from:"Dmitriy Kopylenko"

Check this branch out: 
https://github.com/UniconLabs/simple-cas4-overlay-template/tree/cas41-with-HZ-and-LDAP
 


It uses the 4.1.0 and is pre-configured with Hazelcast ticket registry. You 
could just clone it, checkout this branch and start using it as a base for your 
own overlay.

Cheers,
Dmitriy.

> On Oct 15, 2015, at 12:37 PM, Jonas Steinberg  
> wrote:
> 
> Okay, so I've looked at the overlay template.  Okay.  So my only question is: 
> what files from CAS do I need to include to correctly build 
> cas-server-integration-hazelcast?  Do I need to include cas-server-webapp?  
> How about also cas-server-integration-hazelcast?  What else?  I think this 
> will get me going.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] several very basic cas install questions

You don’t need to include any files. Just use the overlay as is. When you `mvn 
clean package` it will pull the appropriate dependencies (already pre-declared 
in the pom.xml) and will assemble the final cas.war archive ready for 
deployment.

As for LDAP, you just get rid of that dependency in the pom and modify the 
`WEB-INF/deployerConfigContext.xml` to satisfy your local authentication source 
needs.

D.

> On Oct 15, 2015, at 1:15 PM, Jonas Steinberg  
> wrote:
> 
> Okay, that's fine.  What I don't understand is what files do I actually need 
> from cas to include?  Or am I missing something?
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] several very basic cas install questions

No. That documentation link is for the “development” version which is not 
currently released (4.2.0). That bean “alias" is a new feature and will be 
available in 4.2.0.

This is the correct link for the current GA version -> 
http://jasig.github.io/cas/4.1.x/installation/Hazelcast-Ticket-Registry.html 


Best,
D.

> On Oct 15, 2015, at 1:23 PM, Jonas Steinberg  
> wrote:
> 
> Do I need to include the hazelcast alias line in deployerConfigContext from 
> cas's documentation?
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] several very basic cas install questions

It won’t deploy, as it will require you to have an LDAP directory available. 
You could simply delete it altogether and this will allow Maven to pull in the 
default one from CAS’ published war artifact, which is this -> 
https://github.com/Jasig/cas/blob/v4.1.0/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml
 


when you run `mvn clean package`

It is set up with simple in-memory authentication handler 
https://github.com/Jasig/cas/blob/v4.1.0/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml#L109
 

 with one user: casuser and password: Mellon

Cheers,
D.

> On Oct 15, 2015, at 1:55 PM, Jonas Steinberg  
> wrote:
> 
> What will happen if I just leave the LDAP stuff in deployConfig?  Will it 
> break the war?
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] several very basic cas install questions

Create directory `/etc/cas` or `c:\etc\cas` if on windows and copy 
cas.properties and log4j2.xml there.

But in general, you will need to look at your Servlet container’s logs to see 
what is going on when you deploy cas.war and for any indications of errors, etc.

D.

> On Oct 15, 2015, at 2:27 PM, Jonas Steinberg  
> wrote:
> 
> Alright, here's where I'm at:
> 
> I deleted ldapConfigContext.  
> 
> I copied and pasted the default deployConfigContext from github into my 
> deployConfigContext, so that took care of any LDAP stuff in 
> deployConfigContext.
> 
> I deleted the LDAP dependency from the pom.
> 
> It built but I'n unable to access cas at 
> https:server.com:8443or8080/cas/login.
> 
> Any thoughts?
> 
> Do I need to modify cas.properties at all? 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] several very basic cas install questions

That’d be git stuff i.e. `git clone 
g...@github.com:UniconLabs/simple-cas4-overlay-template.git` followed by `git 
checkout cas41-with-HZ-and-LDAP`

But for the better results, I’d highly recommend you start here: 
http://jasig.github.io/cas/4.1.x/installation/Maven-Overlay-Installation.html 
 
and go through the installation process step by step to better understand the 
overlay process.

Best,
D.

> On Oct 15, 2015, at 1:31 PM, Jonas Steinberg  
> wrote:
> 
> Alright: last question.
> 
> When you say, "You could just clone it", what's the "it" specifically that 
> you're referring to?  And how do I check the branch out?  This will probably 
> be my last question. Sorry to bombard you.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] several very basic cas install questions

In this particular overlay, those files are externalized to this particular 
location: `/etc/cas`. Have you gone through the doc: 
http://jasig.github.io/cas/4.1.x/installation/Maven-Overlay-Installation.html 

? All of this stuff is explained there.

Best,
D.

> On Oct 15, 2015, at 2:40 PM, Jonas Steinberg  
> wrote:
> 
> But shouldn't cas.property and log-whatever just be built into my war?  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Remote Address Authentication - Configuration Error on Documentation

2015-10-07 Thread Dmitriy Kopylenko

That's a documentation typo. That should have been: 

Cheers,
Dmitriy.

> On Oct 7, 2015, at 09:04, Song, Doe-Hyun  wrote:
> 
> Hello All,
>  
> From the following document,
> http://jasig.github.io/cas/4.1.x/installation/Remote-Address-Authentication.html
>  
> action tag seems not correct.
> 
>
>
>
> 
>  
> I can find parser error as below:
>  
> 07-Oct-2015 08:50:21.603 SEVERE [http-nio-8443-exec-6] 
> org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for 
> servlet [cas] in context with path [/cas] threw exception [Request processing 
> failed; nested exception is 
> org.springframework.webflow.definition.registry.FlowDefinitionConstructionException:
>  An exception occurred constructing the flow 'login'] with root cause
>  org.xml.sax.SAXParseException; lineNumber: 82; columnNumber: 40; 
> cvc-complex-type.2.4.a: Invalid content was found starting with element 
> 'action'. One of '{"http://www.springframework.org/schema/webflow":attribute, 
> "http://www.springframework.org/schema/webflow":secured, 
> "http://www.springframework.org/schema/webflow":on-entry, 
> "http://www.springframework.org/schema/webflow":evaluate, 
> "http://www.springframework.org/schema/webflow":render, 
> "http://www.springframework.org/schema/webflow":set, 
> "http://www.springframework.org/schema/webflow":transition, 
> "http://www.springframework.org/schema/webflow":on-exit, 
> "http://www.springframework.org/schema/webflow":exception-handler}' is 
> expected.
> at 
> com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
> at 
> com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:134)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:437)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:325)
> at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:458)
> at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3237)
> at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1796)
>   at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.emptyElement(XMLSchemaValidator.java:766)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:355)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2770)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:117)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
> at 
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848)
> at 
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777)
> at 
> com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> at 
> com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:243)
> at 
> com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
> at 
> javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
> at 
> org.springframework.webflow.engine.model.builder.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:113)
> at 
> org.springframework.webflow.engine.model.builder.xml.XmlFlowModelBuilder.init(XmlFlowModelBuilder.java:112)
> at 
> org.springframework.webflow.engine.model.builder.DefaultFlowModelHolder.assembleFlowModel(DefaultFlowModelHolder.java:87)
> at 
> org.springframework.webflow.engine.model.builder.DefaultFlowModelHolder.getFlowModel(DefaultFlowModelHolder.java:61)
> at 
> org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.doInit(FlowModelFlowBuilder.java:151)
> at 
> org.springframework.webflow.engine.builder.support.AbstractFlowBuilder.init(AbstractFlowBuilder.java:46)
> at 
> org.springframework.webflow.engine.builder.FlowAssembler.assembleFlow(FlowAssembler.java:90)
>

Re: [cas-user] Remote Address Authentication - Configuration Error on Documentation

2015-10-07 Thread Dmitriy Kopylenko

Sorry for misleading you earlier. Yes,  On Oct 7, 2015, at 10:04 AM, Song, Doe-Hyun <ds...@armada.net> wrote:
> 
> Dmitriy,
>  
> I tried to use evaluate expression. At least the error message goes away.
>  
> 
>
>
>
> 
>  
> However, it seems the action state is not invoked at all yet.
>  
> Thanks,
> Doe
>  
> From: Song, Doe-Hyun 
> Sent: Wednesday, October 07, 2015 9:50 AM
> To: cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
> Subject: RE: [cas-user] Remote Address Authentication - Configuration Error 
> on Documentation
>  
> Dmitriy, 
>  
> Thanks for your reply. I think action element itself does not work. Are you 
> meaning to use evaluate element?
>  
> From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net 
> <mailto:dkopyle...@unicon.net>] 
> Sent: Wednesday, October 07, 2015 9:17 AM
> To: cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
> Subject: Re: [cas-user] Remote Address Authentication - Configuration Error 
> on Documentation
>  
> That's a documentation typo. That should have been:  evaluate="remoteAddressCheck" />
> 
> Cheers,
> Dmitriy.
> 
> On Oct 7, 2015, at 09:04, Song, Doe-Hyun <ds...@armada.net 
> <mailto:ds...@armada.net>> wrote:
> 
> Hello All, 
>  
> From the following document, 
> http://jasig.github.io/cas/4.1.x/installation/Remote-Address-Authentication.html
>  
> <http://jasig.github.io/cas/4.1.x/installation/Remote-Address-Authentication.html>
>  
> action tag seems not correct. 
> 
>
>
>
> 
>  
> I can find parser error as below:
>  
> 07-Oct-2015 08:50:21.603 SEVERE [http-nio-8443-exec-6] 
> org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for 
> servlet [cas] in context with path [/cas] threw exception [Request processing 
> failed; nested exception is 
> org.springframework.webflow.definition.registry.FlowDefinitionConstructionException:
>  An exception occurred constructing the flow 'login'] with root cause
>  org.xml.sax.SAXParseException; lineNumber: 82; columnNumber: 40; 
> cvc-complex-type.2.4.a: Invalid content was found starting with element 
> 'action'. One of '{"http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":attribute, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":secured, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":on-entry, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":evaluate, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":render, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":set, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":transition, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":on-exit, 
> "http://www.springframework.org/schema/webflow 
> <http://www.springframework.org/schema/webflow>":exception-handler}' is 
> expected.
> at 
> com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
> at 
> com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:134)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:437)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:325)
> at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:458)
> at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3237)
> at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1796)
>   at 
> com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.emptyElement(XMLSchemaValidator.java:766)
> at 
> com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:355)
> at 
> com.sun.org.apach

Re: [cas-user] substitute attribute for user

2015-09-22 Thread Dmitriy Kopylenko

This could be accomplished by setting the ‘usernameAttribute’ property in the 
RegisteredService instance in question: 
http://jasig.github.io/cas/4.0.x/installation/Service-Management.html 


In CAS 4.1 this is even easier to do via a very flexible services management 
web app (with username attribute provider config options).

Check this demo out: http://jasigcasmgmt.herokuapp.com/ 
 and play with it by defining few 
registered services. You could login with casuser/Mellon

Best,
Dmitriy.

> On Sep 22, 2015, at 10:10 AM, Chris Irwin  wrote:
> 
> I have CAS 4.0 connected to AD.  This is working fine but I have one 
> application that would like me to return a different value for the user.  
> Today they log in with the sAMAccount name and this is returned as CAS:user  
> I also return the employeeID as part of the claim.  It appears that their app 
> can’t extract the employeeID attribute from the claim and they want me to 
> insert employeeID in the place of the sAMAccount name.  Can this be done?
>  
> Sincerely,
>  
> Christopher Irwin
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org 
>  as: dkopyle...@unicon.net 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user 
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Unable to configure ticketing via MySQL

2015-09-20 Thread Dmitriy Kopylenko

For the HA set up, there are more attractive and easier to maintain options in 
CAS to consider other than RDBMS like Hazelcast Ticket Registry for example 
which is part of CAS core now: 

http://jasig.github.io/cas/development/installation/Hazelcast-Ticket-Registry.html

Best,
Dmitriy. 


Sent from my iPhone

> On Sep 20, 2015, at 13:47, Nicolás  wrote:
> 
> Hi,
> 
> I'm running CAS 4.1.0 and trying to configure ticketing via MySQL, because we 
> want to deploy this version for HA. For that, I've done the following steps:
> 
> 1) ticketRegistry.xml file: Basically the same as 
> http://jasig.github.io/cas/4.1.x/installation/JPA-Ticket-Registry.html says 
> in Configuration + Connection pooling.
> 
> http://www.w3.org/2001/XMLSchema-instance;
>xmlns:p="http://www.springframework.org/schema/p;
>xmlns:c="http://www.springframework.org/schema/c;
>xmlns:tx="http://www.springframework.org/schema/tx;
>xmlns:util="http://www.springframework.org/schema/util;
>xmlns="http://www.springframework.org/schema/beans;
>xsi:schemaLocation="http://www.springframework.org/schema/beans 
>
> http://www.springframework.org/schema/beans/spring-beans.xsd
>http://www.springframework.org/schema/tx
>
> http://www.springframework.org/schema/tx/spring-tx.xsd
>http://www.springframework.org/schema/util
>
> http://www.springframework.org/schema/util/spring-util.xsd;>
> 
> Configuration for the default TicketRegistry which stores the tickets 
> in-memory and cleans them out as specified
> intervals.
> 
> 
>  class="org.jasig.cas.ticket.registry.JpaTicketRegistry" />
> 
>  class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor"/>
> 
> 
> org.jasig.cas.services
> org.jasig.cas.ticket
> org.jasig.cas.adaptors.jdbc
> 
> 
>  id="jpaVendorAdapter"
> p:generateDdl="true"
> p:showSql="true" />
> 
>  
> class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"
> p:dataSource-ref="dataSource"
> p:jpaVendorAdapter-ref="jpaVendorAdapter"
> p:packagesToScan-ref="packagesToScan">
> 
>   
> ${database.dialect}
> create-drop
> ${database.batchSize}
>   
> 
> 
> 
>  class="org.springframework.orm.jpa.JpaTransactionManager"
> p:entityManagerFactory-ref="entityManagerFactory" />
> 
> 
> 
>  class="org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner"
>   c:ticketRegistry-ref="ticketRegistry"
>   c:lockingStrategy-ref="cleanerLock"
>   c:logoutManager-ref="logoutManager" />
> 
>  class="org.jasig.cas.ticket.registry.support.JpaLockingStrategy"
> p:uniqueId="${host.name}"
> p:applicationId="cas-ticket-registry-cleaner" />
> 
> 
> class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean"
> p:targetObject-ref="ticketRegistryCleaner"
> p:targetMethod="clean" />
>  
>  class="org.springframework.scheduling.quartz.SimpleTriggerBean"
> p:jobDetail-ref="jobDetailTicketRegistryCleaner"
> p:startDelay="2"
> p:repeatInterval="500" />
> 
>class="com.mchange.v2.c3p0.ComboPooledDataSource"
>   p:driverClass="${database.driverClass}"
>   p:jdbcUrl="${database.url}"
>   p:user="${database.user}"
>   p:password="${database.password}"
>   p:initialPoolSize="${database.pool.minSize}"
>   p:minPoolSize="${database.pool.minSize}"
>   p:maxPoolSize="${database.pool.maxSize}"
>   p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
>   p:checkoutTimeout="${database.pool.maxWait}"
>   p:acquireIncrement="${database.pool.acquireIncrement}"
>   p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
>   p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
>   
> p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
>   p:preferredTestQuery="${database.pool.connectionHealthQuery}"
>   />
> 
> 2) cas.properties:
> database.dialect=org.hibernate.dialect.MySQL5InnoDBDialect
> database.driverClass=com.mysql.jdbc.Driver
> database.url=jdbc:mysql://localhost/cas?ssl=false
> database.user=cas
> database.password=mypassword
> The rest, as defined in the PostgreSQL example on 
> http://jasig.github.io/cas/4.1.x/installation/JPA-Ticket-Registry.html
> 
> 3) pom.xml:
> 
> 
>  org.jasig.cas
>  cas-server-support-jdbc
>  ${cas.version}
> 
> 
> org.hibernate
>

Re: [cas-user] CAS allowing incorrect passwords to Authenticate

2015-08-24 Thread Dmitriy Kopylenko

Check if you are using SimpleTestUsernamePasswordAuthenticationHandler in your 
deployerConfigContext.xml by any chance. 

D. 

Sent from my iPhone

 On Aug 24, 2015, at 17:17, Martel, Michael H michael.mar...@vsc.edu wrote:
 
 Greetings!
 
 Our IDM Expert is leaving on Friday for greener pastures, and today our IDM 
 system decided to start accepting all passwords as valid.  As far as we can 
 tell this is isolated to our CAS servers and not the Shibboleth and LDAP 
 Servers.
 
 When you authenticate to CAS, every password that you enter comes back as 
 successful.
 
 Has anyone seen this before ?  Any thoughts on where to look ?  He’s been 
 beating his head on it all day and come up with nothing.
 
 If I didn’t include enough details, tell me what I need to add, I’m new to 
 the IDM side of this.
 
 Thanks!
 
 
 
 Michael
 
 -- 
 
  o-
   Michael H. Martel  | Director of Data Center Administration
   michael.mar...@vsc.edu | Systems and Security Administrator
   Vermont State Colleges | PH:802-224-3010 FX:802-224-3035
 
 
 
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] problem with POST requests

2015-08-22 Thread Dmitriy Kopylenko

What CAS really needs is the true, stateless JWT implementation - that would 
solve the problem of authentication for RESTful resources once and for all, but 
that's a discussion for another day :-)

Cheers,
D.  

Sent from my iPhone

 On Aug 21, 2015, at 18:42, Carl Waldbieser cwaldbie...@gmail.com wrote:
 
 In that email thread, the issue is that the browser initially has no session 
 with the proxy protecting the resouce.  When the proxy redirects the user to 
 the CAS service using a GET, the initial POST data is lost.
 
 If this is analogous to what is happening in the original poster's case, the 
 way to get around it is to make 2 requests.  The first to a GETable resource. 
  This establishes an authenticated session with the service by doing the CAS 
 dance.  The second request would need to use the session cookie from the 
 first request when it made the POST and CAS would get out of the way.
 
 Strictly speaking, that is not a RESTful API.  It would make more sense for a 
 RESTful API to hand out an access token in response to a GET for a valid CAS 
 service ticket.  The access token could then be used to authenticate to the 
 rest of the API without having to monkey around with cookies and sessions.
 
 Thanks,
 Carl Waldbieser
 
 On Aug 21, 2015 6:03 PM, Andrew Morgan mor...@orst.edu wrote:
 Have a look at this email thread:
 
   https://groups.google.com/forum/#!topic/jasig-cas-user/if0SQ0gUbp8
 
 It's an old problem.
 
 I'm not sure how CAS JASPIC works, but I've seen the Java cas client in 
 action.  It seems to consume the ST, validate the ST, then redirect the 
 client to the original resource.  Like this:
 
 GET /foo?ST=12345
 (processing happens to validate the ST)
 RESPONSE: 302 REDIRECT /foo
 GET /foo
 
 
 When the redirect happens, the POST data is lost.
 
 It might work if you switched from POST to GET.
 
 You can read about some options and recommendations in the email thread 
 above.
 
 Andy
 
 On Fri, 21 Aug 2015, Mahantesh Prasad Katti wrote:
 
 
 Has anybody run into this problem? Do you think i need to explain this 
 problem better or provide additional info?
 
 Regards
 Prasad
 
 From: Mahantesh Prasad Katti
 Sent: Friday, August 21, 2015 2:39 PM
 To: cas-user@lists.jasig.org
 Subject: [cas-user] problem with POST requests
 
 Hi ,
 
 We have a casified java application. This application exposes a bunch of 
 REST apis. When accessing POST APIs from another application by explicitly 
 obtaining the service ticket and appending it to the target URL, the calls 
 are failing. Apparently, the after the ticket validation happens 
 successfully, the POST body data gets lost and the service call fails 
 because of that. Do we need to modify the server auth module to handle this 
 scenario? Note that this happens for POST calls only. The get calls work 
 just fine.
 
 We are using the CAS JASPIC jar available from google groups. Any help is 
 appreciated.
 
 Regards
 Prasad
 
 
 
 
 
 --
 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 mahantesh.ka...@indecomm.net
 
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: mor...@orst.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 cwaldbie...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS protocol flow sequence: AuthN then check service registry?

2015-08-14 Thread Dmitriy Kopylenko

Yep, that’s old. That was the behavior which was changed to check service 
authorization before the author transaction start in 3.5.1+ (I don’t remember 
the exact 3.5.x version where it went in).

Cheers,
Dmitriy.

 On Aug 14, 2015, at 1:59 PM, Baron Fujimoto ba...@hawaii.edu wrote:
 
 Sorry, I should have included that. Version 3.4.11.
 
 On Thu, Aug 13, 2015 at 10:42:17PM -0700, Misagh Moayyed wrote:
 But wouldn't it be better to check against the registry first and
 disallowing unauthorized service URLs before bothering with
 authentication?
 
 What CAS version are you on? That is the exact current behavior. 
 
 -Original Message-
 From: Baron Fujimoto [mailto:ba...@hawaii.edu]
 Sent: Thursday, August 13, 2015 8:54 PM
 To: cas-user@lists.jasig.org
 Subject: [cas-user] CAS protocol flow sequence: AuthN then check service
 registry?
 
 Given the following scenario:
 
 CAS URL: https://cas.example.com
 Bogus unauthorized service URL: https://bogus.example.net Real
 authorized
 serviceURL : https://authorized.example.org
 
 User is tricked (by phish, perhaps) to visit
 https://cas.example.com/cas/login?service=https://bogus.example.net
 
 The user does not have an SSO session, so is presented with the CAS
 Login
 Form.
 
 The user submits the form with the username, password, and login ticket
 POSTed in the body.
 
 CAS authenticates the user and creates/sets an SSO session CASTGT cookie
 in the user's browser which contains the session key for the SSO session
 (TGT).
 
 It appears that at this point, CAS verifies the ?service= parameter
 against the registry of authorized service URLs. The user is presented
 with the Application Not Authorized error.
 
 However, by now the user has a valid TGT, and if they subsequently visit
 https://authorized.example.org, they will be able to utilize it to
 login
 via SSO.
 
