
  c:maxTimeToLive=${tgt.maxTimeToLiveInSeconds:32400} 
c:timeToKill=${tgt.timeToKillInSeconds:32400} c:timeUnit-ref=SECONDS /



When I go to restart the server I get a Spring/Beans exception:


SEVERE: Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'grantingTicketExpirationPolicy' defined in ServletContext resource 
[/WEB-INF/spring-configuration/ticketExpirationPolicies.xml]: Could not resolve 
matching constructor (hint: specify index/type/name arguments for simple 
parameters to avoid type ambiguities)
at 
org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:250)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
at 
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)
at 
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
at 
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:628)
at 
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)
at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
at 
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389)
at 
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294)
at 
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
at 
org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:75)
at 
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4779)
at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5273)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:895)
at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:871)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:958)
at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1599)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)



What is going on here?


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

2015-02-02 Thread Linda Toth

Carl,

Yesterday I had a clear distinction between the 3.4.2.1 successful login
and the 3.5.2.1 failure.  I did not it make the attempt for 3.4.2.1 and did
not see it in 3.5.2.1.  It simply came back with the expired notice.

I am in the process of rebuilding TEST to 3.4.2.1 (including tables for
registry).  I won't be able to diagnose more of these issues on DEV until
that is complete - at which time I can provide better details.

Thanks for taking time to respond.  I greatly appreciate it.

Linda

Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity
and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775
Tel: 907-450-8320
Fax: 907-450-8381
linda.t...@alaska.edu | www.alaska.edu/oit/


On Mon, Feb 2, 2015 at 9:33 AM, Waldbieser, Carl waldb...@lafayette.edu
wrote:

 Linda,

 Is there any indication (e.g. from proxy logs) that the accounts that are
 failing over are actually making requests against the proxy?  In other
 words, do you have any indication whether the issue is that the fail over
 requests are never being made or that the requests are being made but
 failing to authenticate?

 Thanks,
 Carl Waldbieser
 ITS Systems Programmer
 Lafayette College

 - Original Message -
 From: Linda Toth ltt...@alaska.edu
 To: cas-user@lists.jasig.org
 Sent: Monday, February 2, 2015 1:04:40 PM
 Subject: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

 Good morning,

 FYI - I am aware I need to promote to 3.5.3, but first things first.

 I forwarded this question to our support organizations for CAS and they
 have not come up with any explanation yet.  I am hoping someone here has
 some insight.

 I have not changed the deployerConfigContext.xml file from 3.4.2.1 to
 3.5.2.1.  I looked over the distribution, but opted to try it as is.  Our
 deployerConfigContext.xml file contains a component that allows expired and
 new users to fall through to an active directory proxy when they fail to be
 authenticated via straight AD LDAP.  Our policies at UA expire students
 very quickly on some campuses so that they can not use the PC work
 stations.  This causes issues when they come back to register for the next
 semester.

 In 3.4.2.1, I developed a nice configuration that will allow authentication
 through one or the other.  3.5.2.1, it only authenticates users that are
 not expired, i.e., it is not failing over.

 I have extracted the pertinent sections and placed them in a file,
 attached.  It is a simple text file.  One thing I did not do that may cause
 problems is that I did not denote a separate attributeRepository bean.
 They are identical for both straight AD and the proxy.  Perhaps I should
 replicate them with a different name.

 If anyone can pinpoint a modification I should make to accommodate 3.5.2.1
 quickly, I would greatly appreciate it.  I very much want to move toward
 two-factor authentication and Casifying Shib, but need 3.5.2.1 to do that.


 Linda Toth
 University of Alaska - Office of Information Technology (OIT) - Identity
 and Access Management
 910 Yukon Drive, Suite 103
 Fairbanks, Alaska 99775
 Tel: 907-450-8320
 Fax: 907-450-8381
 linda.t...@alaska.edu | www.alaska.edu/oit/

 --
 You are currently subscribed to cas-user@lists.jasig.org as:
 waldb...@lafayette.edu
 To unsubscribe, change settings or access archives, see
 http://www.ja-sig.org/wiki/display/JSG/cas-user

 --
 You are currently subscribed to cas-user@lists.jasig.org as:
 ltt...@alaska.edu
 To unsubscribe, change settings or access archives, see
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

2015-02-02 Thread Linda Toth

Carl

I was able to roll out 3.5.2.1 a little earlier than I expected and you
asked if I had evidence in the logs of successful roll over to secondary
primary, etc.  ... Here is the log for an unexpired user in 3.4.2.1,
followed by the log in 3.5.2.1.  Users that are authenticated through the
primary LDAP show the successful filter of:

Successful filter via primary LDAP

2015-02-02 11:42:05,885 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- LDAP search with filter (|(sAMAccountName=rred)((uaIdentifier=rred
)(employeeNumber=*)))

Successful filter via secondary LDAP on 3.4.2.1

2015-02-02 14:59:28,720 DEBUG
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing
LDAP bind with credential:
CN=eofelt,OU=userAccounts,DC=ua,DC=adt,DC=alaska,DC=edu

2015-02-02 14:59:29,307 DEBUG
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing
LDAP bind with credential:
CN=eofelt,OU=userAccounts,DC=ua,DC=adt,DC=alaska,DC=edu

2015-02-02 14:59:29,582 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Attempting to resolve a principal...

2015-02-02 14:59:29,582 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Attempting to resolve a principal...

2015-02-02 14:59:29,582 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Creating SimplePrincipal for [eofelt]

2015-02-02 14:59:29,582 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Resolved eofelt. Trying LDAP resolve now...

2015-02-02 14:59:29,582 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- LDAP search with filter
(|((employeeNumber=*)(uaIdentifier=eofelt))(cn=eofelt))

2015-02-02 14:59:29,582 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- returning searchcontrols: scope=2; search
base=dc=ua,dc=adt,dc=alaska,dc=edu; attributes=[cn]; timeout=1000

2015-02-02 14:59:29,920 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Resolved eofelt to eofelt

2015-02-02 14:59:29,920 DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- Creating SimplePrincipal for [eofelt]

2015-02-02 14:59:29,920 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Created seed map='{username=[eofelt]}' for uid='eofelt'

2015-02-02 14:59:29,920 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding
attribute 'sAMAccountName' with value '[eofelt]' to query builder 'null'

2015-02-02 14:59:29,920 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Generated query builder '(sAMAccountName=eofelt)' from query Map
{username=[eofelt]}.

2015-02-02 14:59:30,128 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket [
TGT-4-jKce9e7jidyzM1CvMPXgyQN1RsahpPIKBotxtGWJsYaxMLVsch-cas-test.alaska.edu]
to registry.

2015-02-02 14:59:30,130 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed
cookie with name [CASPRIVACY]

2015-02-02 14:59:30,130 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie
with name [CASTGC] and value [
TGT-4-jKce9e7jidyzM1CvMPXgyQN1RsahpPIKBotxtGWJsYaxMLVsch-cas-test.alaska.edu
]

2015-02-02 14:59:30,132 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to
retrieve ticket [TGT-4-jKce9e7jidyzM1CvMPXgyQN1RsahpPIKBotxt

GWJsYaxMLVsch-cas-test.alaska.edu]

2015-02-02 14:59:30,132 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [
TGT-4-jKce9e7jidyzM1CvMPXgyQN1RsahpPIKBotxtGWJsYaxMLVsch-cas-test.alaska.edu]
found in registry.

2015-02-02 14:59:30,133 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket [
ST-5-qakFITk0TLvGSSfCeOzF-cas-test.alaska.edu] to registry.

2015-02-02 14:59:30,133 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [
ST-5-qakFITk0TLvGSSfCeOzF-cas-test.alaska.edu] for service [
https://beistest.alaska.edu:443/ssomanager/c/SSB] for user [eofelt]

Failed via primary LDAP on 3.5.2.1

2015-02-02 14:48:51,265 DEBUG
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing
LDAP bind with credential: CN=eofelt
,OU=userAccounts,DC=ua,DC=adt,DC=alaska,DC=edu

2015-02-02 14:48:51,541 INFO
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Failed to
authenticate user eofelt with error [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 701,
v1db1^@]; nested exception is javax.naming.AuthenticationException: [LDAP:
error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 701, v1db1^@]

2015-02-02 14:48:51,541 DEBUG
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - No error
definitions are defined. Throwing

Re: [cas-user] Cannot retrieve attributes from LDAP with CAS 3.5.3

2015-02-02 Thread Sylvain DEROSIAUX

Arf ! It does'nt work at 100% :-(
I permit my users to log in with differents username (uid, 
eduPersonPrincipalName or mail).
If they log with uid or mail, it's works. Otherwise, it won't works.