 Is there any reason for concern here? I believe the scope of exposure is
 only limited to anyone who has access to the browser session (e.g.
 say, a publically accessible computer). But wouldn't it be better to
 check
 against the registry first and disallowing unauthorized service URLs
 before bothering with authentication? Or perhaps destroying the TGT if
 the
 service URL is unauthorized?
 
 Or am I missing something, or perhaps some best practices configuration
 of
 CAS to mitigate against this sort of situation?
 
 -baron
 --
 Baron Fujimoto ba...@hawaii.edu :: UH Information Technology Services
 minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
 
 --
 You are currently subscribed to cas-user@lists.jasig.org as:
 mmoay...@unicon.net To unsubscribe, change settings or access archives,
 see http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: ba...@hawaii.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] JSON Service Management

2015-08-05 Thread Dmitriy Kopylenko

FWIW - cas-addons project is not officially supported on CAS 4.x series as 
noted here: https://github.com/Unicon/cas-addons#notice 
https://github.com/Unicon/cas-addons#notice

Best,
D.

 On Aug 5, 2015, at 7:11 AM, Nouman Fallouh nouman...@gmail.com wrote:
 
 I'd used the version 4.0.3 and everything goes fine where I'd integrated the 
 OTP factor in my implementation by using the class `TOTP.java` from the 
 `cas-addons project` in a custom package of mine.
 
 My problem comes when I tried to use the cas-addons project it self by adding 
 it as a dependency in the `pom.xml` like this:
 
 dependency
   groupIdnet.unicon.cas/groupId
   artifactIdcas-addons/artifactId
   version1.17/version
 /dependency
 
 The server starts up nicely but when submitting credentials it fails with an 
 red error message:
 CAS is Unavailable
 
 There was an error trying to complete your request. Please notify your 
 support desk or try again.
 
 The tomcat log gives this:
 
 05-Aug-2015 13:38:49.488 SEVERE [http-nio-8443-exec-394] 
 org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for 
 servlet [cas] in context with path [/cas] threw exception [Request processing 
 failed; nested exception is 
 org.springframework.webflow.execution.ActionExecutionException: Exception 
 thrown executing [AnnotatedAction@1732d886 targetAction = 
 [EvaluateAction@3c81c920 expression = 
 authenticationViaFormAction.submit(flowRequestContext, flowScope.credential, 
 messageContext), resultExpression = [null]], attributes = map[[empty]]] in 
 state 'realSubmit' of flow 'login' -- action execution attributes were 
 'map[[empty]]'] with root cause
  java.lang.NoClassDefFoundError: Could not initialize class 
 org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint
   at 
 org.springframework.aop.aspectj.AspectJAroundAdvice.lazyGetProceedingJoinPoint(AspectJAroundAdvice.java:79)
 
 So, where I made it wrong? what's the perfect way to use the cas-addons 
 project where I need from it:
 the TOTP class
 the JSON service registry
 Best regards
 
 On Mon, Jul 13, 2015 at 5:53 PM, Misagh Moayyed mmoay...@unicon.net 
 mailto:mmoay...@unicon.net wrote:
 The 4.1 branch is not exactly active and maintained, because the release is 
 not yet available. You’ll need to compare your cas.properties with that of 
 CAS 4.1, find out what’s missing in yours and add them .
 
 - Misagh
 
 On Jul 13, 2015, at 4:19 AM, Nouman Fallouh nouman...@gmail.com 
 mailto:nouman...@gmail.com wrote:
 
 First, the line #110 in this page:
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/4.1/etc/cas.properties
  
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/4.1/etc/cas.properties
 Shouldn't it be commented !?
 
 Then, I did so and I'd literally followed the instructions there and when 
 running (mvn clean package) I saw this line:
 Downloading: 
 https://oss.sonatype.org/content/repositories/snapshots/org/jasig/cas/cas-server-webapp/4.1.0-SNAPSHOT/cas-server-webapp-4.1.0-20150711.162329-701.war
  
 https://oss.sonatype.org/content/repositories/snapshots/org/jasig/cas/cas-server-webapp/4.1.0-SNAPSHOT/cas-server-webapp-4.1.0-20150711.162329-701.war
 It downloaded this .war file (39329 KB) don't know why?!
 
 Then when trying to deploy it it failed, would you please see this brief 
 from the log:
 SLF4J: Class path contains multiple SLF4J bindings.
 SLF4J: Found binding in 
 [jar:file:/opt/tomcat8/webapps/cas/WEB-INF/lib/log4j-slf4j-impl-2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
 SLF4J: Found binding in 
 [jar:file:/opt/tomcat8/webapps/cas/WEB-INF/lib/cas-server-core-4.1.0-SNAPSHOT.jar!/org/slf4j/impl/StaticLoggerBinder.class]
 SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings 
 http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
 SLF4J: Actual binding is of type 
 [org.apache.logging.slf4j.Log4jLoggerFactory]
 2015-07-13 04:58:34,893 INFO [org.jasig.cas.CasEnvironmentContextListener] - 
 
  Welcome to CAS 
 CAS Version: 4.1.0-SNAPSHOT
 Java Home: /usr/lib/jvm/java-8-oracle/jre
 Java Vendor: Oracle Corporation
 Java Version: 1.8.0_40
 OS Architecture: amd64
 OS Name: Linux
 OS Version: 3.2.0-4-amd64
 ***
 
 2015-07-13 04:58:35,262 WARN 
 [org.springframework.web.context.support.XmlWebApplicationContext] - 
 Exception encountered during context initialization - cancelling refresh 
 attempt
 org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean 
 definition with name 'cookieCipherExecutor' defined in ServletContext 
 resource 
 [/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml]: 
 Could not resolve placeholder 'tgc.encryption.key' in string value 
 ${tgc.encryption.key}; nested exception is 
 java.lang.IllegalArgumentException: Could not resolve placeholder 
 'tgc.encryption.key' in string value ${tgc.encryption.key}
  
 I didn't face

Re: [cas-user] JSON Service Management

2015-08-05 Thread Dmitriy Kopylenko

So your best bet for CAS 4.0.x is to use TOTP class in your own package (there 
is no need to maintain it in a separate wrapper open source library) in 
conjunction with YAML service registry: 
https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry 
https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry

Or just wait until CAS 4.1 gets released (don’t know when this would happen) 
and start using a CAS’ native JSON service registry.

Cheers,
D.

 On Aug 5, 2015, at 9:03 AM, Dmitriy Kopylenko dkopyle...@unicon.net wrote:
 
 FWIW - cas-addons project is not officially supported on CAS 4.x series as 
 noted here: https://github.com/Unicon/cas-addons#notice 
 https://github.com/Unicon/cas-addons#notice
 
 Best,
 D.
 
 On Aug 5, 2015, at 7:11 AM, Nouman Fallouh nouman...@gmail.com 
 mailto:nouman...@gmail.com wrote:
 
 I'd used the version 4.0.3 and everything goes fine where I'd integrated the 
 OTP factor in my implementation by using the class `TOTP.java` from the 
 `cas-addons project` in a custom package of mine.
 
 My problem comes when I tried to use the cas-addons project it self by 
 adding it as a dependency in the `pom.xml` like this:
 
 dependency
  groupIdnet.unicon.cas/groupId
  artifactIdcas-addons/artifactId
  version1.17/version
 /dependency
 
 The server starts up nicely but when submitting credentials it fails with an 
 red error message:
 CAS is Unavailable
 
 There was an error trying to complete your request. Please notify your 
 support desk or try again.
 
 The tomcat log gives this:
 
 05-Aug-2015 13:38:49.488 SEVERE [http-nio-8443-exec-394] 
 org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for 
 servlet [cas] in context with path [/cas] threw exception [Request 
 processing failed; nested exception is 
 org.springframework.webflow.execution.ActionExecutionException: Exception 
 thrown executing [AnnotatedAction@1732d886 targetAction = 
 [EvaluateAction@3c81c920 expression = 
 authenticationViaFormAction.submit(flowRequestContext, flowScope.credential, 
 messageContext), resultExpression = [null]], attributes = map[[empty]]] in 
 state 'realSubmit' of flow 'login' -- action execution attributes were 
 'map[[empty]]'] with root cause
  java.lang.NoClassDefFoundError: Could not initialize class 
 org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint
  at 
 org.springframework.aop.aspectj.AspectJAroundAdvice.lazyGetProceedingJoinPoint(AspectJAroundAdvice.java:79)
 
 So, where I made it wrong? what's the perfect way to use the cas-addons 
 project where I need from it:
 the TOTP class
 the JSON service registry
 Best regards
 
 On Mon, Jul 13, 2015 at 5:53 PM, Misagh Moayyed mmoay...@unicon.net 
 mailto:mmoay...@unicon.net wrote:
 The 4.1 branch is not exactly active and maintained, because the release is 
 not yet available. You’ll need to compare your cas.properties with that of 
 CAS 4.1, find out what’s missing in yours and add them .
 
 - Misagh
 
 On Jul 13, 2015, at 4:19 AM, Nouman Fallouh nouman...@gmail.com 
 mailto:nouman...@gmail.com wrote:
 
 First, the line #110 in this page:
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/4.1/etc/cas.properties
  
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/4.1/etc/cas.properties
 Shouldn't it be commented !?
 
 Then, I did so and I'd literally followed the instructions there and when 
 running (mvn clean package) I saw this line:
 Downloading: 
 https://oss.sonatype.org/content/repositories/snapshots/org/jasig/cas/cas-server-webapp/4.1.0-SNAPSHOT/cas-server-webapp-4.1.0-20150711.162329-701.war
  
 https://oss.sonatype.org/content/repositories/snapshots/org/jasig/cas/cas-server-webapp/4.1.0-SNAPSHOT/cas-server-webapp-4.1.0-20150711.162329-701.war
 It downloaded this .war file (39329 KB) don't know why?!
 
 Then when trying to deploy it it failed, would you please see this brief 
 from the log:
 SLF4J: Class path contains multiple SLF4J bindings.
 SLF4J: Found binding in 
 [jar:file:/opt/tomcat8/webapps/cas/WEB-INF/lib/log4j-slf4j-impl-2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
 SLF4J: Found binding in 
 [jar:file:/opt/tomcat8/webapps/cas/WEB-INF/lib/cas-server-core-4.1.0-SNAPSHOT.jar!/org/slf4j/impl/StaticLoggerBinder.class]
 SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings 
 http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
 SLF4J: Actual binding is of type 
 [org.apache.logging.slf4j.Log4jLoggerFactory]
 2015-07-13 04:58:34,893 INFO [org.jasig.cas.CasEnvironmentContextListener] 
 - 
  Welcome to CAS 
 CAS Version: 4.1.0-SNAPSHOT
 Java Home: /usr/lib/jvm/java-8-oracle/jre
 Java Vendor: Oracle Corporation
 Java Version: 1.8.0_40
 OS Architecture: amd64
 OS Name: Linux
 OS Version: 3.2.0-4-amd64
 ***
 
 2015-07-13 04:58:35,262 WARN

Re: [cas-user] Leading White space in username/netid

2015-08-04 Thread Dmitriy Kopylenko

https://groups.google.com/forum/m/#!topic/jasig-cas-user/pz-NZH9H7yI

Sent from my iPhone

 On Aug 4, 2015, at 18:54, Bryan Wooten bryan.woo...@utah.edu wrote:
 
 Hi all,
 
 Here is the scenario:
 
 Login into our CASified Peoplesoft with a leading whitespace on the user name.
 CAS authenticates against OpenDJ just fine
 Peoplesoft gets the netid/username with the leading white space in 
 REMOTE_USER (We are using the Wrapper Filter)
 Peoplesoft can’t resolve the principle.
 Second scenario with DUO
 
 Login into the Peoplesoft portal as a user requiring Duo MFA, again with 
 leading whitespace.
 Get past initial CAS login page
 Duo thinks this is a new Duo user and prompts for enrollment.
 What is the deal with leading whitespace? Shouldn't the LDAP bind catch this 
 and not authenticate?
 Should the CAS login page use javascript to trim white space?
 Should the CAS server auth module trim the whitespace on the backend?
 
 Anyway this first appeared on the duo-users mail list today and I verified 
 the behavior.
 
 Unicon CAS-MFA 3.5.2 / OpenDJ LDAP.
 
 Thoughts?
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Attribute repository with multiple different sources

2015-07-30 Thread Dmitriy Kopylenko

FWIW, the Spring Modules projects is defunct: 
https://springmodules.dev.java.net/ https://springmodules.dev.java.net/

It’s kind of sad that actively used projects depend on other dead projects.

Cheers,
D.

 On Jul 30, 2015, at 8:25 AM, Whittaker, Geoffrey geoff.whitta...@unf.edu 
 wrote:
 
 Thanks, 
 
 I don't think that requiring the logout is sufficiently painful enough to
 warrant the other cache for us.  
 
 I was getting problems with needing spring-modules-cache.  I added that to
 my POM, but it has like 31 dependencies.  And apparently they were not all
 in the sonnatype repos.  I found a post on the uportal list where someone
 had a similar problem and excluded most of them.  I was able to get it to
 build after that, but I still wasn't getting it to work.
 
 Since I'm not doing the cached repository right now, I'm not worried about
 it any longer.Now, I'm just concentrating on fixing the
 LdapPersonAttributeDao and wiring up the MergingPersonAttributeDAO.  For
 some reason, I'm not getting a query builder returned (getting NULL), so the
 queries either aren't happening or are happening for nothing.  The logs are
 below, but I dont think it's anything complicated. I probably just
 fat-fingered something yesterday.
 
 2015-07-29 15:10:12,263 DEBUG
 [org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
 Creating SimplePrincipal for [me]
 2015-07-29 15:10:12,263 DEBUG
 [org.jasig.cas.persondir.LdapPersonAttributeDao] - Created seed
 map='{username=[me]}' for uid=' me'
 2015-07-29 15:10:12,263 DEBUG
 [org.jasig.cas.persondir.LdapPersonAttributeDao] - Generated query builder
 'null' from query Map {username=[me]}.
 2015-07-29 15:10:12,263 DEBUG
 [org.jasig.cas.persondir.LdapPersonAttributeDao] - No queryBuilder was
 generated for query {username=[ me]}, null will be returned
 2015-07-29 15:10:12,279 DEBUG
 [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
 org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver@1705
 dc3f resolved me from me+password
 2015-07-29 15:10:12,279 INFO
 [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
 Authenticated me with credentials [n00638663+password].
 2015-07-29 15:10:12,279 DEBUG
 [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute
 map for me: {}
 
 
 Geoff 
 
 -Original Message-
 From: Misagh Moayyed [mailto:mmoay...@unicon.net] 
 Sent: Thursday, July 30, 2015 1:42 AM
 To: cas-user@lists.jasig.org
 Subject: RE: [cas-user] Attribute repository with multiple different sources
 
 Attributes are cached in the TGT, yes. The caching of merged attributes is
 not required; it only comes into play when you logout and destroy your TGT
 and attempt to log back in, at which time depending on persondir cache
 configuration, the repository may not be contacted because it already has
 cached copies of the attributes. So things will go faster, if the
 attribute-fetching process from the repository is a resource-expensive
 operation.
 
 I suppose, the most comprehensive example is what uPortal does today with
 persondir:
 https://github.com/Jasig/uPortal/blob/master/uportal-war/src/main/resource
 s/properties/contexts/personDirectoryContext.xml
 
 Note that a side-effect of caching attributes in the TGT is that they will
 not change during the lifetime of a TGT; so if you decided to change an
 attribute from X to Y, at this point, the only way to recognize that change
 is to ask the user to log out and log back (think attribute-driven MFA for
 instance). Future versions of CAS will present a feature to not require that
 logout, should you need immediate changes to the attribute repository.
 
 What sort of odd dependency requirements are you running into?
 
 -Original Message-
 From: Whittaker, Geoffrey [mailto:geoff.whitta...@unf.edu]
 Sent: Wednesday, July 29, 2015 11:55 AM
 To: cas-user@lists.jasig.org
 Subject: RE: [cas-user] Attribute repository with multiple different sources
 
 So, I've been playing with this for a few hours now and I was wondering if
 someone could share some insights.
 
 The documentation on github says to use a large blob of beans and I was
 reviewing the persondir docs and it seems much simpler on theirs.  I was
 wondering is the caching of the merged attributes necessary?  I mean,
 they're cached already in the TGT, right?Also, I keep running into odd
 dependency requirements when I try to implement as shown in github.  Does
 anyone have a working template they can share with me?
 
 From github:
 bean id=mergedPersonAttributeDao
 
 class=org.jasig.services.persondir.support.CachingPersonAttributeDaoImpl
 
property name=cacheNullResults value=true /
property name=userInfoCache
bean class=org.jasig.portal.utils.cache.MapCacheFactoryBean
property name=cacheFactory ref=cacheFactory /
property name=cacheName
 value=org.jasig.services.persondir.USER_INFO.merged /
/bean
/property

Re: [cas-user] Drop the management webapp

2015-07-27 Thread Dmitriy Kopylenko

And I just want to also clarify one bit - the proposal is not to entirely 
“abandon” the management UI, but to move it out of the CAS core repository into 
its own project, with its own release cycle.

 On Jul 27, 2015, at 10:30 AM, Jérôme LELEU lel...@gmail.com wrote:
 
 Hi,
 
 The proposed alternative with the server CAS v4.1 is to manually edit your 
 JSON services: add a JSON file to add a service, change a JSON file to update 
 a service, delete a JSON file to remove a service...
 
 Fairly basic, but it might be sufficient for most needs.
 
 Thanks.
 Best regards,
 Jérôme
 
 
 2015-07-27 16:27 GMT+02:00 Tom Poage tfpo...@ucdavis.edu 
 mailto:tfpo...@ucdavis.edu:
 
  On Jul 26, 2015, at 7:08 AM, Jérôme LELEU lel...@gmail.com 
  mailto:lel...@gmail.com wrote:
 ...
  I'd like to get feedbacks on this idea: do CAS deployers use it? How?
 
 We were hoping to start using the registry as a means/layer of controlling 
 who can use of CAS, with UI being a self-service component for CAS clients.
 
 Let's say the UI is dropped. What alternatives are in use for CAS clients to 
 register their services? Does it have approval workflow? Etc.
 
 Thanks!
 Tom.
 --
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: lel...@gmail.com 
 mailto:lel...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Backporting of the cas-server-support-rest project for CAS 4.0.x (current stable version)

2015-07-27 Thread Dmitriy Kopylenko

FWIW, there is an existing addon for CAS 3.5 (which works with the older Spring 
versions that CAS depends on): 
https://github.com/unicon-cas-addons/cas35-addon-rest 
https://github.com/unicon-cas-addons/cas35-addon-rest

May be you could take the inspiration form it, or even fork it and make the 
addon work with CAS 4.0.x.

Cheers,
D.

 On Jul 27, 2015, at 10:37 AM, Andrea Ciapetti andrea.ciape...@gmail.com 
 wrote:
 
 Thank you for your answer.
 I'm currently not subscribed to the cas-dev mailing list, but I'll follow 
 your suggestion if I will not succeed in backporting the functionality myself.
 
 Best Andrea
 
 
 2015-07-27 16:15 GMT+02:00 Misagh Moayyed mmoay...@unicon.net 
 mailto:mmoay...@unicon.net:
 I don’t think there are any plans to backport that module over to 4.0.x. 
 Other possible options would be to remove the CAS filter from your web.xml 
 file that Restlet does not like, or  investigate to see if future Restlet 
 versions have made a fix available that allows the restlet module to work 
 with additional filters in the chain.
 
  
 
 Also, you may want to try to post to @cas-dev as well as this really seems 
 like a question for that list/group.
 
  
 
 From: Andrea Ciapetti [mailto:andrea.ciape...@gmail.com 
 mailto:andrea.ciape...@gmail.com] 
 Sent: Monday, July 27, 2015 5:09 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: [cas-user] Backporting of the cas-server-support-rest project for 
 CAS 4.0.x (current stable version)
 
  
 
 Hi CAS Developers,
 
 I'm currently implementing a project in which CAS Server is integrated with 
 Spring Security Oauth2 to provide authentication and authorization over a set 
 of REST Services. I'm currently using a customized overlay based on CAS 
 Server 4.0.1.
 
 For logging in REST Clients I have planned to use the REST API endpoints 
 (/v1/tickets), but I'm facing the same issue described in 
 https://github.com/Jasig/cas/issues/886 
 https://github.com/Jasig/cas/issues/886.
 
 I know that in the current trunk a new version of the endpoints, written with 
 Spring REST Template (instead of Restlet), have been implemented and is 
 available. So my question is: is there any plans to make a back-port of the 
 new endpoint APIs for CAS 4.0.x (current stable version)?
 
 I have also tried to perform the backporting of the Tickets Service class 
 myself, but I have some issues, probably related to the new version of Spring 
 used.
 
 I think it can be very useful for several users, that use the current stable 
 version.
 
 Thanks a lot.
 
 -Andrea
 
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: mmoay...@unicon.net 
 mailto:mmoay...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: andrea.ciape...@gmail.com 
 mailto:andrea.ciape...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] shib idp 3 CAS support

2015-07-18 Thread Dmitriy Kopylenko

As the matter of fact we have done so :-) The implementation needs some 
polishing before it could be publicly announced (on the shib lists), but it's 
coming :-)

Have a great weekend. 

D. 

Sent from my iPhone

 On Jul 18, 2015, at 15:58, Paul B. Henson hen...@cpp.edu wrote:
 
 On Fri, Jul 17, 2015 at 03:25:35PM -0400, Dmitriy Kopylenko wrote:
 Just want to conclude this thread with a pretty good read about Hazelcast
 
 So... Any chance you guys at Unicon have any interest in putting together a
 Hazelcast based clustering backend for idp 3 :)?
 
 
 -- 
 Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
 Operating Systems and Network Analyst  |  hen...@cpp.edu
 California State Polytechnic University  |  Pomona CA 91768
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Querying CAS audit data with Splunk

FWIW, the underlying Inspektr's component that CAS uses for its slf4j audit
events destination is extensible, and one could always plugin their own output
formatting implementation to suit their needs:

https://github.com/Jasig/inspektr/blob/master/inspektr-audit/src/main/java/org/jasig/inspektr/audit/support/AbstractStringAuditTrailManager.java

Best,
Dmitriy.