The attribute which must be sent to CAS client are dependant from the 
service via the /usernameAttribute/ property of services.
The attributeRepository is as follow :

 bean id=attributeRepository 
class=org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao
 property name=baseDN 
value=ou=people,dc=univ-lille3,dc=fr/
 property name=contextSource ref=contextSource /
 property name=requireAllQueryAttributes value=false/
*property name=queryType value=OR /*
 property name=queryAttributeMapping
 map
 entry key=username 
value=*eduPersonPrincipalName* /
 entry key=username value=*uid* /
 entry key=username value=*mail* /
 /map
 /property
 property name=resultAttributeMapping
 map
 entry key=uid value=uid /
 entry key=mail value=mail /
 entry key=eduPersonPrincipalName 
value=eduPersonPrincipalName /
 /map
 /property
 /bean

I have turned on the LDAP log and show that CAS doesn't do what I'm 
excepted it to do :
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH 
base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
filter=(*mail*=sderosiaux)
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH attr=uid 
mail eduPersonPrincipalName
...
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3526 op=28 SRCH 
base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
filter=(*uid*=sderosiaux)
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH attr=uid 
mail eduPersonPrincipalName

Why CAS doesn't try with eduPersonPrincipalName attribute ?

Sylvain

Le 30/01/2015 11:43, Sylvain DEROSIAUX a écrit :
 Yes, I misunderstood this parameter, so I replace this part with only

 entry key=username value=uid /

 But it did'nt work too.
 A friend give me a working solution so I compared source code and see 
 he doesn't use CredentialsToLDAPAttributePrincipalResolver bean. I 
 remove it from my configuration and now it's works like a charm !

 Thanks
 Sylvain

 Le 29/01/2015 19:38, John Gasper a écrit :
 I don't think the queryAttributeMapping is working the way you think 
 it is... At least I've never been able to get it to work like that. 
 You'll need to split it up because username is essentially the 
 placeholder where the identity (jdoe) is inserted when the ldap query 
 runs. (unfortunately it is the key so multiple search attributes 
 (uid, mail, etc) can't be done here).

 Checkout 
 https://github.com/jtgasper3/raspberrypi-iam/blob/master/cas-war-overlay/src/main/webapp/WEB-INF/deployerConfigContext.xml.
  
 It has a split config that uses an inherited base bean config.

 ---
 *John Gasper*
 IAM Consultant
 Unicon, Inc.
 PGP/GPG Key: 0xbafee3ef

 On 1/29/15 5:47 AM, Sylvain DEROSIAUX wrote:
 Hi !

 I want to use the /principalAttributeName/ feature following CAS 
 documentation (https://wiki.jasig.org/display/casum/attributes) but 
 it didn't work because my CAS (v3.5.3) cannot retrieve attributes 
 from my LDAP (login is OK) :

 2015-01-29 14:07:45,730 WARN 
 [org.jasig.cas.CentralAuthenticationServiceImpl] - Principal [xxx] 
 did not have attribute [mail] among attributes *[{}] *so CAS cannot 
 provide on the validation response the user attribute the registered 
 service *** expects. CAS will instead return the default username 
 attribute [xxx]

 I have checked access to attributes with the user, it's ok.
 In the LDAP log, attributes are not requested :

 Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH 
 base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
 filter=((!(lille3BlockedDate=*))(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx)))
 Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH attr=1.1
 ...
 Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH 
 base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
 filter=(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx))
 Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH attr=uid

 Now, here the relevant part from my /deployerConfigContext.xml/ file :

 The use of the attribute repository :

 property name=credentialsToPrincipalResolvers
 list
 bean 
 class=org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver
 !-- The Principal resolver form the credentials --
 property name=credentialsToPrincipalResolver
 bean 
 class=org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
  
 /
 /property
 property name=filter 
 value=(|(eduPersonPrincipalName=%u)(uid=%u)(mail=%u)) /
 property name=principalAttributeName value=uid /
 property name=searchBase

RE: [cas-user] Cannot retrieve attributes from LDAP with CAS 3.5.3

2015-02-02 Thread Misagh Moayyed

Because a map cannot contain duplicate keys. You have specified 3 different 
values for the same key that is “username”. Each one is going to overwrite 
the previous, which should just have you using “mail” as the query 
attribute. (I don’t know how uid works. It should not, unless its value 
matches mail somehow).



Instead of a single one-to-one key-value, specify the key as username but 
as the value, give it a list of possible values. That might work.



You can also enable DEBUG logs for persondirectory and observe the query 
that gets constructed.



From: Sylvain DEROSIAUX [mailto:sylvain.derosi...@univ-lille3.fr]
Sent: Monday, February 2, 2015 3:44 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] Cannot retrieve attributes from LDAP with CAS 3.5.3



Arf ! It does'nt work at 100% :-(
I permit my users to log in with differents username (uid, 
eduPersonPrincipalName or mail).
If they log with uid or mail, it's works. Otherwise, it won't works.

The attribute which must be sent to CAS client are dependant from the 
service via the usernameAttribute property of services.
The attributeRepository is as follow :

bean id=attributeRepository 
class=org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao
property name=baseDN value=ou=people,dc=univ-lille3,dc=fr/
property name=contextSource ref=contextSource /
property name=requireAllQueryAttributes value=false/
property name=queryType value=OR /
property name=queryAttributeMapping
map
entry key=username value=eduPersonPrincipalName /
entry key=username value=uid /
entry key=username value=mail /
/map
/property
property name=resultAttributeMapping
map
entry key=uid value=uid /
entry key=mail value=mail /
entry key=eduPersonPrincipalName 
value=eduPersonPrincipalName /
/map
/property
/bean

I have turned on the LDAP log and show that CAS doesn't do what I'm excepted 
it to do :
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH 
base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
filter=(mail=sderosiaux)
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH attr=uid mail 
eduPersonPrincipalName
...
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3526 op=28 SRCH 
base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
filter=(uid=sderosiaux)
Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH attr=uid mail 
eduPersonPrincipalName

Why CAS doesn't try with eduPersonPrincipalName attribute ?

Sylvain

Le 30/01/2015 11:43, Sylvain DEROSIAUX a écrit :

Yes, I misunderstood this parameter, so I replace this part with only

entry key=username value=uid /

But it did'nt work too.
A friend give me a working solution so I compared source code and see he 
doesn't use CredentialsToLDAPAttributePrincipalResolver bean. I remove it 
from my configuration and now it's works like a charm !

Thanks
Sylvain

Le 29/01/2015 19:38, John Gasper a écrit :

I don't think the queryAttributeMapping is working the way you think it 
is... At least I've never been able to get it to work like that. You'll need 
to split it up because username is essentially the placeholder where the 
identity (jdoe) is inserted when the ldap query runs. (unfortunately it is 
the key so multiple search attributes (uid, mail, etc) can't be done here).

Checkout 
https://github.com/jtgasper3/raspberrypi-iam/blob/master/cas-war-overlay/src/main/webapp/WEB-INF/deployerConfigContext.xml.
 
It has a split config that uses an inherited base bean config.


---
John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef

On 1/29/15 5:47 AM, Sylvain DEROSIAUX wrote:

Hi !

I want to use the principalAttributeName feature following CAS documentation 
(https://wiki.jasig.org/display/casum/attributes) but it didn't work because 
my CAS (v3.5.3) cannot retrieve attributes from my LDAP (login is OK) :

2015-01-29 14:07:45,730 WARN 
[org.jasig.cas.CentralAuthenticationServiceImpl] - Principal [xxx] did not 
have attribute [mail] among attributes [{}] so CAS cannot provide on the 
validation response the user attribute the registered service *** expects. 
CAS will instead return the default username attribute [xxx]

I have checked access to attributes with the user, it's ok.
In the LDAP log, attributes are not requested :

Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH 
base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
filter=((!(lille3BlockedDate=*))(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx)))
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141942 op=1 SRCH attr=1.1
...
Jan 29 14:21:29 ldap-test slapd[2968]: conn=141944 op=1 SRCH 
base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
filter=(|(eduPersonPrincipalName=xxx)(uid=xxx)(mail=xxx))
Jan 29 14:21:29 ldap-test

Re: [cas-user] Cannot retrieve attributes from LDAP with CAS 3.5.3

2015-02-02 Thread Sylvain DEROSIAUX

Ok. I've make the changes as you said and it works great, cool !

 property name=queryAttributeMapping

 map

 entry key=username

 list

 valueeduPersonPrincipalName/value

 valueuid/value

 valuemail/value

 /list

 /entry

 /map

 /property



Thanks Misagh and have a nice day !

Sylvain
Le 02/02/2015 12:33, Misagh Moayyed a écrit :

 Because a map cannot contain duplicate keys. You have specified 3 
 different values for the same key that is “username”. Each one is 
 going to overwrite the previous, which should just have you using 
 “mail” as the query attribute. (I don’t know how uid works. It should 
 not, unless its value matches mail somehow).

 Instead of a single one-to-one key-value, specify the key as username 
 but as the value, give it a list of possible values. That might work.

 You can also enable DEBUG logs for persondirectory and observe the 
 query that gets constructed.