On Jul 17, 2015, at 9:12 AM, Marvin Addison marvin.addi...@gmail.com wrote:

I recall having seen some discussion of CAS+Splunk in the past. We've been
ingesting all CAS logs into Splunk for over a year now and it's generally
awesome. We recently had a need to query for a list of services accessed by a
single user, and that turns out to be spectacularly difficult due to the
layout of the audit logs. The root problem is that the CAS audit log is a
record-oriented log (timestamp, what, principal, action,...), but the TGT
that could be used to correlate the service access events jumps around. In
the case of an authentication, where the user principal is logged, it's in
the what field. In the service ticket creation events, where you see the
service name in the what field, it appears in the principal field. That
precludes the use of the Splunk transaction command, which would make the
query trivial.

Given the layout of CAS audit logs, has anyone accomplished this sort of
query? I think join with field renaming may be promising, but I am afraid the
performance may be so terrible it won't be feasible for any large time window.

I don't know how popular Splunk is in the CAS community, but we might
consider some changes to the audit log format to facilitate follow this
ticket kind of queries. It could arguably have value beyond Splunk.

--
You are currently subscribed to cas-user@lists.jasig.org as:
dkopyle...@unicon.net
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Querying CAS audit data with Splunk



 
 Sure, and we have extended it locally for our deployment. I think it's fair 
 to consider, however, whether the defaults are convenient for common query 
 cases. For anyone ingesting logs into Splunk, the layout is indeed quite 
 inconvenient.
 

I cannot argue with that! ;-) Time to re-think the default output format?

Cheers,
D.


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] mfa + any distributed cache = fail

OK, Michael,

I’ve chased it down. It is indeed a bug in cas-mfa code. I’m planning a fix on 
Monday and then we could cut another quick RC release with 1.0 GA to follow 
shortly. Misagh, what do you say?

Cheers,
D.

 On Jul 17, 2015, at 12:34 PM, Misagh Moayyed mmoay...@unicon.net wrote:
 
 Michael,
 
 You may have done this already and I may have missed it, but if possible, you 
 could put your overlay configuration somewhere on github that we can try and 
 go through? This would help us determine if the problem is somewhere in the 
 core mfa code or outside of it. 
 
 - Misagh
 
 On Jul 17, 2015, at 12:05 PM, Michael O Holstein 
 michael.holst...@csuohio.edu mailto:michael.holst...@csuohio.edu wrote:
 
 I have built cas-mfa-overlay RC5 from fresh pull a couple of times now .. 
 and as long as I use the default ticketManager, everything works fine.
 
 As soon as I try and enable another cache manager (I've tried memcached and 
 ehcache thus far) I get a failure mode whereby the first login to CAS or a 
 CAS service works fine. The *NEXT* login to something (whereby the TGT 
 should be verified from the cache) fails with a 500 web error and this 
 exception thrown :
 
 Jul 17, 2015 11:53:13 AM org.apache.catalina.core.StandardWrapperValve invoke
 SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] 
 threw exception [Request processing failed; nested exception is 
 org.springframework.webflow.execution.ActionExecutionException: Exception 
 thrown executing org.jasig.cas.web.flow.InitialFlowSetupAction@30502819 in 
 state 'null' of flow 'login' -- action execution attributes were 
 'map[[empty]]'] with root cause
 java.lang.ClassCastException: Cannot cast 
 org.jasig.cas.ticket.registry.AbstractDistributedTicketRegistry$TicketGrantingTicketDelegator
  to org.jasig.cas.ticket.TicketGrantingTicketImpl
 
 I've already dealt with the bug of competing classes between the ticket 
 ehcache and the one that comes with support-radius using an exclusion in the 
 overlay .. but regardless of what cache manager I use I always get the above 
 error when trying to authenticate to the 2nd (and subsequent) service.
 
 Actually it fails way before it even gets to looking up services, because 
 something that normally would fail with not authorized like this :
 
 https://my.cas.server/cas/login?TARGET=https://foo.bar 
 https://my.cas.server/cas/login?TARGET=https://foo.bar .. still barfs with 
 the cannot cast exception.
 
 Anyone have any ideas on this? I've been through spring forums and Google 
 and not found much to point me in the right direction.
 
 Thanks,
 
 Michael Holstein
 Cleveland State University
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: mmoay...@unicon.net 
 mailto:mmoay...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] shib idp 3 CAS support

Just want to conclude this thread with a pretty good read about Hazelcast. 
Arguably, by now Hazelcast software (at v3.5) is a pretty robust, 
well-implement and mature distributed grid/cache.

http://www.brickendon.com/articles/achieving-low-latency-using-distributed-cache/
 
http://www.brickendon.com/articles/achieving-low-latency-using-distributed-cache/

Best,
D.

 On Jul 14, 2015, at 3:32 PM, Paul B. Henson hen...@cpp.edu wrote:
 
 From: Marvin Addison
 Sent: Tuesday, July 14, 2015 6:33 AM
 
 Correct. What makes this acceptable in many if not most cases is that the 
 lost
 state is SSO state where the effect on the user is to log in again. As 
 failure
 modes go, that's graceful behavior.
 
 Arguably true, but still not optimal :). Contrary to what seems to be the 
 average deployment, I also encrypt the cluster replication traffic over the 
 wire, so I perhaps have stricter requirements for perfection than generally 
 considered ;).
 
 Peer-to-peer replication incurs a cost and in my experience the failure 
 modes of
 replication are orders of magnitude worse than anything I've seen with
 memcached. Perhaps over time Hazelcast will prove itself both reliable and 
 fault
 tolerant, but it's patently new technology at this point and needs some road
 time to convince me.
 
 I load tested it pretty heavily including random node restarts and it never 
 blipped. We've been running it in production for about a year and a half and 
 I haven't seen a single problem (knock on wood). We've probably done at least 
 4-5 rolling updates since then where we pulled a node out of the cluster and 
 then stuck it back in, I'm unaware of any user facing issues or unnecessary 
 re-authentications. In any case, I'm pretty happy with it :), and wouldn't 
 really want to trade it out for memcached.
 
 Thanks…
 
 --
 Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
 Operating Systems and Network Analyst  |  hen...@cpp.edu
 California State Polytechnic University  |  Pomona CA 91768
 
 
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Redirection is not working after successfull authentication

2015-07-07 Thread Dmitriy Kopylenko

What does your client app’s web.xml look like? What does your CAS’
deployerConfigContext.xml look like?

Alternatively, if you are building Java web apps with Spring Boot (highly
recommended these days), you could easily CAS-protect it with the available
auto config CAS client library, specifically written for Spring’s Javaconfig
style apps and Spring Boot apps in particular. The sample app is available
here: https://github.com/UniconLabs/bootiful-cas-client
https://github.com/UniconLabs/bootiful-cas-client

Cheers,
Dmitriy.

On Jul 7, 2015, at 8:43 AM, Ercan Canlıer ercan.canl...@gmail.com wrote:

Hi everybody,
I have currently installed a CAS server by following the maven war overlay
convention.
I am running also Apache Directory Server for LDAP authentication.
The integration works fine and if you provide the principles correct, it is
successfully authenticated.
I want to establish SSO for the applications which will be CAS services.
I correctly configured web.xml for the cas client and it is succesfully being
redirected to the login page when i open the application via browser.
Everything works fine till now but there is one issue which i am facing at
the moment.
CAS does not redirect back to the application.
Below is the url for the redirection:

https://localhost:8443/cas/login?TARGET=https%3A%2F%2Flocalhost%3A8443%2Fcas-sample-java-webapp%2F

According to the documentation, i expected service=application_url but here
TARGET as a key.

On the other hand, if i change TARGET to service, CAS throws exception,
saying,

Application Not Authorized to Use CAS

How can i configure my java application as a java client?

I am currently using the latest cas version, 4.0.2

Hope you can give me some hints.

I could not get success by following the current documentation and templates.

Thanks

.
Best regards.
Ercan CANLIER
--
You are currently subscribed to cas-user@lists.jasig.org as:
dkopyle...@unicon.net
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Embedding username info in Service ticket

2015-07-01 Thread Dmitriy Kopylenko

And one last thing - here's a good article to read which gives a good overview 
of token-based authentication for REST-based architectures (using JWT in this 
instance): 

https://stormpath.com/blog/token-auth-spa/

Cheers,
D.

Sent from my iPhone

 On Jun 30, 2015, at 23:16, David Langenberg da...@uchicago.edu wrote:
 
 OAuth won't help you much more as you'll still have to do the validation of 
 the access token for every API call with your provider.  OpenIDConnect is 
 built on OAuth, so same issue there, granted they do have front-channel flows 
 that will provide you with the ID Token in a single step.  That *might* solve 
 your problem or not depending on the value of the aud field in the ID token.  
 Bottom line, you're not going to get away from having to do some kind of 
 validation or build/deploy a robust authentication platform no matter what 
 protocol you choose.
 
 Dave
 
 On Tue, Jun 30, 2015 at 9:06 PM, Ajay Madhavan ajayma...@gmail.com wrote:
 The issue here is I cannot just validate once. My eco system is rest based 
 and we cannot rely on the session as the service could be multi-instance.
 
 So I possibly could end up with a large number of validations..I can look 
 into oauth or open id.
 
 Thanks for all the replies. Looks like there is no way to do the 
 user-embedding on the service ticket.
 
 Ajay
 
 On Tue, Jun 30, 2015 at 1:40 PM, Mailvaganam, Hari 
 hari.mailvaga...@ubc.ca wrote:
 If managing API ACL - perhaps OAuth/Open ID Connect? Or as another poster 
 replied, manage via session, upon initial CAS validate.
 
 Averaging 300K CAS validations/day at term time - no performance issues 
 with 5 load balanced VMs.
 
 From: Ajay Madhavan [ajayma...@gmail.com]
 Sent: Monday, June 29, 2015 15:10
 To: cas-user@lists.jasig.org
 
 Subject: Re: [cas-user] Embedding username info in Service ticket
 
 Hi Carl,
 
 I do have a distributed system where I have multiple services. Imaging each 
 service to be a host by itself. I use cas for authenticating access to all 
 services.
 
 I am expecting api scale to increase enormously over close to say 1000 api 
 per second or so.
 
 I was trying to understand if I could avoid network calls if each of these 
 services were inside a host by themselves. I do understand the CAS 
 protocol, just wanted to see if there was a secure way of scaling 
 horizontally.
 
 
 Regards
 Ajay
 
 On Mon, Jun 29, 2015 at 1:33 PM, Waldbieser, Carl waldb...@lafayette.edu 
 wrote:
 
 Service ticket validation is more or less integral to how CAS works.
 Maybe if you could explain a bit more in depth what you are trying to 
 accomplish, it might make more sense to the members of the community, and 
 you could receive better advice.
 
 Also, why do you believe there would be some kind of bottleneck validating 
 service tickets?  What kind of volume have you measured or are you 
 expecting in terms of validations per unit of time?
 
 Thanks,
 Carl Waldbieser
 ITS Systems Programmer
 Lafayette College
 
 - Original Message -
 From: Ajay Madhavan ajayma...@gmail.com
 To: cas-user@lists.jasig.org
 Sent: Monday, June 29, 2015 4:20:49 PM
 Subject: Re: [cas-user] Embedding username info in Service ticket
 
 I do have a secure mechanism to encrypt my service ticket with the public
 key and then decrypt it later using the private-key.
 
 Also there are multiple webapps which are being protected by the CAS
 service and I dont want the service validate to be a bottle neck for each
 of those webapps. I know service ticket generation does do that. But I want
 to see if I can skip service validation at least.
 
 Thanks
 Ajay
 
 
 
 On Mon, Jun 29, 2015 at 1:04 PM, Dmitriy Kopylenko dkopyle...@unicon.net
 wrote:
 
  I second what Andy says, and just want to add that service ticket
  validation is the necessary step in a secure CAS protocol, and the simple
  answer is - “no, you cannot skip the ST validation step”.
 
  Best,
  Dmitriy.
 
   On Jun 29, 2015, at 3:55 PM, Andrew Morgan mor...@orst.edu wrote:
  
   On Mon, 29 Jun 2015, Ajay Madhavan wrote:
  
   I want to skip service validation. I want to distribute the validation
   among all my webapps where i can obtain the username from the service
   ticket.
  
   I still want to use CAS for service ticket generation.
  
   If you don't validate the ST over a back-channel connection, then how 
   do
  you prevent someone from spoofing the username?  An attacker could put
  whatever they want in the ST value to become any other user.
  
   Validating the ST is a necessary step for security.
  
   I don't understand what you mean by distribute the validation among 
   all
  my webapps.
  
 Andy
  
   --
   You are currently subscribed to cas-user@lists.jasig.org as:
  dkopyle...@unicon.net
   To unsubscribe, change settings or access archives, see
  http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 
  --
  You are currently subscribed to cas-user@lists.jasig.org as:
  ajayma...@gmail.com
  To unsubscribe, change settings

Re: [cas-user] CAS and MemchachedTicketRegistry

2015-06-30 Thread Dmitriy Kopylenko

I could be biased here, but I find the Hazelcast ticket registry is the 
simplest one (no external server processes required, etc.) and it just works.

Best,
Dmitriy.

 On Jun 30, 2015, at 9:50 AM, Michael O Holstein 
 michael.holst...@csuohio.edu wrote:
 
 I am using (or rather attempting to use) MemcachedTicketRegistry .. I cannot 
 seem to get version 3.5.x or 3.6.x to write to more than one server .. in 
 cas.properties I have tried :
 
 memcached.servers=tcp://server1:11211 tcp://server1:11211, 
 tcp://server2:11211 tcp://server2:11211 (uri syntax)
 
 memcached.servers=server1:11211 server2:11211 (space delimiter)
 
 memcached.servers=server1:11211,server2:11211 (comma delimiter)
 
 memcached.servers=server1:11211;server2:11211 (semicolon delimiter)
 
 memcached.servers=server1:11211,server2:11211 (quoted)
 
 
 
 so what is the correct format for this?
 
 as a related question .. since repccached was last updated ~2012 whats the 
 latest preference for managing a cluster of these .. couchbase?  hazlecrest? 
 .. let me know if you have suggestions.
 
 Thanks
 
 Michael Holstein
 Cleveland State University 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Embedding username info in Service ticket

2015-06-29 Thread Dmitriy Kopylenko

I second what Andy says, and just want to add that service ticket validation is 
the necessary step in a secure CAS protocol, and the simple answer is - “no, 
you cannot skip the ST validation step”.

Best,
Dmitriy.

 On Jun 29, 2015, at 3:55 PM, Andrew Morgan mor...@orst.edu wrote:
 
 On Mon, 29 Jun 2015, Ajay Madhavan wrote:
 
 I want to skip service validation. I want to distribute the validation
 among all my webapps where i can obtain the username from the service
 ticket.
 
 I still want to use CAS for service ticket generation.
 
 If you don't validate the ST over a back-channel connection, then how do you 
 prevent someone from spoofing the username?  An attacker could put whatever 
 they want in the ST value to become any other user.
 
 Validating the ST is a necessary step for security.
 
 I don't understand what you mean by distribute the validation among all my 
 webapps.
 
   Andy
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] command-line phpCAS client

2015-06-05 Thread Dmitriy Kopylenko

That’s how it works - on successful authentication /v1/tickets resource returns 
HTTP 201 with the HTML snippet in the body (not very useful) and the TGT 
resource e.g. …/v1/tickets/{TGT}. in the HTTP Location header. You’d need to 
get that resource from the Location header to request STs.

Take a look here for some programmatic access examples: 
https://wiki.jasig.org/display/casum/restful+api 
https://wiki.jasig.org/display/casum/restful+api

Cheers,
D.

 On Jun 5, 2015, at 3:43 PM, Romov, Phil pro...@harryfox.com wrote:
 
 Dmitriy,
 Actually, when I supply username, password, it gives me back HTML5 content, 
 saying Log In Successful…
 
 But I was expecting some kind of json or easily parse-able content like 
 “Login success” or “Login fail”, not an entire !doctype html webpage
 
 So while its working in theory, perhaps I have missed a setup somewhere?
 
 I’m linking a screenshot of what I’m looking at.  (I suppose if I attach 
 images to the user group it will not work?)
 http://i.imgur.com/hsAX3vl.png
 
 Please advise
 
 Thanks
 Phil
 
 
 
 From: Dmitriy Kopylenko dkopyle...@unicon.netmailto:dkopyle...@unicon.net
 Reply-To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 Date: Thursday, June 4, 2015 at 2:05 PM
 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] command-line phpCAS client
 
 Did you POST to /v1/tickets with url encoded username, password ?
 
 D.
 
 On Jun 4, 2015, at 1:59 PM, Romov, Phil 
 pro...@harryfox.commailto:pro...@harryfox.com wrote:
 
 I have tried using Postman rest client, as well as a browser
 
 Both ways the result is the same: the contents of /cas/login are served
 for a /cas/v1/tickets request
 
 I suppose I could try sending POST to /cas/login directly, but I¹m not
 even sure if that is supported
 
 Any guidance is welcome
 
 Thanks
 Phil
 
 On 6/4/15, 1:33 PM, Dmitriy Kopylenko 
 dkopyle...@unicon.netmailto:dkopyle...@unicon.net wrote:
 
 Would you please provide an example of how you try to ³open² /v1/tickets
 resource?
 
 Best,
 Dmitriy.
 
 On Jun 4, 2015, at 1:22 PM, Romov, Phil 
 pro...@harryfox.commailto:pro...@harryfox.com wrote:
 
 So I¹ve followed
 http://jasig.github.io/cas/4.0.x/protocol/REST-Protocol.html and edited
 pom.xml and web.xml (the latter one in tomcat/webapps/cas/WEB-INF not in
 tomcat/conf, not sure if that matters)
 
 But if I try to open /cas/v1/tickets for example it redirects me to
 /cas/login
 
 What gives?
 
 Thanks
 Phil
 
 From: Aaron Grant 
 asgr...@oakland.edumailto:asgr...@oakland.edumailto:asgr...@oakland.edu
 Reply-To: 
 cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 Date: Thursday, June 4, 2015 at 10:23 AM
 To: 
 cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] command-line phpCAS client
 
 I'd take a look at the CAS REST API. This might help you out. Note the
 warning on the documentation and protect yourself from any bruce force
 attacks in you enable this (i.e. add locking for multiple incorrect
 authentications).
 
 http://jasig.github.io/cas/4.0.x/protocol/REST-Protocol.html
 
 On Thu, Jun 4, 2015 at 10:00 AM, Romov, Phil
 pro...@harryfox.commailto:pro...@harryfox.commailto:pro...@harryfox.com 
 wrote:
 Hi all,
 I want to make a small proof of concept app but first I want to make
 sure I¹m not completely off base
 
 I¹ve been able to get phpCAS client working with code igniter, but
 that¹s a webapp
 
 When I make a simple php cli app (using example_simple.php for
 starters, code pasted below) it gets as far as
 phpCAS::forceAuthentication() but then it gives me:
 (IP is blanked out by me)
 
 htmlheadtitleCAS Authentication
 wanted!/title/headbodyh1CAS Authentication wanted!/h1pYou
 should already have been redirected to the CAS server. Click a
 href=https://##.##.##.##:8443/cas/login?service=http%3A%2F%2F%3Ahttps:/##.##.##.##:8443/cas/login?service=http%3A%2F%2F%3Ahere/
 a to continue./phraddressphpCAS 1.3.3+ using server a
 href=https://##.##.##.##:8443/cas/https:/##.##.##.##:8443/cas/https://##.##.##.##:8443/cas/https:/##.##.##.##:8443/cas//a
 (CAS 2.0)/a/address/body/htmlimac-dd:cas promov$
 
 Is it possible to make a command line sso app like this?  Should I be
 using REST instead?  Something else?
 
 Thanks,
 Phil
 
 
 
 ?php
 
 
 date_default_timezone_set('America/New_York');
 
 
 $cas_host = Œ##.##.##.##¹;  //actual IP blanked out in this email
 
 $cas_port = 8443;
 
 $cas_context = '/cas';
 
 
 require_once('phpCAS/CAS.php');
 
 
 phpCAS::setDebug();
 
 
 phpCas::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
 
 
 // DEBUG ONLY, do not use this toggle in production

Re: [cas-user] command-line phpCAS client

2015-06-04 Thread Dmitriy Kopylenko

Did you POST to /v1/tickets with url encoded username, password ?

D.

 On Jun 4, 2015, at 1:59 PM, Romov, Phil pro...@harryfox.com wrote:
 
 I have tried using Postman rest client, as well as a browser
 
 Both ways the result is the same: the contents of /cas/login are served
 for a /cas/v1/tickets request
 
 I suppose I could try sending POST to /cas/login directly, but I¹m not
 even sure if that is supported
 
 Any guidance is welcome
 
 Thanks
 Phil
 
 On 6/4/15, 1:33 PM, Dmitriy Kopylenko dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net wrote:
 
 Would you please provide an example of how you try to ³open² /v1/tickets
 resource?
 
 Best,
 Dmitriy.
 
 On Jun 4, 2015, at 1:22 PM, Romov, Phil pro...@harryfox.com 
 mailto:pro...@harryfox.com wrote:
 
 So I¹ve followed
 http://jasig.github.io/cas/4.0.x/protocol/REST-Protocol.html 
 http://jasig.github.io/cas/4.0.x/protocol/REST-Protocol.html and edited
 pom.xml and web.xml (the latter one in tomcat/webapps/cas/WEB-INF not in
 tomcat/conf, not sure if that matters)
 
 But if I try to open /cas/v1/tickets for example it redirects me to
 /cas/login
 
 What gives?
 