 *From:*Sylvain DEROSIAUX [mailto:sylvain.derosi...@univ-lille3.fr]
 *Sent:* Monday, February 2, 2015 3:44 AM
 *To:* cas-user@lists.jasig.org
 *Subject:* Re: [cas-user] Cannot retrieve attributes from LDAP with 
 CAS 3.5.3

 Arf ! It does'nt work at 100% :-(
 I permit my users to log in with differents username (uid, 
 eduPersonPrincipalName or mail).
 If they log with uid or mail, it's works. Otherwise, it won't works.

 The attribute which must be sent to CAS client are dependant from the 
 service via the /usernameAttribute/ property of services.
 The attributeRepository is as follow :

 bean id=attributeRepository 
 class=org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao
 property name=baseDN 
 value=ou=people,dc=univ-lille3,dc=fr/
 property name=contextSource ref=contextSource /
 property name=requireAllQueryAttributes value=false/
 *property name=queryType value=OR /*
 property name=queryAttributeMapping
 map
 entry key=username 
 value=*eduPersonPrincipalName* /
 entry key=username value=*uid* /
 entry key=username value=*mail* /
 /map
 /property
 property name=resultAttributeMapping
 map
 entry key=uid value=uid /
 entry key=mail value=mail /
 entry key=eduPersonPrincipalName 
 value=eduPersonPrincipalName /
 /map
 /property
 /bean

 I have turned on the LDAP log and show that CAS doesn't do what I'm 
 excepted it to do :
 Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH 
 base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
 filter=(*mail*=sderosiaux)
 Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH attr=uid 
 mail eduPersonPrincipalName
 ...
 Feb  2 11:32:43 ldap-test slapd[61387]: conn=3526 op=28 SRCH 
 base=ou=people,dc=univ-lille3,dc=fr scope=2 deref=3 
 filter=(*uid*=sderosiaux)
 Feb  2 11:32:43 ldap-test slapd[61387]: conn=3852 op=1 SRCH attr=uid 
 mail eduPersonPrincipalName

 Why CAS doesn't try with eduPersonPrincipalName attribute ?

 Sylvain

 Le 30/01/2015 11:43, Sylvain DEROSIAUX a écrit :

 Yes, I misunderstood this parameter, so I replace this part with only

 entry key=username value=uid /

 But it did'nt work too.
 A friend give me a working solution so I compared source code and
 see he doesn't use CredentialsToLDAPAttributePrincipalResolver
 bean. I remove it from my configuration and now it's works like a
 charm !

 Thanks
 Sylvain

 Le 29/01/2015 19:38, John Gasper a écrit :

 I don't think the queryAttributeMapping is working the way you
 think it is... At least I've never been able to get it to work
 like that. You'll need to split it up because username is
 essentially the placeholder where the identity (jdoe) is
 inserted when the ldap query runs. (unfortunately it is the
 key so multiple search attributes (uid, mail, etc) can't be
 done here).

 Checkout
 
 https://github.com/jtgasper3/raspberrypi-iam/blob/master/cas-war-overlay/src/main/webapp/WEB-INF/deployerConfigContext.xml.
 It has a split config that uses an inherited base bean config.


 ---
 *John Gasper*
 IAM Consultant
 Unicon, Inc.
 PGP/GPG Key: 0xbafee3ef

 On 1/29/15 5:47 AM, Sylvain DEROSIAUX wrote:

 Hi !

 I want to use the /principalAttributeName/ feature
 following CAS documentation
 (https://wiki.jasig.org/display/casum/attributes) but it
 didn't work because my CAS (v3.5.3) cannot retrieve
 attributes from my LDAP (login is

[cas-user] Gateway mode Form Post in Struts2

2015-02-02 Thread Carlos Olivera

Hi everyone, maybe I'm wrong about this but I want you to tell me if what 
is happening to me, it's the normal operation of gateway mode.

My site has a public and a private section, in the public section I'm 
running an authentication filter in gateway mode. I think that in order to 
get the ticket information, the CAS client (java client 3.3.2) redirects to 
CAS Server and when it comes back follows the filter chain depending if one 
ticket was found or not. My problems is that I'm losing my post parameters 
in that redirection, when it comes back struts2 filter has all parameters 
in null. Is this a common problem or I'm doing something wrong?

Thanks in advance.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] Service management

2015-02-02 Thread Yannick MOLINET

HI all,

Sorry for the delay, I was in vacation.
I'm new in CAS environnement, how can I add your addon in my installation 
(Maven Overlay) ?