 Thanks
 Phil
 
 From: Aaron Grant asgr...@oakland.edu 
 mailto:asgr...@oakland.edumailto:asgr...@oakland.edu 
 mailto:asgr...@oakland.edu
 Reply-To: cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org
 cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org
 Date: Thursday, June 4, 2015 at 10:23 AM
 To: cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org
 cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] command-line phpCAS client
 
 I'd take a look at the CAS REST API. This might help you out. Note the
 warning on the documentation and protect yourself from any bruce force
 attacks in you enable this (i.e. add locking for multiple incorrect
 authentications).
 
 http://jasig.github.io/cas/4.0.x/protocol/REST-Protocol.html 
 http://jasig.github.io/cas/4.0.x/protocol/REST-Protocol.html
 
 On Thu, Jun 4, 2015 at 10:00 AM, Romov, Phil
 pro...@harryfox.com 
 mailto:pro...@harryfox.commailto:pro...@harryfox.com 
 mailto:pro...@harryfox.com wrote:
 Hi all,
 I want to make a small proof of concept app but first I want to make
 sure I¹m not completely off base
 
 I¹ve been able to get phpCAS client working with code igniter, but
 that¹s a webapp
 
 When I make a simple php cli app (using example_simple.php for
 starters, code pasted below) it gets as far as
 phpCAS::forceAuthentication() but then it gives me:
 (IP is blanked out by me)
 
 htmlheadtitleCAS Authentication
 wanted!/title/headbodyh1CAS Authentication wanted!/h1pYou
 should already have been redirected to the CAS server. Click a
 href=https://##.##.##.##:8443/cas/login?service=http%3A%2F%2F%3A 
 https:/##.##.##.##:8443/cas/login?service=http%3A%2F%2F%3Ahere/
 a to continue./phraddressphpCAS 1.3.3+ using server a
 href=https://##.##.##.##:8443/cas/ 
 https:/##.##.##.##:8443/cas/https://##.##.##.##:8443/cas/ 
 https:/##.##.##.##:8443/cas//a
 (CAS 2.0)/a/address/body/htmlimac-dd:cas promov$
 
 Is it possible to make a command line sso app like this?  Should I be
 using REST instead?  Something else?
 
 Thanks,
 Phil
 
 
 
 ?php
 
 
 date_default_timezone_set('America/New_York');
 
 
 $cas_host = Œ##.##.##.##¹;  //actual IP blanked out in this email
 
 $cas_port = 8443;
 
 $cas_context = '/cas';
 
 
 require_once('phpCAS/CAS.php');
 
 
 phpCAS::setDebug();
 
 
 phpCas::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
 
 
 // DEBUG ONLY, do not use this toggle in production
 
 phpCAS::setNoCasServerValidation();
 
 
 echo Trying forceAuthentication()...\n;
 
 phpCAS::forceAuthentication();
 
 
 echo User:.phpCAS::getUser().\n;
 
 echo CAS version: .phpCAS::getVersion().\n;
 
 
 // phpCAS::logout();
 
 
 Debug log:
 
 
 8A31 .START (2015-06-04 09:55:30) phpCAS-1.3.3+ **
 [CAS.php:448]
 
 8A31 .= phpCAS::client('2.0', Œ##.##.##.##', 8443, '/cas') [app.php:13]
 
 8A31 .|= CAS_Client::__construct('2.0', false, Œ##.##.##.##',
 8443, '/cas', true) [CAS.php:341]
 
 8A31 .||Starting a new session 9aca782b40a475a5e184850ebff3303c
 [Client.php:906]
 
 8A31 .|= ''
 
 8A31 .= ''
 
 8A31 .= phpCAS::setNoCasServerValidation() [app.php:16]
 
 8A31 .|You have configured no validation of the legitimacy of the
 cas server. This is not recommended for production use. [CAS.php:1563]
 
 8A31 .= ''
 
 8A31 .= phpCAS::forceAuthentication() [app.php:19]
 
 8A31 .|= CAS_Client::forceAuthentication() [CAS.php:1025]
 
 8A31 .||= CAS_Client::isAuthenticated() [Client.php:1248]
 
 8A31 .|||= CAS_Client::_wasPreviouslyAuthenticated()
 [Client.php:1359]
 
 8A31 .||||no user

Re: [cas-user] Adding additional login field

2015-05-27 Thread Dmitriy Kopylenko

What version of CAS and which authentication handler do you use?

Dmitriy.

 On May 27, 2015, at 8:59 AM, Jonathan Bell jb...@urqui.com wrote:
 
 I am trying to add a third login field.  I am getting a message at login  
 Credentials you provided are not supported by cas Something obviously I am 
 missing in the modification. 
 
 This is what I have done
 
 I created a new credentials class, with new getter/setter methods that 
 extends usernamepasswordcredentials. 
 
 Modified login-webflow.xml and changed the var name credentials to my 
 credentials class. 
 added binding property for new field. 
 
 modified loginview.jsp to display new field. 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Adding additional login field

2015-05-27 Thread Dmitriy Kopylenko

Seems like the authentication manager is failing to recognize your 
UsernamePasswordCredentials subclass by running this piece of code:

https://github.com/Jasig/cas/blob/v3.5.3/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/support/AbstractUsernamePasswordAuthenticationHandler.java#L138
 
https://github.com/Jasig/cas/blob/v3.5.3/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/support/AbstractUsernamePasswordAuthenticationHandler.java#L138

The goal here is to figure out why. I’d personally step through a debugger, as 
there are no useful log instrumentation in authentication manager impl., etc.

D.

 On May 27, 2015, at 9:16 AM, Jonathan Bell jb...@urqui.com wrote:
 
 too quick on the enter. 
 org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
 
 On 2015-05-27 6:11 AM, Dmitriy Kopylenko wrote:
 What version of CAS and which authentication handler do you use?
 
 Dmitriy.
 
 On May 27, 2015, at 8:59 AM, Jonathan Bell jb...@urqui.com 
 mailto:jb...@urqui.com wrote:
 
 I am trying to add a third login field.  I am getting a message at login  
 Credentials you provided are not supported by cas Something obviously I 
 am missing in the modification. 
 
 This is what I have done
 
 I created a new credentials class, with new getter/setter methods that 
 extends usernamepasswordcredentials. 
 
 Modified login-webflow.xml and changed the var name credentials to my 
 credentials class. 
 added binding property for new field. 
 
 modified loginview.jsp to display new field. 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Where is persistence.xml in 4.0.x (JPA Ticket Registry)

2015-05-27 Thread Dmitriy Kopylenko

Hibernate 4.3 is the first version to implement the JPA 2.1 spec. And it's thus 
expecting the JPA 2.1 API jar on the classpath, not the JPA 2.0 API jar. Some 
“dependencies dance” might be required here (Maven excludes, etc.)

Cheers,
D.

 On May 27, 2015, at 10:02 AM, Christian Brunotte c...@lathspell.de wrote:
 
 Hallo
 
 When using packagesToScan, it works fine without persistence.xml!
 
 Did you only update the dev/4.1 or also the 4.0 documentation? Because it's 
 not 
 yet there and 4.0 seems to be the current stable.
 
 BTW, the 4.1 docs also add org.jasig.cas.adaptors.jdbc to the list which is 
 not
 in your example. Should I add it as well?
 
 Hibernate 4.1.0.Final works fine now, Hibernate 4.3.10.Final, the latest 
 Final,
 gives the following exception:
 
 java.lang.NoSuchMethodError: 
 javax.persistence.JoinTable.indexes()[Ljavax/persistence/Index;
at 
 org.hibernate.cfg.AnnotationBinder.bindJoinedTableAssociation(AnnotationBinder.java:2412)
at 
 org.hibernate.cfg.AnnotationBinder.processElementAnnotations(AnnotationBinder.java:2140)
at 
 org.hibernate.cfg.AnnotationBinder.processIdPropertiesIfNotAlready(AnnotationBinder.java:963)
at 
 org.hibernate.cfg.AnnotationBinder.bindClass(AnnotationBinder.java:796)
at 
 org.hibernate.cfg.Configuration$MetadataSourceQueue.processAnnotatedClassesQueue(Configuration.java:3845)
at 
 org.hibernate.cfg.Configuration$MetadataSourceQueue.processMetadata(Configuration.java:3799)
at 
 org.hibernate.cfg.Configuration.secondPassCompile(Configuration.java:1412)
at 
 org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1846)
at 
 org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl$4.perform(EntityManagerFactoryBuilderImpl.java:857)
at 
 org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl$4.perform(EntityManagerFactoryBuilderImpl.java:850)
at 
 org.hibernate.boot.registry.classloading.internal.ClassLoaderServiceImpl.withTccl(ClassLoaderServiceImpl.java:425)
at 
 org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.build(EntityManagerFactoryBuilderImpl.java:849)
at 
 org.hibernate.jpa.HibernatePersistenceProvider.createContainerEntityManagerFactory(HibernatePersistenceProvider.java:152)
at 
 org.hibernate.ejb.HibernatePersistence.createContainerEntityManagerFactory(HibernatePersistence.java:67)
at 
 org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.createNativeEntityManagerFactory(LocalContainerEntityManagerFactoryBean.java:288)
at 
 org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPropertiesSet(AbstractEntityManagerFactoryBean.java:310)
at 
 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1571)
at 
 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1509)
at 
 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:521)
at 
 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
at 
 org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)
at 
 org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
at 
 org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)
at 
 org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
at 
 org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1117)
at 
 org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:922)
at 
 org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
   ...
 
 Wouldn't it be better to put a notice on the web page that people should
 use the same hibernate.core.version property as used in the pom.xml of the
 CAS version they are going to use? Just to avoid any incompatibilities.
 
 best regards,
 
 -christian-
 
 
 Am Wed, 27 May 2015 12:02:37 +0400
 schrieb Misagh Moayyed mmoay...@unicon.net:
 
 This is now handled by the packagesToScan setting. See this file for 
 reference:
 https://github.com/Jasig/cas/blob/master/cas-server-webapp-support/src/test/resources/jpaTestApplicationContext.xml
 
 I have updated the docs.
 
 CAS should work with all versions of Hibernate. What error did you get? 
 
 - Misagh
 
 On May 27, 2015, at 11:15 AM, Christian Brunotte c...@lathspell.de wrote:
 
 Hello
 
 I was following the JPA Ticket

Re: [cas-user] Service Registry JSON to Excel

2015-04-28 Thread Dmitriy Kopylenko

This, perhaps - http://www.convertcsv.com/json-to-csv.htm 
http://www.convertcsv.com/json-to-csv.htm

D.

 On Apr 28, 2015, at 2:09 PM, Bryan Wooten bryan.woo...@utah.edu wrote:
 
 So I have been tasked with creating an inventory of all our CAS applications.
  
 I could just turn in the servicesRegistry.conf JSON file, but my Spidey sense 
 says an Excel spreadsheet would be preferred.
  
 So my google foo is failing me to convert the services registry to something 
 Excel can import (CSV?) .
  
 Any easy solutions?
  
 Thanks,
  
 Bryan Wooten
  
 UIT-Common Infrastructure Systems
 Work: 801.585.9323
 Cell: 801.414.3593
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 4.0.1 Restful Implementation not working

2015-04-23 Thread Dmitriy Kopylenko

Can you send the link to the documentation that you used?

D.

 On Apr 23, 2015, at 10:18 AM, Paul Brzek prbag...@gmail.com wrote:
 
 All,
 
 Thanks for the reply.  I took the advice and moved to 4.1, however when I try 
 to access the REST url, using the setup described in documentation, I get an 
 302 redirect to the standard login page.  Any ideas as to how to resolve it?
 
 Thanks,
 Paul 
 
 On Wed, Apr 22, 2015 at 5:25 PM, Dmitriy Kopylenko 
 dmitriy.kopyle...@gmail.com mailto:dmitriy.kopyle...@gmail.com wrote:
 I just want to also add awareness - if anyone is stuck on CAS 3.5.x and use 
 REST API with the same security filter which brakes the Restlet 
 implementation, there is an addon module that you could swap in place of 
 Restlet and enjoy the same, modern REST impl. that users of CAS 4.1 will 
 enjoy (when CAS 4.1 finally gets released):
 
 https://github.com/unicon-cas-addons/cas35-addon-rest 
 https://github.com/unicon-cas-addons/cas35-addon-rest
 
 Best,
 Dmitriy.
 
 On Wed, Apr 22, 2015 at 5:14 PM, Misagh Moayyed misagh.moay...@gmail.com 
 mailto:misagh.moay...@gmail.com wrote:
 Does this help?
 https://github.com/Jasig/cas/issues/886 
 https://github.com/Jasig/cas/issues/886
 
 On Apr 23, 2015, at 1:21 AM, Paul Brzek prbag...@gmail.com 
 mailto:prbag...@gmail.com wrote:
 
 Hi,
 
 While I was able to configure the implementation of CAS 4.0.1 utilizing the 
 LDAP, I am running into an issue when I try to implement REST Protocol based 
 on the official documentation.  It appears that my credentials are coming 
 over as null for the username and password when a TGT information is 
 requested.  Has anyone experienced the same issue and was able to resolve 
 it, and if so could you post the solution?
 
 Here is my setting for the REST implementation:
 
 web.xml
 
 servlet
 servlet-namerestlet/servlet-name
 
 servlet-classorg.restlet.ext.spring.RestletFrameworkServlet/servlet-class
 load-on-startup1/load-on-startup
 /servlet
  
 servlet-mapping
 servlet-namerestlet/servlet-name
 url-pattern/v1/*/url-pattern
 /servlet-mapping
 
 
 Thanks,
 Paul
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: misagh.moay...@gmail.com 
 mailto:misagh.moay...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dmitriy.kopyle...@gmail.com 
 mailto:dmitriy.kopyle...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: prbag...@gmail.com 
 mailto:prbag...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 4.0.1 Restful Implementation not working

2015-04-22 Thread Dmitriy Kopylenko

I just want to also add awareness - if anyone is stuck on CAS 3.5.x and use
REST API with the same security filter which brakes the Restlet
implementation, there is an addon module that you could swap in place of
Restlet and enjoy the same, modern REST impl. that users of CAS 4.1 will
enjoy (when CAS 4.1 finally gets released):

https://github.com/unicon-cas-addons/cas35-addon-rest

Best,
Dmitriy.

On Wed, Apr 22, 2015 at 5:14 PM, Misagh Moayyed misagh.moay...@gmail.com
wrote:

 Does this help?
 https://github.com/Jasig/cas/issues/886

 On Apr 23, 2015, at 1:21 AM, Paul Brzek prbag...@gmail.com wrote:

 Hi,

 While I was able to configure the implementation of CAS 4.0.1 utilizing
 the LDAP, I am running into an issue when I try to implement REST Protocol
 based on the official documentation.  It appears that my credentials are
 coming over as null for the username and password when a TGT information is
 requested.  Has anyone experienced the same issue and was able to resolve
 it, and if so could you post the solution?

 Here is my setting for the REST implementation:

 *web.xml*

 *servlet*
 *servlet-namerestlet/servlet-name*
 *
 servlet-classorg.restlet.ext.spring.RestletFrameworkServlet/servlet-class*
 *load-on-startup1/load-on-startup*
 */servlet*

 *servlet-mapping*
 *servlet-namerestlet/servlet-name*
 *url-pattern/v1/*/url-pattern*
 */servlet-mapping*


 Thanks,
 Paul

 --
 You are currently subscribed to cas-user@lists.jasig.org as: 
 misagh.moay...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


 --
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dmitriy.kopyle...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] View Statistics Page Gone in v4?

2015-04-13 Thread Dmitriy Kopylenko

Yes, it is.

https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/securityContext.xml#L39
 
https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/securityContext.xml#L39

Cheers,
D.

 On Apr 13, 2015, at 9:18 AM, Whittaker, Geoffrey geoff.whitta...@unf.edu 
 wrote:
 
 What controls access to that?  Is it, 
 cas.securityContext.status.allowedSubnet in my cas.properties file?


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] View Statistics Page Gone in v4?

2015-04-13 Thread Dmitriy Kopylenko

v4 statistics are exposed via /statistics URI

Cheers,
D.

 On Apr 13, 2015, at 8:13 AM, Whittaker, Geoffrey geoff.whitta...@unf.edu 
 wrote:
 
 I was wondering… Since the view statistics page is gone in v4, what is 
 everyone using to get insight into how the server is running?
  
 I know that page wasn’t particularly informative, but the little information 
 it had was nice to be able to see.
  
 Would it be hard to get that page working again?
  
 Geoff
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] MFA option based on ldap attribute?

2015-04-11 Thread Dmitriy Kopylenko

That's exactly how it works - the first leg of authentication transaction 
happens (primary authentication), then a requirement for the second factor is 
computed from the resolved principal attribute. In your case it looks like the 
service authorization step fails to match the configured url with the actual 
service url provided, before even the mfa machinery kicks in. 

Could you please post your configured registered service snippet along with the 
actual service url that you are passing in?

Cheers,
D. 

Sent from my iPhone

 On Apr 10, 2015, at 17:01, Lazar, Michael E michael.la...@csun.edu wrote:
 
 Hello,
  
 I have read this section, configured an attribute in the properties file and 
 am trying to get this logic to fire. What I tried to do is change the 
 servicesRegistry.conf and made the regular expression not match 
 (https/imaps). However now when I give cas my URL with service attribute, cas 
 sends me to the “Application Not Authorized to use CAS” error view.
  
 My current list of authn-methods only includes one method for MFA we are 
 using, and when I add that authn_method attribute to the URL I get a login 
 prompt (so: working).
  
 Is there another method I need to add to configuration in order for CAS to 
 treat the login as a single-factor one (at least until this attribute is 
 queried for)?
  
 I would need the principle from the first-factor login to get ldap attributes 
 from and make the decision to require multi factor authentication.
  
 Thanks again,
 -Michael.
  
 Subject: Re: MFA option based on ldap attribute?
 From: Dmitriy Kopylenko dkopyle...@unicon.net
 Date: Thu, 09 Apr 2015 16:55:48 -0400
 X-Message-Number: 4
  
 Please see Authentication Methods via Principal Attributes section.
  
 Best,
 D.
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] MFA option based on ldap attribute?

2015-04-09 Thread Dmitriy Kopylenko

https://github.com/Unicon/cas-mfa/wiki/Architecture-Overview

Please see Authentication Methods via Principal Attributes section. 

Best,
D.

Sent from my iPhone

 On Apr 9, 2015, at 16:36, Lazar, Michael E michael.la...@csun.edu wrote:
 
 Hello,
 I am working with the cas 3.5.2 cas-mfa codebase, experimenting with what is 
 possible within the webflow.
 I am curious if there is any way to use an attribute for a user logging in to 
 determine if that user needs multi factor authentication. Although I do see 
 configuration to check the ‘service’; we have users that will be hitting the 
 same service: some need MFA and others do not.
  
 Currently my build is sending all users to an extra MFA authentication. Are 
 there any built-in provisions to check a value in LDAP before making this 
 decision?
  
 Thanks,
 -Michael.
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 4.0 - LPPE - Not able to redirect to change password page

2015-04-01 Thread Dmitriy Kopylenko

There needs to be a particular transition to a desired view state added (for 
the type of exception in question) to the ‘handleAuthenticationFailure’ action 
state. The v4.0.0 (and 4.0.1) does not have that:

- 
https://github.com/Jasig/cas/blob/v4.0.0/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114
 
https://github.com/Jasig/cas/blob/v4.0.0/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114

And v 4.1 (not released yet), does -  
https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116
 
https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116

Cheers,
D.

 On Apr 1, 2015, at 6:24 AM, Jayakumar Jayaraman india@gmail.com wrote:
 
 Hi Guys
 
 I am using CAS 4.0 with Active Directory and enabled LPPE.
 
 I am trying to force the user to change the password at first login.
 
 Active directory has a checkbox - 'User must change the password at next 
 login'. - I have checked this.
 However I was getting authenticationFailure.UNKNOWN.
 
 And I noted that org.jasig.cas.web.flow.AuthenticationExceptionHandler class 
 does not have the below line and I have add this in my extended class to 
 catch this error else it 
 DEFAULT_ERROR_LIST.add(org.jasig.cas.authentication.AccountPasswordMustChangeException.class);
 Now I am getting the appropriate message 
 authenticationFailure.AccountPasswordMustChangeException.
 
 However the page is not redirected to the change password page.
 
 I have the below entry in cas.properties
 
 # URL to which the user will be redirected to change the passsword.
 password.policy.url=https://localhost:7002/myapp/change.xhtml
 
 Any idea please ?
 
 Thanks
 Jay
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Using logoutUrl in Service Registry

2015-03-31 Thread Dmitriy Kopylenko

The ‘logoutUrl’ is not available in 3.5.x. It was added to the master in this 
commit - 
https://github.com/Jasig/cas/commit/cbaefb1cc2405fd412fa97dbbabe6887a09ee2d3 
https://github.com/Jasig/cas/commit/cbaefb1cc2405fd412fa97dbbabe6887a09ee2d3

Cheers,
D.

 On Mar 31, 2015, at 11:07 AM, Ted Fisher tffi...@bgsu.edu wrote:
 
 The JSON service registry we are using is what is available in the Unicon 
 cas-addons.
  
 Ted F. Fisher
 From: Jérôme LELEU [mailto:lel...@gmail.com mailto:lel...@gmail.com] 
 
 I'm not aware of any logoutUrl parameter, nor any JSON service registry for 
 CAS server 3.5.
  
 It will be a new feature in the version 4.1. But this can certainly be 
 achieved by customization.
  
 Best regards,
 Jérôme
  
  
  
  
 2015-03-31 15:52 GMT+02:00 Ted Fisher tffi...@bgsu.edu 
 mailto:tffi...@bgsu.edu:
 We are running CAS 3.5.0 with Services defined in a JSON service registry.  I 
 would like to use the logoutUrl parameter on one of our services; but it is 
 not working (still sending logout requests to the service URL at login).
  
 Is that parameter not used in 3.5.0?  Or is there something else I’m missing?
  
 Thanks.
  
 Ted F. Fisher
 Information Technology Services
 image001.gif
  
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: lel...@gmail.com 
 mailto:lel...@gmail.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: tffi...@bgsu.edu 
 mailto:tffi...@bgsu.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SSL problem (I need tutorial!!) Cas Server on remote machine , Java Cas Client other machine

2015-03-27 Thread Dmitriy Kopylenko

Try this - https://wiki.jasig.org/pages/viewpage.action?pageId=1194

D.

Sent from my iPhone

 On Mar 27, 2015, at 05:26, Gianluca Diodato gianluca.diod...@gmail.com 
 wrote:
 
 Hi Dmitriy,
 I have created a certificate mycert.crt PEM format with xca GUI.
 Which are the instruction now to import this .crt in java keystore? I googled 
 but I'm very confused...
 Can you help me?
 
 Best
 Gianluca 
 
 Il giorno giovedì 26 marzo 2015 19:09:10 UTC+1, Dmitriy Kopylenko ha scritto:
 
 Yes. 
 
 Sent from my iPhone
 
 On Mar 26, 2015, at 12:53, Gianluca Diodato gianluca...@gmail.com wrote:
 
 Hi Dmitriy,
 I have created my certificate with xca gui and export into a file .crt with 
 PEM format.
 And now? I have to import this file in my keystore for change Tomcat?
 
 Best
 Gianluca
 
 Il giorno mercoledì 25 marzo 2015 15:51:35 UTC+1, Dmitriy Kopylenko ha 
 scritto:
 
 I just want to add that there is an excellent GUI software for managing 
 all of this stuff (built on OpenSSL), namely xca: 
 http://sourceforge.net/projects/xca/
 
 Best,
 D.
 
 On Mar 25, 2015, at 10:42 AM, Waldbieser, Carl wald...@lafayette.edu 
 wrote:
 
 Gianluca,
 
 This site [1] has useful `keytool` examples.  You should be able to view 
 the contents of your keystore with something like:
 
  $ keytool -l -v -keystore /path/to/your/keystore.jks
 
 There are some useful troubleshooting tips on SO [2].
 
 To configure Tomcat to use the keystore, you need to set up a connector 
 like the following in $CATALINA_HOME/conf/server.xml:
 
Connector 
protocol=org.apache.coyote.http11.Http11Protocol

 SSLImplementation=edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation
port=443
scheme=https
secure=true
clientAuth=false
SSLEnabled=true
emptySessionPath=true
sslProtocol=TLS
keystoreFile=/path/to/your/keystore.jks
keystorePass=YourKeystorePassword
truststoreFile=/path/to/your/keystore.jks
truststorePass=YourKeystorePassword
truststoreAlgorithm=DelegateToApplication
/
 
 The exact parameters may vary a bit depending on your version of Tomcat 
 or other preferences you may have.
 
 
 [1] 
 https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
 [2] 
 http://stackoverflow.com/questions/2138940/import-pem-into-java-key-store
 
 Thanks,
 Carl
 
 - Original Message -
 From: Gianluca Diodato gianluca...@gmail.com
 To: jasig-c...@googlegroups.com
 Cc: cas-...@lists.jasig.org, cas-...@lists.jasig.org, 
 cas-...@lists.jasig.org, wald...@lafayette.edu
 Sent: Wednesday, March 25, 2015 10:21:05 AM
 Subject: Re: [cas-user] SSL problem (I need tutorial!!) Cas Server on 
 remote machine , Java Cas Client other machine
 
 Carl,
 thank you very much for detailed answer.
 I'm in until 4)... I have created this files:
 - casserver.crt
 - casserver.key
 - casserver.csr
 - rootCA.pem
 - rootCA.key
 - rootCA.srl
 
 In 5) I have to install the private key and public certificate in my CAS 
 server using java `keytool` (i don't know how... ) and configuring Tomcat 
 to use the keystore I created( i'm in!!).
 It is this the instruction? keytool -import -trustcacerts -alias 
 *mydomain* 
 -file *mydomain.crt* -keystore 
 
 *keystore.jks*Thanks
 Gianluca
 
 Il giorno mercoledì 25 marzo 2015 14:21:07 UTC+1, Waldbieser, Carl ha 
 scritto:
 
 Gianluca, 
 
 For development, I like to use the openssl tools to create my own CA and 
 use it to sign my own certificates rather than using a self-signed 
 certificate. 
 Here are the notes I use.  Lines starting with ($) are the actual 
 commands 
 I enter into the terminal. 
 
  
 Create My Own CA 
  
 
 # Create CA key 
 $ openssl genrsa -des3 -out rootCA.key 2048 
 # Create and self-sign CA cert. 
 $ openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out 
 rootCA.pem 
 
  
 Create a Key 
  
 $ openssl genrsa -out example.key 2048 
 
  
 Create a Certificate Signing Request 
  
 $ openssl req -new -key example.key -out example.csr 
 
 -- 
 Sign a CSR 
 -- 
 openssl x509 -req -in example.csr -CA rootCA.pem -CAkey rootCA.key 
 -CAcreateserial -out example.crt -days 500 
 
 
 So first, I generate a CA key and cert (first 2 commands).  This is 
 something you only need to do once, but you have to keep the key 
 somewhere 
 you can find it, and you need to remember the password you choose for it 
 as 
 you will use this key to sign your certs. 
 
 Next, whenever you set up a develoment *server*, you create a private 
 key 
 for the server (command under Create a Key section) and a certificate 
 signing request (section Create a certificate signing request). 
 
 Finally, you use the CA you generated to sign the CSR and generate a 
 public certificate for the server (section Sign a CSR).  These steps 
 are 
 basically

Re: [cas-user] SSL problem (I need tutorial!!) Cas Server on remote machine , Java Cas Client other machine

2015-03-26 Thread Dmitriy Kopylenko

Yes. 

Sent from my iPhone

 On Mar 26, 2015, at 12:53, Gianluca Diodato gianluca.diod...@gmail.com 
 wrote:
 
 Hi Dmitriy,
 I have created my certificate with xca gui and export into a file .crt with 
 PEM format.
 And now? I have to import this file in my keystore for change Tomcat?
 
 Best
 Gianluca
 
 Il giorno mercoledì 25 marzo 2015 15:51:35 UTC+1, Dmitriy Kopylenko ha 
 scritto:
 
 I just want to add that there is an excellent GUI software for managing all 
 of this stuff (built on OpenSSL), namely xca: 
 http://sourceforge.net/projects/xca/
 
 Best,
 D.
 
 On Mar 25, 2015, at 10:42 AM, Waldbieser, Carl wald...@lafayette.edu 
 wrote:
 
 Gianluca,
 
 This site [1] has useful `keytool` examples.  You should be able to view 
 the contents of your keystore with something like:
 
  $ keytool -l -v -keystore /path/to/your/keystore.jks
 
 There are some useful troubleshooting tips on SO [2].
 
 To configure Tomcat to use the keystore, you need to set up a connector 
 like the following in $CATALINA_HOME/conf/server.xml:
 
Connector 
protocol=org.apache.coyote.http11.Http11Protocol

 SSLImplementation=edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation
port=443
scheme=https
secure=true
clientAuth=false
SSLEnabled=true
emptySessionPath=true
sslProtocol=TLS
keystoreFile=/path/to/your/keystore.jks
keystorePass=YourKeystorePassword
truststoreFile=/path/to/your/keystore.jks
truststorePass=YourKeystorePassword
truststoreAlgorithm=DelegateToApplication
/
 
 The exact parameters may vary a bit depending on your version of Tomcat or 
 other preferences you may have.
 
 
 [1] 
 https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
 [2] 
 http://stackoverflow.com/questions/2138940/import-pem-into-java-key-store
 
 Thanks,
 Carl
 
 - Original Message -
 From: Gianluca Diodato gianluca...@gmail.com
 To: jasig-c...@googlegroups.com
 Cc: cas-...@lists.jasig.org, cas-...@lists.jasig.org, 
 cas-...@lists.jasig.org, wald...@lafayette.edu
 Sent: Wednesday, March 25, 2015 10:21:05 AM
 Subject: Re: [cas-user] SSL problem (I need tutorial!!) Cas Server on 
 remote machine , Java Cas Client other machine
 
 Carl,
 thank you very much for detailed answer.
 I'm in until 4)... I have created this files:
 - casserver.crt
 - casserver.key
 - casserver.csr
 - rootCA.pem
 - rootCA.key
 - rootCA.srl
 
 In 5) I have to install the private key and public certificate in my CAS 
 server using java `keytool` (i don't know how... ) and configuring Tomcat 
 to use the keystore I created( i'm in!!).
 It is this the instruction? keytool -import -trustcacerts -alias *mydomain* 
 -file *mydomain.crt* -keystore 
 
 *keystore.jks*Thanks
 Gianluca
 
 Il giorno mercoledì 25 marzo 2015 14:21:07 UTC+1, Waldbieser, Carl ha 
 scritto:
 
 Gianluca, 
 
 For development, I like to use the openssl tools to create my own CA and 
 use it to sign my own certificates rather than using a self-signed 
 certificate. 
 Here are the notes I use.  Lines starting with ($) are the actual commands 
 I enter into the terminal. 
 
  
 Create My Own CA 
  
 
 # Create CA key 
 $ openssl genrsa -des3 -out rootCA.key 2048 
 # Create and self-sign CA cert. 
 $ openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem 
 
  
 Create a Key 
  
 $ openssl genrsa -out example.key 2048 
 
  
 Create a Certificate Signing Request 
  
 $ openssl req -new -key example.key -out example.csr 
 
 -- 
 Sign a CSR 
 -- 
 openssl x509 -req -in example.csr -CA rootCA.pem -CAkey rootCA.key 
 -CAcreateserial -out example.crt -days 500 
 
 
 So first, I generate a CA key and cert (first 2 commands).  This is 
 something you only need to do once, but you have to keep the key somewhere 
 you can find it, and you need to remember the password you choose for it 
 as 
 you will use this key to sign your certs. 
 
 Next, whenever you set up a develoment *server*, you create a private key 
 for the server (command under Create a Key section) and a certificate 
 signing request (section Create a certificate signing request). 
 
 Finally, you use the CA you generated to sign the CSR and generate a 
 public certificate for the server (section Sign a CSR).  These steps are 
 basically what real CAs do, but they need to be a lot more careful with 
 their keys and their CA public certs are typically already included in 
 your 
 browser. 
 
 It is worth noting that the OpenSSL tool commands above generate keys and 
 certs in PEM format, which is a text format you can view in an editor.  
 The 
 CAS server runs as a Java servlet, so it uses a Java keystore format (a 
 file that sometimes has a .jks extension).  You need to use the Java 
 `keytool` command to import

Re: [cas-user] restrict to service

2015-03-26 Thread Dmitriy Kopylenko

Oops, sorry for duplicate link. “Fat finger” ;-)

 On Mar 26, 2015, at 11:37 AM, Dmitriy Kopylenko dkopyle...@unicon.net wrote:
 
 Perhaps this resource might help (for 3.x series): 
 https://wiki.jasig.org/display/CASUM/Configuring 
 https://wiki.jasig.org/display/CASUM/Configuring
 
 https://wiki.jasig.org/display/CASUM/Configuring 
 https://wiki.jasig.org/display/CASUM/Configuring
 
 Best,
 D.
 
 On Mar 26, 2015, at 11:29 AM, Frank Van Damme frank.vanda...@gmail.com 
 mailto:frank.vanda...@gmail.com wrote:
 
 Hi list, 
 
 we are running cas 3.5.2 here, and the list of services that require to 
 authenticate on it is growing. Before we loose track and/or control of it, I 
 would like to know how to restrict authentication to a limited number of 
 services; for exampel by only issuing a http redirect to a limited list of 
 URL's. I am also worried that a third party will try to authenticate on my 
 CAS server(s) in an attempt to guess the identity of a user who might at 
 that time be logged in to CAS. 
 
 Where do I start reading? :-)
 
 -- 
 Frank Van Damme  
 Make everything as simple as possible, but not simpler. - Albert Einstein
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] restrict to service

2015-03-26 Thread Dmitriy Kopylenko

Perhaps this resource might help (for 3.x series): 
https://wiki.jasig.org/display/CASUM/Configuring 
https://wiki.jasig.org/display/CASUM/Configuring

https://wiki.jasig.org/display/CASUM/Configuring 
https://wiki.jasig.org/display/CASUM/Configuring

Best,
D.

 On Mar 26, 2015, at 11:29 AM, Frank Van Damme frank.vanda...@gmail.com 
 wrote:
 
 Hi list, 
 
 we are running cas 3.5.2 here, and the list of services that require to 
 authenticate on it is growing. Before we loose track and/or control of it, I 
 would like to know how to restrict authentication to a limited number of 
 services; for exampel by only issuing a http redirect to a limited list of 
 URL's. I am also worried that a third party will try to authenticate on my 
 CAS server(s) in an attempt to guess the identity of a user who might at that 
 time be logged in to CAS. 
 
 Where do I start reading? :-)
 
 -- 
 Frank Van Damme  
 Make everything as simple as possible, but not simpler. - Albert Einstein
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SSL problem (I need tutorial!!) Cas Server on remote machine , Java Cas Client other machine

2015-03-25 Thread Dmitriy Kopylenko

I just want to add that there is an excellent GUI software for managing all of 
this stuff (built on OpenSSL), namely xca: http://sourceforge.net/projects/xca/ 
http://sourceforge.net/projects/xca/

Best,
D.

 On Mar 25, 2015, at 10:42 AM, Waldbieser, Carl waldb...@lafayette.edu wrote:
 
 Gianluca,
 
 This site [1] has useful `keytool` examples.  You should be able to view the 
 contents of your keystore with something like:
 
  $ keytool -l -v -keystore /path/to/your/keystore.jks
 
 There are some useful troubleshooting tips on SO [2].
 
 To configure Tomcat to use the keystore, you need to set up a connector like 
 the following in $CATALINA_HOME/conf/server.xml:
 
Connector 
protocol=org.apache.coyote.http11.Http11Protocol

 SSLImplementation=edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation
port=443
scheme=https
secure=true
clientAuth=false
SSLEnabled=true
emptySessionPath=true
sslProtocol=TLS
keystoreFile=/path/to/your/keystore.jks
keystorePass=YourKeystorePassword
truststoreFile=/path/to/your/keystore.jks
truststorePass=YourKeystorePassword
truststoreAlgorithm=DelegateToApplication
/
 
 The exact parameters may vary a bit depending on your version of Tomcat or 
 other preferences you may have.
 
 
 [1] 
 https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
 [2] http://stackoverflow.com/questions/2138940/import-pem-into-java-key-store
 
 Thanks,
 Carl
 
 - Original Message -
 From: Gianluca Diodato gianluca.diod...@gmail.com
 To: jasig-cas-u...@googlegroups.com
 Cc: cas-user@lists.jasig.org, cas-user@lists.jasig.org, 
 cas-user@lists.jasig.org, waldb...@lafayette.edu
 Sent: Wednesday, March 25, 2015 10:21:05 AM
 Subject: Re: [cas-user] SSL problem (I need tutorial!!) Cas Server on remote 
 machine , Java Cas Client other machine
 
 Carl,
 thank you very much for detailed answer.
 I'm in until 4)... I have created this files:
 - casserver.crt
 - casserver.key
 - casserver.csr
 - rootCA.pem
 - rootCA.key
 - rootCA.srl
 
 In 5) I have to install the private key and public certificate in my CAS 
 server using java `keytool` (i don't know how... ) and configuring Tomcat 
 to use the keystore I created( i'm in!!).
 It is this the instruction? keytool -import -trustcacerts -alias *mydomain* 
 -file *mydomain.crt* -keystore 
 
 *keystore.jks*Thanks
 Gianluca
 
 Il giorno mercoledì 25 marzo 2015 14:21:07 UTC+1, Waldbieser, Carl ha 
 scritto:
 
 Gianluca, 
 
 For development, I like to use the openssl tools to create my own CA and 
 use it to sign my own certificates rather than using a self-signed 
 certificate. 
 Here are the notes I use.  Lines starting with ($) are the actual commands 
 I enter into the terminal. 
 
  
 Create My Own CA 
  
 
 # Create CA key 
 $ openssl genrsa -des3 -out rootCA.key 2048 
 # Create and self-sign CA cert. 
 $ openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem 
 
  
 Create a Key 
  
 $ openssl genrsa -out example.key 2048 
 
  
 Create a Certificate Signing Request 
  
 $ openssl req -new -key example.key -out example.csr 
 
 -- 
 Sign a CSR 
 -- 
 openssl x509 -req -in example.csr -CA rootCA.pem -CAkey rootCA.key 
 -CAcreateserial -out example.crt -days 500 
 
 
 So first, I generate a CA key and cert (first 2 commands).  This is 
 something you only need to do once, but you have to keep the key somewhere 
 you can find it, and you need to remember the password you choose for it as 
 you will use this key to sign your certs. 
 
 Next, whenever you set up a develoment *server*, you create a private key 
 for the server (command under Create a Key section) and a certificate 
 signing request (section Create a certificate signing request). 
 
 Finally, you use the CA you generated to sign the CSR and generate a 
 public certificate for the server (section Sign a CSR).  These steps are 
 basically what real CAs do, but they need to be a lot more careful with 
 their keys and their CA public certs are typically already included in your 
 browser. 
 
 It is worth noting that the OpenSSL tool commands above generate keys and 
 certs in PEM format, which is a text format you can view in an editor.  The 
 CAS server runs as a Java servlet, so it uses a Java keystore format (a 
 file that sometimes has a .jks extension).  You need to use the Java 
 `keytool` command to import certificates and private keys into the Java 
 keystore. 
 
 Browsers will typically accept certificates in a variety of formats. 
 
 So for your CAS setup, I would: 
 
  1) Generate a CA key and certificate. 
  2) Generate a private key for my CAS server. 
  3) Generate a CSR for the CAS server private key. 
  4) Use my CA key to sign the CAS server CSR and

Re: [cas-user] Removing TicketRegistry database tables

2015-03-23 Thread Dmitriy Kopylenko

You might want to check and delete any traces of ‘entityManagerFactory’, 
‘dataSource’ bean definitions from your overlay’s app ctx configs, etc.

D.

 On Mar 23, 2015, at 11:17 AM, Adam Causey apcau...@vcu.edu wrote:
 
 We are trying to remove all database dependencies from our CAS installation, 
 and I noticed that a couple of tables related to the ticket registry are 
 getting created in the database on startup - lock, SERVICETICKET, and 
 TICKETGRANTINGTICKET.  We now use the Hazelcast ticket registry, so these 
 aren't being used.
 
 Where can I safely remove the references to these tables?  We are using the 
 WAR overlay method.
 
 
 Thanks!
 
 -Adam
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 3.4.11, Java 8 exceptions

2015-03-18 Thread Dmitriy Kopylenko

I think you need to make sure that standard and jstl jars end up in your app's 
classpath i.e. in WEB-INF/lib

Dmitriy.

Sent from my iPhone

 On Mar 17, 2015, at 22:10, Baron Fujimoto ba...@hawaii.edu wrote:
 
 Continuing  the saga... I thought I had this working, but ran into
 problems trying to promote these updates to another server. I'm having
 some difficulty consistently determining the combination of factors under
 which it works with both Java 1.8 and Tomcat 8. It seems to reliably work
 with Java 1.8 and Tomcat 6, so I think the focus is on Tomcat 8. It seems
 to reliably not work with Tomcat 8 if I do a clean deployment where I
 delete tomcat's /work/Catalina and /webapps/cas directories so
 /webapps/cas.war is exploded on startup.
 
 I increased logging levels to try and glean more info, but it's kind of
 like trying to drink from a firehose. Here are some excerpts I hope are
 most relevant below.
 
 Any suggestions or additional troubleshooting tips would be most welcome.
 
 Environment:
 INFO: Server version:Apache Tomcat/8.0.20
 INFO: JVM Version:   1.8.0_31-b13
 
 CAS starts up:
 2015-03-17 15:22:16,244 INFO 
 [org.springframework.web.servlet.DispatcherServlet] - FrameworkServlet 
 'cas': initialization completed in 3074 ms
 2015-03-17 15:22:16,244 DEBUG 
 [org.springframework.web.servlet.DispatcherServlet] - Servlet 'cas' 
 configured successfully
 Mar 17, 2015 3:22:16 PM org.apache.catalina.startup.HostConfig deployWAR
 INFO: Deployment of web application archive /home/cas/tomcat/webapps/cas.war 
 has finished in 31,933 msMar 17, 2015 3:22:16 PM 
 org.apache.catalina.startup.Catalina start
 INFO: Server startup in 32322 ms
 
 CAS initial housekeeping:
 2015-03-17 15:22:21,073 INFO 
 [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 
 Beginning ticket cleanup.
 2015-03-17 15:22:21,074 DEBUG 
 [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 
 Attempting to acquire ticket cleanup lock.
 2015-03-17 15:22:21,075 DEBUG 
 [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 
 Acquired lock.  Proceeding with cleanup.
 2015-03-17 15:22:21,075 INFO 
 [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0 
 tickets found to be removed.
 2015-03-17 15:22:21,075 DEBUG 
 [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 
 Releasing ticket cleanup lock.
 2015-03-17 15:22:21,075 INFO 
 [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 
 Finished ticket cleanup.
 