Thanks,
Yannick


De : Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
Envoyé : vendredi 23 janvier 2015 18:04
À : cas-user@lists.jasig.org
Objet : Re: [cas-user] Service management

A new micro addon (same functionality as the current one from cas-addons) is 
available (1.0.0-RC2 is depends on CAS 4.1.0-SNAPSHOT at the moment as it uses 
some advanced features of Spring 4 for easy auto configuration facility):

https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization

The documentation has not migrated yet (just need few adopters needing to use 
this library where there will be a demand for documentation) ;-)

Cheers,
Dmitriy.

On Jan 23, 2015, at 11:41 AM, John Gasper 
jgas...@unicon.netmailto:jgas...@unicon.net wrote:

Historically CAS does not focus on authorization, that is left to the client 
applications. Unicon has developed an add-on [1] that can do some basic 
checking, but I don't know if it has been migrated to support 4.0 yet. You 
might be able to use it as an outline to help you.

[1] https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization

---
John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
On 1/23/15 1:38 AM, Yannick MOLINET wrote:
Hi all,

I have successfully configured a CAS Server 4.0.1 with two LDAP sources (one 
AD, one LDAP), with mod_auth_cas, mod_jk.
I want to authenticate my users on two different webapp.

In my point  of view, I think to allow access to a specific webapp if the user 
is in correct group (grp_webapp1 or/and grp_webapp2).
The two apps are publish like http://server/webapp1 and http://server/webapp2.

Is it possible to grant acces to a webapp throw the CAS is the user is in a 
correct group ?

Sorry for my poor english,
Thanks,
Yannick

--

You are currently subscribed to 
cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: 
jgas...@unicon.netmailto:jgas...@unicon.net

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


--

You are currently subscribed to 
cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: 
dkopyle...@unicon.netmailto:dkopyle...@unicon.net

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user




--

You are currently subscribed to 
cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: 
yannick.moli...@dixinfor.commailto:yannick.moli...@dixinfor.com

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

2015-02-02 Thread Waldbieser, Carl

Linda,

Is there any indication (e.g. from proxy logs) that the accounts that are 
failing over are actually making requests against the proxy?  In other words, 
do you have any indication whether the issue is that the fail over requests are 
never being made or that the requests are being made but failing to 
authenticate?

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

- Original Message -
From: Linda Toth ltt...@alaska.edu
To: cas-user@lists.jasig.org
Sent: Monday, February 2, 2015 1:04:40 PM
Subject: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

Good morning,

FYI - I am aware I need to promote to 3.5.3, but first things first.

I forwarded this question to our support organizations for CAS and they
have not come up with any explanation yet.  I am hoping someone here has
some insight.

I have not changed the deployerConfigContext.xml file from 3.4.2.1 to
3.5.2.1.  I looked over the distribution, but opted to try it as is.  Our
deployerConfigContext.xml file contains a component that allows expired and
new users to fall through to an active directory proxy when they fail to be
authenticated via straight AD LDAP.  Our policies at UA expire students
very quickly on some campuses so that they can not use the PC work
stations.  This causes issues when they come back to register for the next
semester.

In 3.4.2.1, I developed a nice configuration that will allow authentication
through one or the other.  3.5.2.1, it only authenticates users that are
not expired, i.e., it is not failing over.

I have extracted the pertinent sections and placed them in a file,
attached.  It is a simple text file.  One thing I did not do that may cause
problems is that I did not denote a separate attributeRepository bean.
They are identical for both straight AD and the proxy.  Perhaps I should
replicate them with a different name.

If anyone can pinpoint a modification I should make to accommodate 3.5.2.1
quickly, I would greatly appreciate it.  I very much want to move toward
two-factor authentication and Casifying Shib, but need 3.5.2.1 to do that.


Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity
and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775
Tel: 907-450-8320
Fax: 907-450-8381
linda.t...@alaska.edu | www.alaska.edu/oit/

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
waldb...@lafayette.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Cas client gateway mode

2015-02-02 Thread Carlos Olivera

Hi everyone, maybe I'm wrong about this but I want you to tell me if what is 
happening to me, it's the normal operation of gateway mode.

My site has a public and a private section, in the public section I'm running 
an authentication filter in gateway mode. I think that in order to get the 
ticket information, the CAS client (java client 3.3.2) redirects to CAS Server 
and when it comes back follows the filter chain depending if one ticket was 
found or not. My problems is that I'm losing my post parameters in that 
redirection, when it comes back struts2 filter has all parameters in null. Is 
this a common problem or I'm doing something wrong?

Thanks in advance.
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas client gateway mode

2015-02-02 Thread Waldbieser, Carl

Carlos,

When the user's browser is redirected to CAS for authentication, does the 
`service` parameter already have the extra parameters embedded and properly 
encoded in it?