 Attempt to load /cas/login:
 Mar 17, 2015 3:22:31 PM org.apache.catalina.authenticator.AuthenticatorBase 
 invoke
 FINE: Security checking request GET /cas/login
 Mar 17, 2015 3:22:31 PM org.apache.catalina.realm.RealmBase 
 findSecurityConstraints
 FINE:   No applicable constraints defined
 Mar 17, 2015 3:22:31 PM org.apache.catalina.authenticator.AuthenticatorBase 
 invoke
 FINE:  Not subject to any constraint
 2015-03-17 15:22:31,754 DEBUG 
 [org.springframework.web.servlet.DispatcherServlet] - DispatcherServlet with 
 name 'cas' processing GET request for [/cas/login]
 2015-03-17 15:22:31,757 DEBUG 
 [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - Mapping 
 request with URI '/cas/login' to flow with id 'login'
 2015-03-17 15:22:31,761 DEBUG 
 [org.springframework.web.servlet.DispatcherServlet] - Last-Modified value 
 for [/cas/login] is: -1
 2015-03-17 15:22:31,784 DEBUG 
 [org.springframework.webflow.executor.FlowExecutorImpl] - Launching new 
 execution of flow 'login' with input null
 2015-03-17 15:22:31,785 DEBUG 
 [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] 
 - Getting FlowDefinition with id 'login'
 2015-03-17 15:22:31,785 DEBUG 
 [org.springframework.webflow.engine.builder.DefaultFlowHolder] - Assembling 
 the flow for the first time
 2015-03-17 15:22:32,476 DEBUG 
 [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not 
 generate service.
 2015-03-17 15:22:32,478 DEBUG 
 [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not 
 generate service.
 2015-03-17 15:22:32,478 DEBUG 
 [org.springframework.webflow.execution.ActionExecutor] - Finished executing 
 org.jasig.cas.web.flow.InitialFlowSetupAction@591156e; result = success
 2015-03-17 15:22:32,478 DEBUG 
 [org.springframework.webflow.execution.AnnotatedAction] - Clearing action 
 execution attributes map[[empty]]
 2015-03-17 15:22:32,478 DEBUG 
 [org.springframework.webflow.execution.ActionExecutor] - Finished executing 
 [EvaluateAction@3c57b981 expression = initialFlowSetupAction, 
 resultExpression = [null]]; result = success
 2015-03-17 15:22:32,478 DEBUG 
 [org.springframework.webflow.engine.DecisionState] - Entering state 
 'ticketGrantingTicketExistsCheck' of flow 'login'
 015-03-17 15:22:33,237 DEBUG [org.springframework.webflow.engine.ViewState] - 
 Rendering + [ServletMvcView@239fddbf view = 
 org.springframework.web.servlet.view.JstlView: name 'casLoginView';

Re: [cas-user] [cas-user] clearPass returning empty credentials

2015-03-12 Thread Dmitriy Kopylenko

Hazelcast tick. reg. and Clearpass EhCache map do not seem to play well together. Try to get rid of the current clearpass config which uses EhCache and move it to Hazelcast too. See the attached sample replacement for the current clearpass config. (that’s just a sample, as you’d need to provide your own salt, secretKey values, etc.)And make sure to rename the ticket registry bean id to ‘ticketRegistryValue’ like so:bean id="ticketRegistryValue" class="net.unicon.cas.addons.ticket.registry.HazelcastTicketRegistry"constructor-arg index="0" ref="hazelcast"/constructor-arg index="1" value="${tgt.maxTimeToLiveInSeconds:28800}"/constructor-arg index="2" value="${st.maxTimeToLiveInSeconds:30}"//beanBest,D.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


clearpass-configuration.xml
Description: XML document
On Mar 11, 2015, at 3:12 PM, Adam Causey apcau...@vcu.edu wrote:Hi Anthony,I'm not sure that's the case sensitivity is issue in this case. I've narrowed it down to the ticket registry.We've been using the Unicon HazelcastTicketRegistry for a couple of months in production without issue, but it appears to be the cause of this clearPass empty credentials problem we're seeing. As soon as I started using the default ticketRegistry.xml everything worked flawlessly.Does someone mind sharing their hazelcast XML configuration for those who use this registry?Thank you,AdamOn Wed, Mar 11, 2015 at 2:28 PM, Anthony Colebourne anthony.colebou...@manchester.ac.uk wrote:Hi,It could be to do with case sensitivity of usernames. Portal will pass whatever the user types, ldap (if your cas is using this) will query insensitively, the clear pass cache will be keyed case sentisivly based on the ldap response.I can dig out a patch I wrote if you think this could be the issue. Assuming you actually don't care about the case?-- Anthony.Sent from my HTC- Reply message -From: "Adam Causey" apcau...@vcu.eduTo: cas-user@lists.jasig.orgSubject: [cas-user] clearPass returning empty credentialsDate: Wed, Mar 11, 2015 17:48I have setup clearPass for use with our portal, but during load/integration testing have discovered that for around 10-15% of the test user logins empty credentials are returned:







cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'cas:clearPassSuccesscas:credentials/cas:credentials/cas:clearPassSuccess/cas:clearPassResponseThe success xml response tells me the proxy mechanism is working properly and the issue is most likely somewhere on the CAS server.Also, the issue is not user-specific - credentials are returned for a user on certain requests but empty on other requests.Does anyone have experience with clearPass that can offer suggestions on where to start looking?Thanks,AdamVCU





-- 
You are currently subscribed to cas-user@lists.jasig.org as: anthony.colebou...@manchester.ac.uk
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: dkopyle...@unicon.net
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS login history

2015-03-11 Thread Dmitriy Kopylenko

There is a way to configure Inspektr library in CAS to persist its captured 
audit events in RDBMS:

https://wiki.jasig.org/display/CASUM/Auditing+and+Statistics+Via+Inspektr 
https://wiki.jasig.org/display/CASUM/Auditing+and+Statistics+Via+Inspektr

Not sure if there is a newer version of the above documentation resource, 
though.

Another way to capture and process significant CAS events is to use the 
following facility (available as an addon module):

https://github.com/Unicon/cas-addons/wiki/CAS-server-events 
https://github.com/Unicon/cas-addons/wiki/CAS-server-events

This method might be attractive as it is de-coupled from most CAS internals. 
Just need to wire it in and implement listeners receiving the data of interest 
and do whatever is desired with that data.

Here’s an example of such listener facility which listens for couple of these 
events and records them as stats in Redis server:

https://github.com/Unicon/cas-addons/wiki/Record-statistics-for-CAS-events-in-Redis-server
 
https://github.com/Unicon/cas-addons/wiki/Record-statistics-for-CAS-events-in-Redis-server

Best,
Dmitriy.

 On Mar 11, 2015, at 10:56 AM, Maxwell, Gary maxwel...@fortlewis.edu wrote:
 
 We were hoping to place the history in a db. The info would then be accessed 
 via web services.
  
 From: Christopher Myers [mailto:cmy...@mail.millikin.edu 
 mailto:cmy...@mail.millikin.edu] 
 Sent: Wednesday, March 11, 2015 8:43 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] CAS login history
  
 Is there a specific way that you need to be able to reference it? Our CAS 
 setup keeps information about it in Tomcat's catalina.out files, so we can 
 pull it from there.
 
 Chris
 
  Maxwell, Gary maxwel...@fortlewis.edu 
  mailto:maxwel...@fortlewis.edu 03/11/15 9:35 AM 
 
 Is there a feature with CAS that will keep a history of Logins and Logouts?
  
 Thanks Gary
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: cmy...@mail.millikin.edu 
 mailto:cmy...@mail.millikin.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: maxwel...@fortlewis.edu 
 mailto:maxwel...@fortlewis.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] I am lost... And in desperate need of help

2015-03-03 Thread Dmitriy Kopylenko

Bryan,

welcome to the club of the happy Hazelcast users! ;-)

Cheers,
D.

 On Mar 3, 2015, at 11:24 AM, Bryan Wooten bryan.woo...@utah.edu wrote:
 
 I closing this issue down.
  
 I got everything to work with Hazelcast.
  
 So goodbye ehcache… It just isn’t worth trying figure out what is wrong with 
 it.
  
 Thanks,
  
 Bryan
  
 From: Bryan Wooten [mailto:bryan.woo...@utah.edu 
 mailto:bryan.woo...@utah.edu] 
 Sent: Tuesday, March 03, 2015 8:21 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: RE: [cas-user] I am lost... And in desperate need of help
  
 Thanks Marv,
  
 This issue has been fixed, the load balancer guy did something… I am not sure 
 what.
  
 But now I am back to my registry replication problem.
  
 I see this in my logs:
 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value 
 found for peerDiscovery:
 manual
 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value 
 found for rmiUrls: //cas
 -dev2.acs.utah.edu 
 http://dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket|//cas-dev2.acs.utah.edu
  http://cas-dev2.acs.utah.edu/:40001/org.jas
 ig.cas.ticket.TicketGrantingTicket
  
 But then later:
  
 2015-03-03 07:35:28,003 DEBUG 
 [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
 bound in registry for RMI listener
  
 And:
  
 2015-03-03 07:35:28,655 DEBUG 
 [net.sf.ehcache.distribution.RMIBootstrapCacheLoader] - Attempting to acquire 
 cache peers for cache org.jasig.cas.ticket.ServiceTicket to bootstrap from. 
 Will wait up to 0ms for cache to join cluster.
 2015-03-03 07:35:28,656 DEBUG 
 [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
 bound in registry for RMI listener
  
 2015-03-03 07:35:28,658 DEBUG 
 [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
 //cas-dev2.acs.utah.edu 
 http://cas-dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket
 2015-03-03 07:35:28,658 DEBUG 
 [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
 //cas-dev2.acs.utah.edu 
 http://cas-dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket
  
 2015-03-03 07:35:28,703 DEBUG 
 [net.sf.ehcache.distribution.ManualRMICacheManagerPeerProvider] - Looking up 
 rmiUrl //cas-dev2.acs.utah.edu 
 http://cas-dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket 
 through exception org.jasig.cas.ticket.ServiceTicket. This may be normal if a 
 node has gone offline. Or it may indicate network connectivity difficulties
 java.rmi.NotBoundException: org.jasig.cas.ticket.ServiceTicket
 at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:136)
 at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)
  
 I can successfully telnet from cas-dev1 (where this log trace is from) to 
 cas-dev2 port 40001.
  
 The “Will wait up to 0ms” concerns me I guess. So I am back to being lost. I 
 will also try a Hazelcast configuration.
  
 -Bryan
  
  
  
 From: Marvin Addison [mailto:marvin.addi...@gmail.com 
 mailto:marvin.addi...@gmail.com] 
 Sent: Monday, March 02, 2015 12:51 PM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] I am lost... And in desperate need of help
  
 With Prod 3.4.12 and MFA, don’t get the successful login page. I get “page 
 not found” in the browser.
 Turn the org.jasig.casup to DEBUG and post (sanitized) logs corresponding to 
 the 404 error you mentioned. 
 The error goes away if I take one of the 2 CAS servers offline.
 Did you ever solve your ticket registry replication problems? I wouldn't 
 think that a ticket not found error would cause authentication problems, 
 but this sure sounds like some kind of HA config problem.
  
 M
  
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: bwoo...@acs.utah.edu 
 mailto:bwoo...@acs.utah.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: bryan.woo...@utah.edu 
 mailto:bryan.woo...@utah.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS with ldap

2015-02-26 Thread Dmitriy Kopylenko

I think the fundamental problem is that the documentation config snippets show 
the use of pseudo ‘p’ XML namespace, but do not show the “beans element header” 
and the need for it to be declared there, assuming folks 100% familiarity with 
Spring. Please note, this is not a criticism of anyone, just pointing out my 
observation.

For this error, please check the top go your app ctx file to have ‘p’ namespace 
declared like so:

beans xmlns=http://www.springframework.org/schema/beans;
   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
   xmlns:p=http://www.springframework.org/schema/p”

...

 On Feb 26, 2015, at 11:44 AM, chandrashekar singh 
 chandrashekar1...@yahoo.com wrote:
 
 Dear all,
 
 We are attempting to test ldap with cas. 
 
 Our cas server runs on Tomcat 7 over Ubuntu 14.04. (Java version is 1.7.0_75)
 
 Our LDAP server is actually a windows 2012 server. The windows server is 
 accessed through IP because we have not setup a dns name for it since this is 
 just a test run.
 
 We followed the guide from 
 http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html 
 http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html. We 
 assume that the placeholders to be replaced are located between { and }. 
 
 We would specifically need help with the following questions:
 
 Is our assumption for the placeholder correct?
 Is there any completed, or working examples of cas configuration for windows 
 active directory (ldap)?
 We are having the following error. This is telling us that there is a problem 
 with the tag. But we are not sure how to fix this.
 
 Any assistance is appreciated.
 
 Feb 26, 2015 12:31:19 PM org.apache.catalina.startup.HostConfig deployWAR
 INFO: Deploying web application archive 
 /home/ubuntu/ldap/cas/tomcat/webapps/cas.war
 log4j:WARN No appenders could be found for logger 
 (org.springframework.web.context.ContextLoader).
 log4j:WARN Please initialize the log4j system properly.
 SafeContextLoaderListener:
 The Spring ContextLoaderListener we wrap threw on contextInitialized.
 But for our having caught this error, the web application context would not 
 have initialized.
 org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 
 21 in XML document from ServletContext resource 
 [/WEB-INF/deployerConfigContext.xml] is invalid; nested exception is 
 org.xml.sax.SAXParseException; lineNumber: 21; columnNumber: 43; The prefix 
 p for attribute p:principalIdAttribute associated with an element type 
 bean is not bound.
 at 
 org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
 at 
 org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
 at 
 org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
 at 
 org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
 at 
 org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
 at 
 org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
 at 
 org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
 at 
 org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
 at 
 org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
 at 
 org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:522)
 at 
 org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:436)
 at 
 org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:385)
 at 
 org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:284)
 at 
 org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
 at 
 org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody0(SafeContextLoaderListener.java:75)
 at 
 org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody1$advice(SafeContextLoaderListener.java:57)
 at 
 org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:1)
 at 
 org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5016)
 at 
 org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5524)
 at

Re: [cas-user] cas 4 lppe configuration for password

2015-02-25 Thread Dmitriy Kopylenko

By default there is a list of known exceptions that handler can handle 
statically set. v4.0.1 doesn’t have your exception of interest:

https://github.com/Jasig/cas/blob/v4.0.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L61
 
https://github.com/Jasig/cas/blob/v4.0.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L61

but master version does:

https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L67
 
https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L67

You could:

a) Bring the AuthenticationExceptionHandler class into your local overlay (and 
remove it when 4.1 comes out)

b) Define the list of ALL the exceptions externally (in the Spring app ctx) and 
wire them in (as the AuthenticationExceptionHandler class has the setter for 
it): 
https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L83
 
https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L83

Cheers,
D.

 On Feb 25, 2015, at 9:28 AM, Jim Price jwpr...@georgiasouthern.edu wrote:
 
 Is it me or does this log say that the PASSWORD_MUST_CHANGE error is not 
 getting processed with the 
 authenticationExceptionHandler.handle(currentEvent.attributes.error, 
 messageContext) properly. Is this a coding thing again?
 
 
 2015-02-25 09:12:10,746 DEBUG 
 [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - Handling 
 PASSWORD_MUST_CHANGE
 2015-02-25 09:12:10,746 INFO 
 [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
 LdapAuthenticationHandler failed authenticating cs02357+password
 
 2015-02-25 09:12:10,748 INFO 
 [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit 
 trail record BEGIN
 2015-02-25 09:12:10,750 DEBUG 
 [org.springframework.webflow.execution.AnnotatedAction] - Clearing action 
 execution attributes map[[empty]]
 2015-02-25 09:12:10,750 DEBUG 
 [org.springframework.webflow.execution.ActionExecutor] - Finished executing 
 [EvaluateAction@4694d08f expression = 
 authenticationViaFormAction.submit(flowRequestContext, flowScope.credential, 
 messageContext), resultExpression = [null]]; result = authenticationFailure
 2015-02-25 09:12:10,750 DEBUG [org.springframework.webflow.engine.Transition] 
 - Executing [Transition@3c90aefd on = authenticationFailure, to = 
 handleAuthenticationFailure]
 2015-02-25 09:12:10,750 DEBUG [org.springframework.webflow.engine.Transition] 
 - Exiting state 'realSubmit'
 2015-02-25 09:12:10,750 DEBUG 
 [org.springframework.webflow.engine.ActionState] - Entering state 
 'handleAuthenticationFailure' of flow 'login'
 
 2015-02-25 09:12:10,750 DEBUG 
 [org.springframework.webflow.execution.ActionExecutor] - Executing 
 [EvaluateAction@3ed0831b expression = 
 authenticationExceptionHandler.handle(currentEvent.attributes.error, 
 messageContext), resultExpression = [null]]
 
 
 2015-02-25 09:12:10,750 DEBUG 
 [org.springframework.webflow.execution.AnnotatedAction] - Putting action 
 execution attributes map[[empty]]
 2015-02-25 09:12:10,751 DEBUG 
 [org.springframework.beans.factory.support.DefaultListableBeanFactory] - 
 Returning cached instance of singleton bean 'authenticationExceptionHandler'
 2015-02-25 09:12:10,756 DEBUG 
 [org.springframework.binding.message.DefaultMessageContext] - Resolving 
 message using [DefaultMessageResolver@100a53fa source = [null], severity = 
 ERROR, codes = arrayString['authenticationFailure.UNKNOWN'], args = 
 arrayObject[[empty]], defaultText = [null]]
 2015-02-25 09:12:10,756 DEBUG 
 [org.springframework.binding.message.DefaultMessageContext] - Adding 
 resolved message [Message@160f4a50 source = [null], severity = ERROR, text = 
 'Invalid credentials.']
 
 On Wed, Feb 25, 2015 at 8:23 AM, Jim Price jwpr...@georgiasouthern.edu 
 mailto:jwpr...@georgiasouthern.edu wrote:
 I added the entry and it still did not work. Wait for 4.1 so much for my 
 deadline of the end of the week.
 Strange thing was the following had no effect on my logs:
 
 logger name=org.jasig.cas.web.flow additivity=true
 level value=DEBUG /
 appender-ref ref=cas /
 /logger
 
 
 On Tue, Feb 24, 2015 at 4:35 PM, Dmitriy Kopylenko dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net wrote:
 But there is one in master:
 
 https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116
  
 https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116
 
 So, wait for 4.1 release ;-)
 
 Cheers,
 D.
 
 On Feb 24, 2015, at 4:30 PM, Dmitriy Kopylenko dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net wrote:
 
 Looks like there is no explicit

Re: [cas-user] CAS war overlay demo project fails to deploy on tomcat.

2015-02-25 Thread Dmitriy Kopylenko

The default external location for cas.properties in this overlay is set to 
/etc/cas/cas.properties. So the easiest “fix” would be to take this file: 
https://github.com/UniconLabs/simple-cas4-overlay-template/blob/master/etc/cas.properties
 
https://github.com/UniconLabs/simple-cas4-overlay-template/blob/master/etc/cas.properties
 and put it to /etc/cas (and of course create this directory as it does not 
exist by default).

Dmitriy.

 On Feb 25, 2015, at 10:30 AM, chandrashekar singh 
 chandrashekar1...@yahoo.com wrote:
 
 Dear All,
 
 I am attempting to test CAS with an ldap server. 
 
 We am currently testing the war overlay demo project available from this 
 website on Ubuntu 14.04
 
 https://github.com/UniconLabs/simple-cas4-overlay-template 
 https://github.com/UniconLabs/simple-cas4-overlay-template
 
 Running mvn clean package generates the target without error. However when 
 attempting to deploy the resulting cas.war in tomcat we have the following in 
 the catlina.out log file.
 
 Please let us know if there are any binary ldap capable cas war that we can 
 try. Our aim is just to test cas on ldap as a proof of concept.
 
 
 INFO: Deploying web application archive 
 /home/ubuntu/ldap/cas/tomcat/webapps/cas.war
 log4j:WARN No appenders could be found for logger 
 (org.springframework.web.context.ContextLoader).
 log4j:WARN Please initialize the log4j system properly.
 SafeContextLoaderListener:
 The Spring ContextLoaderListener we wrap threw on contextInitialized.
 But for our having caught this error, the web application context would not 
 have initialized.
 org.springframework.beans.factory.BeanInitializationException: Could not load 
 properties; nested exception is java.io.FileNotFoundException: 
 /etc/cas/cas.properties (No such file or directory)
 at 
 org.springframework.context.support.PropertySourcesPlaceholderConfigurer.postProcessBeanFactory(PropertySourcesPlaceholderConfigurer.java:147)
 at 
 org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:681)
 at 
 org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:656)
 at 
 org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:446)
 at 
 org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:385)
 at 
 org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:284)
 at 
 org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
 at 
 org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody0(SafeContextLoaderListener.java:75)
 at 
 org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody1$advice(SafeContextLoaderListener.java:57)
 at 
 org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:1)
 at 
 org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5016)
 at 
 org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5524)
 at 
 org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
 at 
 org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
 at 
 org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
 at 
 org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
 at 
 org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1081)
 at 
 org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1877)
 at 
 java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
 at java.util.concurrent.FutureTask.run(FutureTask.java:262)
 at 
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at 
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)
 Caused by: java.io.FileNotFoundException: /etc/cas/cas.properties (No such 
 file or directory)
 at java.io.FileInputStream.open(Native Method)
 at java.io.FileInputStream.init(FileInputStream.java:146)
 at java.io.FileInputStream.init(FileInputStream.java:101)
 at 
 sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
 at 
 sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
 at 
 org.springframework.core.io.UrlResource.getInputStream(UrlResource.java:125)
 at 
 org.springframework.core.io.support.PropertiesLoaderSupport.loadProperties(PropertiesLoaderSupport.java:181)
 at

Re: [cas-user] cas 4 lppe configuration for password

2015-02-24 Thread Dmitriy Kopylenko

Looks like there is no explicit mapping of ‘AccountPasswordMustChangeException’ 
to the corresponding view in 4.0.1:

https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114
 
https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114

Could be a simple overlook.

Cheers,
D.

 On Feb 24, 2015, at 4:17 PM, Marvin Addison marvin.addi...@gmail.com wrote:
 
 2015-02-24 14:20:57,866 DEBUG 
 [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - Handling 
 PASSWORD_MUST_CHANGE
 
 An AccountPasswordMustChangeException was thrown here. Something in the view 
 layer is supposed to catch that and route the user appropriately.
 
 org.jasig.cas.web.flow.AuthenticationExceptionHandler is the key component to 
 bridge authentication errors with view dispatching. There's a TRACE-level 
 logger on that component that's worth enabling and trying again. It emits a 
 message if no mapping is found. You should scan your login-webflow.xml and 
 make sure it contains a reference to AuthenticationExceptionHandler, which is 
 defined in cas-servlet.xml. All this is configured by default in 4.0.1, so 
 unless you changed it, you should be good.
 
 M
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] cas 4 lppe configuration for password

2015-02-24 Thread Dmitriy Kopylenko

But there is one in master:

https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116
 
https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116

So, wait for 4.1 release ;-)

Cheers,
D.