I.e., can you use something like [developer tools] - [network] in Chrome and 
show us what the HTTP request parameters were, and then show the `Location` 
from the HTTP response?

Thanks,
Carl Waldbieser
ITS System Programmer
Lafayette College

- Original Message -
From: Carlos Olivera carlosroliv...@gmail.com
To: cas-user@lists.jasig.org
Sent: Monday, February 2, 2015 1:14:23 PM
Subject: [cas-user] Cas client gateway mode

Hi everyone, maybe I'm wrong about this but I want you to tell me if what is 
happening to me, it's the normal operation of gateway mode.

My site has a public and a private section, in the public section I'm running 
an authentication filter in gateway mode. I think that in order to get the 
ticket information, the CAS client (java client 3.3.2) redirects to CAS Server 
and when it comes back follows the filter chain depending if one ticket was 
found or not. My problems is that I'm losing my post parameters in that 
redirection, when it comes back struts2 filter has all parameters in null. Is 
this a common problem or I'm doing something wrong?

Thanks in advance.
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
waldb...@lafayette.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re:[cas-user] Not in office from 2nd Feb 2015 to 13th Feb 2015

2015-02-02 Thread avinash . bangera

Hi,

I am not in office from 2nd Feb 2015 to 13th Feb 2015.

Regards,
Avinash



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

2015-02-02 Thread Linda Toth

Good morning,

FYI - I am aware I need to promote to 3.5.3, but first things first.

I forwarded this question to our support organizations for CAS and they
have not come up with any explanation yet.  I am hoping someone here has
some insight.

I have not changed the deployerConfigContext.xml file from 3.4.2.1 to
3.5.2.1.  I looked over the distribution, but opted to try it as is.  Our
deployerConfigContext.xml file contains a component that allows expired and
new users to fall through to an active directory proxy when they fail to be
authenticated via straight AD LDAP.  Our policies at UA expire students
very quickly on some campuses so that they can not use the PC work
stations.  This causes issues when they come back to register for the next
semester.

In 3.4.2.1, I developed a nice configuration that will allow authentication
through one or the other.  3.5.2.1, it only authenticates users that are
not expired, i.e., it is not failing over.

I have extracted the pertinent sections and placed them in a file,
attached.  It is a simple text file.  One thing I did not do that may cause
problems is that I did not denote a separate attributeRepository bean.
They are identical for both straight AD and the proxy.  Perhaps I should
replicate them with a different name.

If anyone can pinpoint a modification I should make to accommodate 3.5.2.1
quickly, I would greatly appreciate it.  I very much want to move toward
two-factor authentication and Casifying Shib, but need 3.5.2.1 to do that.


Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity
and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775
Tel: 907-450-8320
Fax: 907-450-8381
linda.t...@alaska.edu | www.alaska.edu/oit/

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

dcc-extract
Description: Binary data

Re: [cas-user] Service management

2015-02-02 Thread Dmitriy Kopylenko

This is an “unstable” add on at this time and explicitly depends on CAS 
4.1.0-SNAPSHOT (unreleased). I think a better option would be to wait until 
4.1.0 gets released (CAS devs: when that would be?), as I heard there is a 
“native” authorization facility is being developed that is targeted for 
inclusion in cas core 4.1.0.

Cheers,
Dmitriy.

 On Feb 2, 2015, at 11:51 AM, Yannick MOLINET yannick.moli...@dixinfor.com 
 wrote:
 
 HI all,
  
 Sorry for the delay, I was in vacation.
 I’m new in CAS environnement, how can I add your addon in my installation 
 (Maven Overlay) ?
  
 Thanks,
 Yannick
  
  
 De : Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
 Envoyé : vendredi 23 janvier 2015 18:04
 À : cas-user@lists.jasig.org
 Objet : Re: [cas-user] Service management
  
 A new micro addon (same functionality as the current one from cas-addons) is 
 available (1.0.0-RC2 is depends on CAS 4.1.0-SNAPSHOT at the moment as it 
 uses some advanced features of Spring 4 for easy auto configuration facility):
  
 https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization
  
 https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization
  
 The documentation has not migrated yet (just need few adopters needing to use 
 this library where there will be a demand for documentation) ;-)
  
 Cheers,
 Dmitriy.
  
 On Jan 23, 2015, at 11:41 AM, John Gasper jgas...@unicon.net 
 mailto:jgas...@unicon.net wrote:
  
 Historically CAS does not focus on authorization, that is left to the client 
 applications. Unicon has developed an add-on [1] that can do some basic 
 checking, but I don't know if it has been migrated to support 4.0 yet. You 
 might be able to use it as an outline to help you.
 