 On Feb 24, 2015, at 4:30 PM, Dmitriy Kopylenko dkopyle...@unicon.net wrote:
 
 Looks like there is no explicit mapping of 
 ‘AccountPasswordMustChangeException’ to the corresponding view in 4.0.1:
 
 https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114
  
 https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114
 
 Could be a simple overlook.
 
 Cheers,
 D.
 
 On Feb 24, 2015, at 4:17 PM, Marvin Addison marvin.addi...@gmail.com 
 mailto:marvin.addi...@gmail.com wrote:
 
 2015-02-24 14:20:57,866 DEBUG 
 [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - 
 Handling PASSWORD_MUST_CHANGE
 
 An AccountPasswordMustChangeException was thrown here. Something in the view 
 layer is supposed to catch that and route the user appropriately.
 
 org.jasig.cas.web.flow.AuthenticationExceptionHandler is the key component 
 to bridge authentication errors with view dispatching. There's a TRACE-level 
 logger on that component that's worth enabling and trying again. It emits a 
 message if no mapping is found. You should scan your login-webflow.xml and 
 make sure it contains a reference to AuthenticationExceptionHandler, which 
 is defined in cas-servlet.xml. All this is configured by default in 4.0.1, 
 so unless you changed it, you should be good.
 
 M
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] ERROR net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator

2015-02-17 Thread Dmitriy Kopylenko

If anything I'd suggest going with Hazelcast, but then it'd be really a
decision for you to make.

We've had many successful HazelcastTicketRegistry deployments and I'm not aware
of any serious woes with it so far.

Sent from my iPhone

On Feb 17, 2015, at 18:18, Bryan Wooten bryan.woo...@utah.edu wrote:

All, this issue is killing me. I was supposed to go live with this version
tomorrow morning but this issue forced me to cancel.

The symptom I am seeing is that ST’s can’t be validated. I believe this
because tickets are not being replicated across my 2 CAS servers. The back
channel ST validation is failing because of this.

I checked and re-checked my ehcache-replication.xml configuration. Both
servers are listening on port 40001.

I am running on RHEL and have verified that there are no firewalls in place.
I can telnet from each server to the other on port 40001.

I have set the remote port in ehcache-replication.xml to 40002 yet neither
server seems to be listening on this port.

Does anyone have suggestions for log4j settings I should set to get
additional debug info.

I did note that my pom.xml has a dependency for ehcache, but I think that is
built into the 3.5.2 overlay and I may not need that dependency.

Ehcache has work well on our 3.4.12 CAS for many years, I am now stumped.
Part of me says Dump ehcache and go to Hazelcast… JPA ticket registry is out
of the question.

Cheers,

Bryan

From: Bryan Wooten bryan.woo...@utah.edu
Reply-To: cas-user@lists.jasig.org cas-user@lists.jasig.org
Date: Tuesday, February 17, 2015 at 10:21 AM
To: cas-user@lists.jasig.org cas-user@lists.jasig.org
Subject: [cas-user] ERROR
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator

My cas.log is filled with this error: (CAS 3.5.2)

2015-02-17 07:53:18,138 ERROR
[net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator] - Exception on
flushing of replication queue: null. Continuing...
java.lang.NullPointerException
at
net.sf.ehcache.distribution.RMISynchronousCacheReplicator.listRemoteCachePeers(RMISynchronousCacheReplicator.java:335)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator.writeReplicationQueue(RMIAsynchronousCacheReplicator.java:312)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator.replicationThreadMain(RMIAsynchronousCacheReplicator.java:127)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator.access$000(RMIAsynchronousCacheReplicator.java:58)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator$ReplicationThread.run(RMIAsynchronousCacheReplicator.java:389)

I found this:

https://issues.jasig.org/browse/CAS-1174

But I am not using ClearPass.

Bryan Wooten

UIT-Common Infrastructure Systems

--
You are currently subscribed to cas-user@lists.jasig.org as:
bryan.woo...@utah.edu
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
dkopyle...@unicon.net
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] question about non-web console service registration

2015-02-05 Thread Dmitriy Kopylenko

There is no JSON svc registry addon for 4.0 (as CAS will have the native JSON 
impl in 4.1). For 4.0 simply use the YAML service registry addon if you desire 
so.

https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry 
https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry

Case closed ;-)

Cheers,
D.

 On Feb 5, 2015, at 4:35 PM, Milt Epstein mepst...@illinois.edu wrote:
 
 I don't know whether that's strictly true, but I did say that if you
 were using CAS 4.0.x, the YAML version is easier to use.
 
 Milt Epstein
 Applications Developer
 Graduate School of Library and Information Science (GSLIS)
 University of Illinois at Urbana-Champaign (UIUC)
 mepst...@illinois.edu
 
 
 On Thu, 5 Feb 2015, Chris Adams wrote:
 
 Thank you. After packaging and deploying a new war, and experiencing many 
 errors, I read the following and it seems that, to use JSON, I need to use 
 CAS 4.1 (I am using 4.0) or incorporate the YAML service registry for CAS 
 4.0.
 
 “Minimum supported version of CAS in versions of the 1.x series of 
 cas-addons is 3.5.1. 1.x series of cas-addons is not supported on CAS 4.x. 
 For CAS 4.x support look for the upcoming series of micro 
 addonshttps://github.com/unicon-cas-addons libraries grouped by distinct 
 features in upcoming months.”
 
 https://www.mail-archive.com/cas-user@lists.jasig.org/msg18304.html
 
 
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 Sent: Thursday, February 05, 2015 10:16 AM
 To: cas-user@lists.jasig.org
 Subject: Re: [cas-user] question about non-web console service registration
 
 No. Follow instructions found here:
 
 https://github.com/Unicon/cas-addons/blob/master/README.md
 
 D.
 
 Sent from my iPhone
 
 On Feb 5, 2015, at 12:53, Chris Adams 
 chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 So, is this the dependency that I need ?
 
 dependency
   groupIdnet.unicon.cas/groupId
   artifactIdcas-addon-json-services-registry/artifactId
   version1.0.0-RC1/version
 /dependency
 
 |-Original Message-
 |From: 
 mepst...@gwork254.lis.illinois.edumailto:mepst...@gwork254.lis.illinois.edu
 |[mailto:mepst...@gwork254.lis.illinois.edu] On Behalf Of Milt Epstein
 |Sent: Wednesday, February 04, 2015 2:12 PM
 |To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 |Subject: RE: [cas-user] question about non-web console service registration
 |
 |Do you need to include a dependency in your pom.xml to get the unicon json-
 |services-registry package?
 |
 |Milt Epstein
 |Applications Developer
 |Graduate School of Library and Information Science (GSLIS) University of
 |Illinois at Urbana-Champaign (UIUC) 
 mepst...@illinois.edumailto:mepst...@illinois.edu
 |
 |
 |On Wed, 4 Feb 2015, Chris Adams wrote:
 |
 | Thank you for spotting that. I have made those changes and restarted
 |Tomcat.
 |
 | I am still getting errors while utilizing the JSON service registry code. 
 Without
 |it, things work fine. Here is what I am seeing.
 |
 | org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
 |Line 60 in XML document from ServletContext resource [/WEB-
 |INF/deployerConfigContext.xml] is invalid; nested exception is
 |org.xml.sax.SAXParseException; lineNumber: 60; columnNumber: 48; cvc-
 |complex-type.2.4.c: The matching wildcard is strict, but no declaration can 
 be
 |found for element 'cas:json-services-registry'.
 |
 | From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 | Sent: Wednesday, February 04, 2015 10:37 AM
 | To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 | Subject: Re: [cas-user] question about non-web console service
 | registration
 |
 | Here’s the culprit (in the attached file). Last line in the “beans elem. 
 header”
 |looks like:
 |
 | http://unicon.net/schema/cas
 | http://unicon.net/schemas/cas/addons.xsd”
 |
 | it’s supposed to look like this:
 |
 | http://unicon.net/schema/cas
 | http://unicon.net/schema/cas/cas-addons.xsd”
 |
 | Cheers,
 | D.
 |
 | On Feb 4, 2015, at 12:09 PM, Chris Adams
 |chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us
  wrote:
 |
 | Here it is...
 |
 | |-Original Message-
 | |From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 | |Sent: Wednesday, February 04, 2015 3:46 AM
 | |To: 
 cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 | |Subject: Re: [cas-user] question about non-web console service
 | |registration
 | |
 | |FWIW,
 | |
 | |can you attach your entire file?
 | |
 | |Cheers,
 | |Dmitriy.
 | |
 | |Sent from my iPhone
 | |
 | | On Feb 3, 2015, at 19:23, Chris Adams
 |chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us
  wrote:
 | |
 | | Thank you for your reply.
 | |
 | | I did have the line xmlns:cas=http://unicon.net/schema/cas; defined.
 | |
 | | beans xmlns=http://www.springframework.org/schema/beans;
 | |   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 | |   xmlns:p=http

Re: [cas-user] question about non-web console service registration

2015-02-05 Thread Dmitriy Kopylenko

No. Follow instructions found here: 

https://github.com/Unicon/cas-addons/blob/master/README.md

D. 

Sent from my iPhone

 On Feb 5, 2015, at 12:53, Chris Adams chris.a.ad...@state.or.us wrote:
 
 So, is this the dependency that I need ?
 
 dependency
groupIdnet.unicon.cas/groupId
artifactIdcas-addon-json-services-registry/artifactId
version1.0.0-RC1/version
 /dependency
 
 |-Original Message-
 |From: mepst...@gwork254.lis.illinois.edu
 |[mailto:mepst...@gwork254.lis.illinois.edu] On Behalf Of Milt Epstein
 |Sent: Wednesday, February 04, 2015 2:12 PM
 |To: cas-user@lists.jasig.org
 |Subject: RE: [cas-user] question about non-web console service registration
 |
 |Do you need to include a dependency in your pom.xml to get the unicon json-
 |services-registry package?
 |
 |Milt Epstein
 |Applications Developer
 |Graduate School of Library and Information Science (GSLIS) University of
 |Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu
 |
 |
 |On Wed, 4 Feb 2015, Chris Adams wrote:
 |
 | Thank you for spotting that. I have made those changes and restarted
 |Tomcat.
 |
 | I am still getting errors while utilizing the JSON service registry code. 
 Without
 |it, things work fine. Here is what I am seeing.
 |
 | org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
 |Line 60 in XML document from ServletContext resource [/WEB-
 |INF/deployerConfigContext.xml] is invalid; nested exception is
 |org.xml.sax.SAXParseException; lineNumber: 60; columnNumber: 48; cvc-
 |complex-type.2.4.c: The matching wildcard is strict, but no declaration can 
 be
 |found for element 'cas:json-services-registry'.
 |
 | From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 | Sent: Wednesday, February 04, 2015 10:37 AM
 | To: cas-user@lists.jasig.org
 | Subject: Re: [cas-user] question about non-web console service
 | registration
 |
 | Here’s the culprit (in the attached file). Last line in the “beans elem. 
 header”
 |looks like:
 |
 | http://unicon.net/schema/cas
 | http://unicon.net/schemas/cas/addons.xsd”
 |
 | it’s supposed to look like this:
 |
 | http://unicon.net/schema/cas
 | http://unicon.net/schema/cas/cas-addons.xsd”
 |
 | Cheers,
 | D.
 |
 | On Feb 4, 2015, at 12:09 PM, Chris Adams
 |chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 |
 | Here it is...
 |
 | |-Original Message-
 | |From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 | |Sent: Wednesday, February 04, 2015 3:46 AM
 | |To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 | |Subject: Re: [cas-user] question about non-web console service
 | |registration
 | |
 | |FWIW,
 | |
 | |can you attach your entire file?
 | |
 | |Cheers,
 | |Dmitriy.
 | |
 | |Sent from my iPhone
 | |
 | | On Feb 3, 2015, at 19:23, Chris Adams
 |chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 | |
 | | Thank you for your reply.
 | |
 | | I did have the line xmlns:cas=http://unicon.net/schema/cas; defined.
 | |
 | | beans xmlns=http://www.springframework.org/schema/beans;
 | |   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 | |   xmlns:p=http://www.springframework.org/schema/p;
 | |   xmlns:c=http://www.springframework.org/schema/c;
 | |   xmlns:tx=http://www.springframework.org/schema/tx;
 | |   xmlns:util=http://www.springframework.org/schema/util;
 | |   xmlns:sec=http://www.springframework.org/schema/security;
 | |   xmlns:cas=http://unicon.net/schema/cas;
 | |
 |xsi:schemaLocation=http://www.springframework.org/schema/beans
 | |
 | | http://www.springframework.org/schema/beans/spring-
 | |beans-3.2.xsd
 | |   http://www.springframework.org/schema/tx
 | |   
 http://www.springframework.org/schema/tx/spring-tx-
 |3.2.xsd
 | |   http://www.springframework.org/schema/security
 | |
 | | http://www.springframework.org/schema/security/spring-
 | |security-3.2.xsd
 | |   http://www.springframework.org/schema/util
 | |   
 http://www.springframework.org/schema/util/spring-
 |util.xsd
 | |   http://unicon.net/schema/cas
 | |
 | | http://unicon.net/schema/cas/cas-addons.xsd;
 | |
 | | After restarting Tomcat, I can't get to the login page. The log show 
 this:
 | |
 | |
 | | 2015-02-03 16:01:40,237 ERROR
 | | [org.jasig.cas.web.init.SafeContextLoaderListener]
 | | - SafeContextLoaderListener:
 | | The Spring ContextLoaderListener we wrap threw on contextInitialized.
 | | But for our having caught this error, the web application context
 | | would not have initialized.
 | |
 |org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
 | | Line 65 in XML document from ServletContext resource
 | | [/WEB-INF/deployerConfigContext.xml] i s invalid; nested exception
 | | is org.xml.sax.SAXParseException; lineNumber: 65; col
 | | umnNumber: 48; cvc-complex-type.2.4.c: The matching wildcard is
 | | strict, but no de

Re: [cas-user] question about non-web console service registration

You got it - in the overlay's pom. 

D.

Sent from my iPhone

 On Feb 4, 2015, at 17:11, Milt Epstein mepst...@illinois.edu wrote:
 
 Do you need to include a dependency in your pom.xml to get the unicon
 json-services-registry package?
 
 Milt Epstein
 Applications Developer
 Graduate School of Library and Information Science (GSLIS)
 University of Illinois at Urbana-Champaign (UIUC)
 mepst...@illinois.edu
 
 
 On Wed, 4 Feb 2015, Chris Adams wrote:
 
 Thank you for spotting that. I have made those changes and restarted Tomcat.
 
 I am still getting errors while utilizing the JSON service registry code. 
 Without it, things work fine. Here is what I am seeing.
 
 org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 
 60 in XML document from ServletContext resource 
 [/WEB-INF/deployerConfigContext.xml] is invalid; nested exception is 
 org.xml.sax.SAXParseException; lineNumber: 60; columnNumber: 48; 
 cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration 
 can be found for element 'cas:json-services-registry'.
 
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 Sent: Wednesday, February 04, 2015 10:37 AM
 To: cas-user@lists.jasig.org
 Subject: Re: [cas-user] question about non-web console service registration
 
 Here’s the culprit (in the attached file). Last line in the “beans elem. 
 header” looks like:
 
 http://unicon.net/schema/cas http://unicon.net/schemas/cas/addons.xsd”
 
 it’s supposed to look like this:
 
 http://unicon.net/schema/cas http://unicon.net/schema/cas/cas-addons.xsd”
 
 Cheers,
 D.
 
 On Feb 4, 2015, at 12:09 PM, Chris Adams 
 chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 
 Here it is...
 
 |-Original Message-
 |From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 |Sent: Wednesday, February 04, 2015 3:46 AM
 |To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 |Subject: Re: [cas-user] question about non-web console service registration
 |
 |FWIW,
 |
 |can you attach your entire file?
 |
 |Cheers,
 |Dmitriy.
 |
 |Sent from my iPhone
 |
 | On Feb 3, 2015, at 19:23, Chris Adams 
 chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 |
 | Thank you for your reply.
 |
 | I did have the line xmlns:cas=http://unicon.net/schema/cas; defined.
 |
 | beans xmlns=http://www.springframework.org/schema/beans;
 |   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 |   xmlns:p=http://www.springframework.org/schema/p;
 |   xmlns:c=http://www.springframework.org/schema/c;
 |   xmlns:tx=http://www.springframework.org/schema/tx;
 |   xmlns:util=http://www.springframework.org/schema/util;
 |   xmlns:sec=http://www.springframework.org/schema/security;
 |   xmlns:cas=http://unicon.net/schema/cas;
 |   xsi:schemaLocation=http://www.springframework.org/schema/beans
 |   
 http://www.springframework.org/schema/beans/spring-
 |beans-3.2.xsd
 |   http://www.springframework.org/schema/tx
 |   
 http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
 |   http://www.springframework.org/schema/security
 |   
 http://www.springframework.org/schema/security/spring-
 |security-3.2.xsd
 |   http://www.springframework.org/schema/util
 |   
 http://www.springframework.org/schema/util/spring-util.xsd
 |   http://unicon.net/schema/cas
 |
 | http://unicon.net/schema/cas/cas-addons.xsd;
 |
 | After restarting Tomcat, I can't get to the login page. The log show this:
 |
 |
 | 2015-02-03 16:01:40,237 ERROR
 | [org.jasig.cas.web.init.SafeContextLoaderListener]
 | - SafeContextLoaderListener:
 | The Spring ContextLoaderListener we wrap threw on contextInitialized.
 | But for our having caught this error, the web application context
 | would not have initialized.
 | org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
 | Line 65 in XML document from ServletContext resource
 | [/WEB-INF/deployerConfigContext.xml] i s invalid; nested exception is
 | org.xml.sax.SAXParseException; lineNumber: 65; col
 | umnNumber: 48; cvc-complex-type.2.4.c: The matching wildcard is
 | strict, but no de claration can be found for element 'cas:json-services-
 |registry'.
 |
 |
 |
 | |-Original Message-
 | |From: 
 mepst...@gwork254.lis.illinois.edumailto:mepst...@gwork254.lis.illinois.edu
 | |[mailto:mepst...@gwork254.lis.illinois.edu] On Behalf Of Milt Epstein
 | |Sent: Tuesday, February 03, 2015 1:36 PM
 | |To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 | |Subject: RE: [cas-user] question about non-web console service
 | |registration
 | |
 | |Answers inline below.
 | |
 | |Milt Epstein
 | |Applications Developer
 | |Graduate School of Library and Information Science (GSLIS) University
 | |of Illinois at Urbana-Champaign (UIUC) 
 mepst...@illinois.edumailto:mepst...@illinois.edu

Re: [cas-user] question about non-web console service registration

You'd need to also make sure that you have the cas-addons jar in the app's 
classpath. 

D. 

Sent from my iPhone

 On Feb 4, 2015, at 16:41, Chris Adams chris.a.ad...@state.or.us wrote:
 
 Thank you for spotting that. I have made those changes and restarted Tomcat.
  
 I am still getting errors while utilizing the JSON service registry code. 
 Without it, things work fine. Here is what I am seeing.
  
 org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 
 60 in XML document from ServletContext resource 
 [/WEB-INF/deployerConfigContext.xml] is invalid; nested exception is 
 org.xml.sax.SAXParseException; lineNumber: 60; columnNumber: 48; 
 cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration 
 can be found for element 'cas:json-services-registry'.
  
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
 Sent: Wednesday, February 04, 2015 10:37 AM
 To: cas-user@lists.jasig.org
 Subject: Re: [cas-user] question about non-web console service registration
  
 Here’s the culprit (in the attached file). Last line in the “beans elem. 
 header” looks like:
  
 http://unicon.net/schema/cas http://unicon.net/schemas/cas/addons.xsd”
  
 it’s supposed to look like this:
  
 http://unicon.net/schema/cas http://unicon.net/schema/cas/cas-addons.xsd”
  
 Cheers,
 D.
  
 On Feb 4, 2015, at 12:09 PM, Chris Adams chris.a.ad...@state.or.us wrote:
  
 Here it is...
 
 |-Original Message-
 |From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 |Sent: Wednesday, February 04, 2015 3:46 AM
 |To: cas-user@lists.jasig.org
 |Subject: Re: [cas-user] question about non-web console service registration
 |
 |FWIW,
 |
 |can you attach your entire file?
 |
 |Cheers,
 |Dmitriy.
 |
 |Sent from my iPhone
 |
 | On Feb 3, 2015, at 19:23, Chris Adams chris.a.ad...@state.or.us wrote:
 |
 | Thank you for your reply.
 |
 | I did have the line xmlns:cas=http://unicon.net/schema/cas; defined.
 |
 | beans xmlns=http://www.springframework.org/schema/beans;
 |   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
 |   xmlns:p=http://www.springframework.org/schema/p;
 |   xmlns:c=http://www.springframework.org/schema/c;
 |   xmlns:tx=http://www.springframework.org/schema/tx;
 |   xmlns:util=http://www.springframework.org/schema/util;
 |   xmlns:sec=http://www.springframework.org/schema/security;
 |   xmlns:cas=http://unicon.net/schema/cas;
 |   xsi:schemaLocation=http://www.springframework.org/schema/beans
 |   
 http://www.springframework.org/schema/beans/spring-
 |beans-3.2.xsd
 |   http://www.springframework.org/schema/tx
 |   
 http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
 |   http://www.springframework.org/schema/security
 |   
 http://www.springframework.org/schema/security/spring-
 |security-3.2.xsd
 |   http://www.springframework.org/schema/util
 |   
 http://www.springframework.org/schema/util/spring-util.xsd
 |   http://unicon.net/schema/cas
 |
 | http://unicon.net/schema/cas/cas-addons.xsd;
 |
 | After restarting Tomcat, I can't get to the login page. The log show this:
 |
 |
 | 2015-02-03 16:01:40,237 ERROR
 | [org.jasig.cas.web.init.SafeContextLoaderListener]
 | - SafeContextLoaderListener:
 | The Spring ContextLoaderListener we wrap threw on contextInitialized.
 | But for our having caught this error, the web application context
 | would not have initialized.
 | org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
 | Line 65 in XML document from ServletContext resource
 | [/WEB-INF/deployerConfigContext.xml] i s invalid; nested exception is
 | org.xml.sax.SAXParseException; lineNumber: 65; col
 | umnNumber: 48; cvc-complex-type.2.4.c: The matching wildcard is
 | strict, but no de claration can be found for element 'cas:json-services-
 |registry'.
 |
 |
 |
 | |-Original Message-
 | |From: mepst...@gwork254.lis.illinois.edu
 | |[mailto:mepst...@gwork254.lis.illinois.edu] On Behalf Of Milt Epstein
 | |Sent: Tuesday, February 03, 2015 1:36 PM
 | |To: cas-user@lists.jasig.org
 | |Subject: RE: [cas-user] question about non-web console service
 | |registration
 | |
 | |Answers inline below.
 | |
 | |Milt Epstein
 | |Applications Developer
 | |Graduate School of Library and Information Science (GSLIS) University
 | |of Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu
 | |
 | |
 | |On Tue, 3 Feb 2015, Chris Adams wrote:
 | |
 | | Thank you.
 | |
 | | I attempted to use JSON, using
 | | https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service
 | | -Re
 | | gistry as a reference, but couldn't get it working. From the
 | | gistry cas.log
 | | :
 | |
 | | 2015-02-02 14:54:42,226 ERROR
 | |[org.jasig.cas.web.init.SafeContextLoaderListener] -
 | |SafeContextLoaderListener:
 | | The Spring ContextLoaderListener we

Re: [cas-user] question about non-web console service registration

Those are virtual resources mapped to physical XSD on the classpath. One 
needs to make sure the cas-addons-x.y.jar is available on the app's classpath. 
This is standard Spring's custom XML schema authoring machinery. 