 [1] 
 https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization 
 https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization
 
 ---
 John Gasper
 IAM Consultant
 Unicon, Inc.
 PGP/GPG Key: 0xbafee3ef
 
 On 1/23/15 1:38 AM, Yannick MOLINET wrote:
 Hi all,
  
 I have successfully configured a CAS Server 4.0.1 with two LDAP sources (one 
 AD, one LDAP), with mod_auth_cas, mod_jk.
 I want to authenticate my users on two different webapp.
  
 In my point  of view, I think to allow access to a specific webapp if the 
 user is in correct group (grp_webapp1 or/and grp_webapp2).
 The two apps are publish like http://server/webapp1 http://server/webapp1 
 and http://server/webapp2 http://server/webapp2.
  
 Is it possible to grant acces to a webapp throw the CAS is the user is in a 
 correct group ?
  
 Sorry for my poor english,
 Thanks,
 Yannick
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: jgas...@unicon.net 
 mailto:jgas...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: yannick.moli...@dixinfor.com 
 mailto:yannick.moli...@dixinfor.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Intermittant Login Issues for one application

2015-02-02 Thread Whittaker, Geoffrey

I'm having intermittent issues with a single application and my CAS 4 instance.

When clicking login on the cas form sometimes the cas server returns 200  
instead of 302 directing me back to the application to initiate service ticket 
validation.  Other times, it works without issue.

I'm not sure what this could be as it's the first time I've come across it and 
it worked just fine in 3.5.2.

Has anyone come across anything like this before?

Geoff

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Re: [cas-user] tomcat error

2015-02-02 Thread zjzhao

I guess you have this org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver in your deployconfig.xml, but you don't have related jar file in you lib directory.
Chris Cheltenham  在 Fri, 30 Jan 2015 10:41:36 写道：





Anyone know what this is telling me?
I appreciate your help in advance.

I have gone through my docs over and over but I cannot figure out why this is happening.



2015-01-30 05:30:51,724 ERROR [org.springframework.web.context.ContextLoader] - 
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralAuthenticationService' defined in Servl
etContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' wh
ile setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot create
inner bean 'org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver#62d185fe' of type [org.jasig.cas.authe
ntication.principal.CredentialsToLDAPAttributePrincipalResolver] while setting bean property 'credentialsToPrincipalResolvers' with ke
y [0]; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.authentica
tion.principal.CredentialsToLDAPAttributePrincipalResolver] for bean with name 'org.jasig.cas.authentication.principal.CredentialsToLD
APAttributePrincipalResolver#62d185fe' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is ja
va.lang.ClassNotFoundException: org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver




Thank You,

Chris Cheltenham
SwainTechs / HHS

Cell# 267-586-2369



-- 
You are currently subscribed to cas-user@lists.jasig.org as: zjz...@miitgxt.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user








-- 
You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Re:[cas-user] Not in office from 2nd Feb 2015 to 13th Feb 2015

2015-02-02 Thread avinash . bangera

Hi,

I am not in office from 2nd Feb 2015 to 13th Feb 2015.

Regards,
Avinash



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas client gateway mode

[cas-user] service url

Re: [cas-user] Cas client gateway mode

RE:[cas-user] Intermittant Login Issues for one application

Re: [cas-user] Cas client gateway mode

Re: [cas-user] question about non-web console service registration

Re: [cas-user] Cas client gateway mode

RE: [cas-user] TGT expiration policy override not working

Re: [cas-user] Cas client gateway mode

[cas-user] question about non-web console service registration

[cas-user] TGT expiration policy override not working

Re: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

Re: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

Re: [cas-user] Cannot retrieve attributes from LDAP with CAS 3.5.3

RE: [cas-user] Cannot retrieve attributes from LDAP with CAS 3.5.3

Re: [cas-user] Cannot retrieve attributes from LDAP with CAS 3.5.3

[cas-user] Gateway mode Form Post in Struts2

RE: [cas-user] Service management

Re: [cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

[cas-user] Cas client gateway mode

Re: [cas-user] Cas client gateway mode

Re:[cas-user] Not in office from 2nd Feb 2015 to 13th Feb 2015

[cas-user] 3.4.2.1 to 3.5.2.1 in deployerConfigContext.xml

Re: [cas-user] Service management

[cas-user] Intermittant Login Issues for one application

[cas-user] Re: [cas-user] tomcat error

Re:[cas-user] Not in office from 2nd Feb 2015 to 13th Feb 2015

27 matches

Site Navigation

Mail list logo

Footer information