Cheers,
D. 

Sent from my iPhone

 On Feb 4, 2015, at 07:04, Alberto Cabello Sánchez albe...@unex.es wrote:
 
 FWIW, the following URLs yield HTTP 404 errors:
 
   http://unicon.net/schema/cas
   http://unicon.net/schema/cas/cas-addons.xsd;
 
 -- 
 Alberto Cabello Sánchez
 albe...@unex.es
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] question about non-web console service registration

FWIW,

can you attach your entire file?

Cheers,
Dmitriy. 

Sent from my iPhone

 On Feb 3, 2015, at 19:23, Chris Adams chris.a.ad...@state.or.us wrote:
 
 Thank you for your reply. 
 
 I did have the line xmlns:cas=http://unicon.net/schema/cas; defined.
 
 beans xmlns=http://www.springframework.org/schema/beans;
   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
   xmlns:p=http://www.springframework.org/schema/p;
   xmlns:c=http://www.springframework.org/schema/c;
   xmlns:tx=http://www.springframework.org/schema/tx;
   xmlns:util=http://www.springframework.org/schema/util;
   xmlns:sec=http://www.springframework.org/schema/security;
   xmlns:cas=http://unicon.net/schema/cas;
   xsi:schemaLocation=http://www.springframework.org/schema/beans
   
 http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
   http://www.springframework.org/schema/tx
   
 http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
   http://www.springframework.org/schema/security
   
 http://www.springframework.org/schema/security/spring-security-3.2.xsd
   http://www.springframework.org/schema/util
   
 http://www.springframework.org/schema/util/spring-util.xsd
   http://unicon.net/schema/cas
   http://unicon.net/schema/cas/cas-addons.xsd;
 
 After restarting Tomcat, I can't get to the login page. The log show this:
 
 
 2015-02-03 16:01:40,237 ERROR 
 [org.jasig.cas.web.init.SafeContextLoaderListener]
 - SafeContextLoaderListener:
 The Spring ContextLoaderListener we wrap threw on contextInitialized.
 But for our having caught this error, the web application context would not 
 have
 initialized.
 org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 
 65 in
 XML document from ServletContext resource 
 [/WEB-INF/deployerConfigContext.xml] i
 s invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 65; 
 col
 umnNumber: 48; cvc-complex-type.2.4.c: The matching wildcard is strict, but 
 no de
 claration can be found for element 'cas:json-services-registry'.
 
 
 
 |-Original Message-
 |From: mepst...@gwork254.lis.illinois.edu
 |[mailto:mepst...@gwork254.lis.illinois.edu] On Behalf Of Milt Epstein
 |Sent: Tuesday, February 03, 2015 1:36 PM
 |To: cas-user@lists.jasig.org
 |Subject: RE: [cas-user] question about non-web console service registration
 |
 |Answers inline below.
 |
 |Milt Epstein
 |Applications Developer
 |Graduate School of Library and Information Science (GSLIS) University of
 |Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu
 |
 |
 |On Tue, 3 Feb 2015, Chris Adams wrote:
 |
 | Thank you.
 |
 | I attempted to use JSON, using
 | https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Service-Re
 | gistry as a reference, but couldn't get it working. From the cas.log
 | :
 |
 | 2015-02-02 14:54:42,226 ERROR
 |[org.jasig.cas.web.init.SafeContextLoaderListener] -
 |SafeContextLoaderListener:
 | The Spring ContextLoaderListener we wrap threw on contextInitialized.
 | But for our having caught this error, the web application context would not
 |have initialized.
 | org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
 |Line 57 in XML document from ServletContext resource [/WEB-
 |INF/deployerConfigContext.xml] is invalid; nested exception is
 |org.xml.sax.SAXParseException; lineNumber: 57; columnNumber: 48; The
 |prefix cas for element cas:json-services-registry is not bound.
 |
 |In XML files, when you see something like cas:json-services-registry, the
 |part before the ':' is the namespace being used for the tag.  This namespace
 |has to have been defined earlier, in this case, in the beans tag.  If you 
 look at
 |the examples on the page you reference, they contain something like:
 |
 |   xmlns:cas=http://unicon.net/schema/cas;
 |
 |That defines the cas namespace.  It sounds like your XML file is missing 
 that.
 |
 |
 | For YAML, is this what you are referring to?
 |
 | https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry
 |
 |Yes.  If you're using CAS 4.0.x, this is easier to get going with, as 
 compared
 |with the JSON version above.
 |
 |
 | Just out of curiosity, does service registry utilizing
 | deployConfigContext.xml without utilizing a database, allow one to
 | register service data that persists across restarts ?
 |
 |If I understand you correctly, then the answer is yes.  Note that if you're 
 using
 |the JSON or YAML services registry, it's not really just utilizing
 |deployConfigContext.xml.  But using these schemes, as long as the services
 |registry file persists, the information it contains will be used.  If you 
 change
 |that file, and stop/start CAS -- or change it while CAS is not running -- 
 when
 |you start CAS up again, it will use the info

Re: [cas-user] Limit service access on a per-user basis

2015-02-03 Thread Dmitriy Kopylenko

Which version of CAS?

For 3.5.x line there is a simple role-based add on that might be able to solve 
your use case: 
https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization 
https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization

For version 4.1 (not yet released), there is a “native authorization facility 
is being developed (as far as I’m aware).

Best,
Dmitriy.

 On Feb 3, 2015, at 9:29 AM, Giorgio Maria Santini gsant...@voiptech.it 
 wrote:
 
 Hello,
 
 I'm looking for a way to limit service access on a per-user basis. Thus, I 
 check for a registeredService, I authenticate the user, and then I want to 
 stop the authentication process if the user has no the abilty to access the 
 registeredService. I don't know if there is a built-in facility in Cas or if 
 I have to customize the login flow to accomplish the task. Imagine I have 
 users A,B,C, and services S1 and S2, I'd like to be able to say users A,B 
 use services S1 and S2. User C uses service S2 not S1.
 
 Thanks for any suggestion
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Service management

2015-02-02 Thread Dmitriy Kopylenko

This is an “unstable” add on at this time and explicitly depends on CAS 
4.1.0-SNAPSHOT (unreleased). I think a better option would be to wait until 
4.1.0 gets released (CAS devs: when that would be?), as I heard there is a 
“native” authorization facility is being developed that is targeted for 
inclusion in cas core 4.1.0.

Cheers,
Dmitriy.

 On Feb 2, 2015, at 11:51 AM, Yannick MOLINET yannick.moli...@dixinfor.com 
 wrote:
 
 HI all,
  
 Sorry for the delay, I was in vacation.
 I’m new in CAS environnement, how can I add your addon in my installation 
 (Maven Overlay) ?
  
 Thanks,
 Yannick
  
  
 De : Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
 Envoyé : vendredi 23 janvier 2015 18:04
 À : cas-user@lists.jasig.org
 Objet : Re: [cas-user] Service management
  
 A new micro addon (same functionality as the current one from cas-addons) is 
 available (1.0.0-RC2 is depends on CAS 4.1.0-SNAPSHOT at the moment as it 
 uses some advanced features of Spring 4 for easy auto configuration facility):
  
 https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization
  
 https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization
  
 The documentation has not migrated yet (just need few adopters needing to use 
 this library where there will be a demand for documentation) ;-)
  
 Cheers,
 Dmitriy.
  
 On Jan 23, 2015, at 11:41 AM, John Gasper jgas...@unicon.net 
 mailto:jgas...@unicon.net wrote:
  
 Historically CAS does not focus on authorization, that is left to the client 
 applications. Unicon has developed an add-on [1] that can do some basic 
 checking, but I don't know if it has been migrated to support 4.0 yet. You 
 might be able to use it as an outline to help you.
 
 [1] 
 https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization 
 https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization
 
 ---
 John Gasper
 IAM Consultant
 Unicon, Inc.
 PGP/GPG Key: 0xbafee3ef
 
 On 1/23/15 1:38 AM, Yannick MOLINET wrote:
 Hi all,
  
 I have successfully configured a CAS Server 4.0.1 with two LDAP sources (one 
 AD, one LDAP), with mod_auth_cas, mod_jk.
 I want to authenticate my users on two different webapp.
  
 In my point  of view, I think to allow access to a specific webapp if the 
 user is in correct group (grp_webapp1 or/and grp_webapp2).
 The two apps are publish like http://server/webapp1 http://server/webapp1 
 and http://server/webapp2 http://server/webapp2.
  
 Is it possible to grant acces to a webapp throw the CAS is the user is in a 
 correct group ?
  
 Sorry for my poor english,
 Thanks,
 Yannick
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: jgas...@unicon.net 
 mailto:jgas...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
  
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: yannick.moli...@dixinfor.com 
 mailto:yannick.moli...@dixinfor.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Not in office from 2nd Feb 2015 to 13th Feb 2015

2015-01-30 Thread Dmitriy Kopylenko

Well, that’s nice to know. Thanks for letting the world know ;-))

D.

 On Jan 30, 2015, at 9:23 AM, avinash.bang...@webaccessglobal.com wrote:
 
 Hi,
 
 I am not in office from 2nd Feb 2015 to 13th Feb 2015.
 
 Regards,
 Avinash
 
 
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Service management

2015-01-23 Thread Dmitriy Kopylenko

A new micro addon (same functionality as the current one from cas-addons) is 
available (1.0.0-RC2 is depends on CAS 4.1.0-SNAPSHOT at the moment as it uses 
some advanced features of Spring 4 for easy auto configuration facility):

https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization
 
https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization

The documentation has not migrated yet (just need few adopters needing to use 
this library where there will be a demand for documentation) ;-)

Cheers,
Dmitriy.

 On Jan 23, 2015, at 11:41 AM, John Gasper jgas...@unicon.net wrote:
 
 Historically CAS does not focus on authorization, that is left to the client 
 applications. Unicon has developed an add-on [1] that can do some basic 
 checking, but I don't know if it has been migrated to support 4.0 yet. You 
 might be able to use it as an outline to help you.
 
 [1] 
 https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization 
 https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization
 
 ---
 John Gasper
 IAM Consultant
 Unicon, Inc.
 PGP/GPG Key: 0xbafee3ef
 
 On 1/23/15 1:38 AM, Yannick MOLINET wrote:
 Hi all,
  
 I have successfully configured a CAS Server 4.0.1 with two LDAP sources (one 
 AD, one LDAP), with mod_auth_cas, mod_jk.
 I want to authenticate my users on two different webapp.
  
 In my point  of view, I think to allow access to a specific webapp if the 
 user is in correct group (grp_webapp1 or/and grp_webapp2).
 The two apps are publish like http://server/webapp1 http://server/webapp1 
 and http://server/webapp2 http://server/webapp2.
  
 Is it possible to grant acces to a webapp throw the CAS is the user is in a 
 correct group ?
  
 Sorry for my poor english,
 Thanks,
 Yannick
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: jgas...@unicon.net 
 mailto:jgas...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Audit Logging Questions

Correction: AUTHENTICATION_SUCESS - AUTHENTICATION_SUCCESS

 On Jan 15, 2015, at 11:06 AM, Dmitriy Kopylenko dkopyle...@unicon.net wrote:
 
 AUTHENTICATION_SUCESS


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Audit Logging Questions

SERVICE_TICKET_CREATED

SERVICE_TICKET_NOT_CREATED

PROXY_GRANTING_TICKET_CREATED

PROXY_GRANTING_NOT_TICKET_CREATED

SERVICE_TICKET_VALIDATED

SERVICE_TICKET_VALIDATE_FAILED

TICKET_GRANTING_TICKET_CREATED

TICKET_GRANTING_TICKET_NOT_CREATED

TICKET_GRANTING_TICKET_DESTROYED

AUTHENTICATION_SUCESS

AUTHENTICATION_FAILED

Cheers,
D.


 On Jan 15, 2015, at 10:41 AM, Adam Causey apcau...@vcu.edu wrote:
 
 I have a couple of questions regarding the Inspektr audit logging in CAS:
 
 1) Where can I get a list of all possible ACTIONs that could be logged 
 (AUTHENTICATION_SUCCESS, TICKET_GRANTING_TICKET_CREATED, etc.)?
 
 2) Does anyone have a regular expression that they currently use to parse the 
 audit logs that they could share?  We use QRadar.
 
 Thanks,
 
 Adam Causey
 Virginia Commonwealth Universiy
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Building source JARs for specific CAS version

Clone the repo then do 'git checkout v4.0.0'

D. 

Sent from my iPhone

 On Jan 14, 2015, at 20:24, Zac Harvey zhar...@commercehub.com wrote:
 
 Dmitriy, one last quick followup here: I see what you mean by each release 
 having its own tag, but how do I clone that specific version/tag? I would 
 have expected the clone URL field to change for the v4.0.0 tag, but it still 
 appears to be https://github.com/Jasig/cas.git.  Thoughts?
  
 From: Dmitriy Kopylenko dkopyle...@unicon.net
 Sent: Wednesday, January 14, 2015 4:09 PM
 To: cas-user@lists.jasig.org
 Subject: Re: [cas-user] Building source JARs for specific CAS version
  
 There is a tag for each release. You need to check out the v4.0.0 tag: 
 https://github.com/Jasig/cas/tree/v4.0.0
 
 Cheers,
 D.
 
 On Jan 14, 2015, at 4:06 PM, Zac Harvey zhar...@commercehub.com wrote:
 
 My CAS SSO project uses 4.0.0, and I see that the latest (master) version is 
 4.1.0.
 
 If I clone the master branch from GitHub, and then run mvn source:jar, I get 
 source JARs built for the current 4.1.0 version.  But I want to build source 
 JARs for the version my SSO project uses (4.0.0).
 
 I looked at the list of available branches on GitHub, and only see one 
 branch called 4.0.x.  I'm not sure what the last 4.0.x version was, but 
 I'm guessing it wasn't 4.0.0.  Anybody know how/where I can find the 4.0.0 
 source version?
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 zhar...@commercehub.com
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] AcceptUsersAuthenticationHandler is used instead of LDAP

deployerConfigContext.xml MUST reside in WEB-INF (the root) and NOT in 
WEB-INF/spring-configuration. Configure all your beans in the correct place, 
re-build, re-deploy, test. Rinse and repeat. 

Cheers,
D. 

Sent from my iPhone

 On Jan 15, 2015, at 07:46, Tiit Kaeeli kae...@quretec.com wrote:
 
 On Wed, 14 Jan 2015, Tiit Kaeeli wrote:
 
 On Fri, 9 Jan 2015, Tiit Kaeeli wrote:
 
 On Fri, 9 Jan 2015, Marvin Addison wrote:
 
  Yes, after every chage I do:
  mvn clean package
  ./bin/shutdown.sh
  rm -r webapps/cas/ work/ logs/*
  cp target/cas.war 
  ./bin/startup.sh
 That should work, but you might also try clearing out the unpacked war 
 files under (IIRC) $CATALINA_HOME/temp. I have a habit of clearing out 
 those files
 as part of the redeploy process since I had some evidence of changes not 
 taking in the past. Can't hurt in any case.
 temp (and data) do not exist. Usually I remove them too, if existing.
 
 What else can I try? Any more ideas?
 
 Tiit
 
 
 
 I found that after running
 mvn clean package
 
 the follwing deployerConfigContext.xml files appear
 
 ./target/cas/WEB-INF/deployerConfigContext.xml
Has incorrect content
 
 ./target/cas/WEB-INF/spring-configuration/deployerConfigContext.xml
Has correct content
 
 ./target/war/work/org.jasig.cas/cas-server-webapp/WEB-INF/deployerConfigContext.xml
Has incorrect content
 
 ./src/main/webapp/WEB-INF/spring-configuration/deployerConfigContext.xml
Has correct content. This is the only one that exist before
running mvn clean package
 
 
 Can anyone explain from where ./target/cas/WEB-INF/deployerConfigContext.xml 
 and 
 ./target/war/work/org.jasig.cas/cas-server-webapp/WEB-INF/deployerConfigContext.xml
 come from?
 
 
 
 -- 
 Tiit
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Building source JARs for specific CAS version

2015-01-14 Thread Dmitriy Kopylenko

There is a tag for each release. You need to check out the v4.0.0 tag: 
https://github.com/Jasig/cas/tree/v4.0.0 
https://github.com/Jasig/cas/tree/v4.0.0

Cheers,
D.

 On Jan 14, 2015, at 4:06 PM, Zac Harvey zhar...@commercehub.com wrote:
 
 My CAS SSO project uses 4.0.0, and I see that the latest (master) version is 
 4.1.0.
 
 If I clone the master branch from GitHub, and then run mvn source:jar, I get 
 source JARs built for the current 4.1.0 version.  But I want to build source 
 JARs for the version my SSO project uses (4.0.0).
 
 I looked at the list of available branches on GitHub, and only see one branch 
 called 4.0.x.  I'm not sure what the last 4.0.x version was, but I'm 
 guessing it wasn't 4.0.0.  Anybody know how/where I can find the 4.0.0 source 
 version?
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] upgrade with Unicon CAS Overlay project

2015-01-12 Thread Dmitriy Kopylenko

https://github.com/UniconLabs/simple-cas4-overlay-template 
https://github.com/UniconLabs/simple-cas4-overlay-template

Cheers,
D.

 On Jan 12, 2015, at 5:13 PM, Fountain, Rebecca rfount...@tacomacc.edu wrote:
 
 Is it possible to upgrade the Unicon CAS overlay project from cas version 
 3.5.2 to 4.0.0? It looks like this questions has been asked before but I 
 don’t see an answer.
  
 Thanks for your help! 
  
 Rebecca
  
 Rebecca M. Fountain
 Applications Developer
 Tacoma Community College
 Information Systems
 Ph: 253.566.5106
  
  
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] AcceptUsersAuthenticationHandler is used instead of LDAP

2015-01-09 Thread Dmitriy Kopylenko

You'd want to make sure that your change is in effect. After you made that 
change, did you re-build and re-deployed the cas.war?

Cheers,
Dmitriy.

Sent from my iPhone

 On Jan 9, 2015, at 07:16, Tiit Kaeeli kae...@quretec.com wrote:
 
 Hi,
 
 I am unable to find out, why AcceptUsersAuthenticationHandler is still used 
 to 
 authenticate users. Even after commenting out all but ldap in 
 deployerConfigContext.xml (attached)
 
 Log part of the failed login attempt:
 
 
 2015-01-09 13:54:06,047 DEBUG 
 [org.jasig.cas.authentication.AcceptUsersAuthenticationHandler] - kaeeli
 
 was not found in the map.
 2015-01-09 13:54:06,047 INFO 
 [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
 AcceptUsersAuthenticationHandler failed authenticating +password
 2015-01-09 13:54:06,055 INFO 
 [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit 
 trail 
 record BEGIN
 =
 WHO: audit:unknown
 WHAT: supplied credentials: [kaeeli+password]
 ACTION: AUTHENTICATION_FAILED
 APPLICATION: CAS
 WHEN: Fri Jan 09 13:54:06 EET 2015
 CLIENT IP ADDRESS: 192.168.8.5
 SERVER IP ADDRESS: 192.168.7.183
 =
 
 
 
 -- 
 
 Tiit Kaeeli
 OU Quretec
 tiit.kae...@quretec.com
 Tel:+372 5 070 359
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 deployerConfigContext.xml

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] errors when building project

You could try this - 
https://github.com/UniconLabs/simple-cas4-overlay-template 
https://github.com/UniconLabs/simple-cas4-overlay-template

Cheers,
Dmitriy.

 On Dec 19, 2014, at 11:15 AM, Chris Adams chris.a.ad...@state.or.us wrote:
 
 Thank you for your reply. Where should I be building from ?
  
 From: Scott Battaglia [mailto:scott.battag...@gmail.com 
 mailto:scott.battag...@gmail.com] 
 Sent: Friday, December 19, 2014 5:33 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
  
 You're still building within CAS.  If you were using the pure WAR overlay 
 process, your errors should not be coming from this directory:
 /usr/local/cas-server-4.0.0/cas-server-webapp/target/surefire-reports
  
  
  
 On Thu, Dec 18, 2014 at 6:00 PM, Chris Adams chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.us wrote:
 Actually, I am using Maven WAR overlay. I am having a heck of a time building 
  a basic WAR package. I started on a Unix machine and now am testing on a Win 
 7. 
  
 The latest attempt gives me an error about the license plugin.
 [ERROR] Failed to execute goal 
 com.mycila.maven-license-plugin:maven-license-plu
 gin:1.9.0:check (default) on project cas-server-webapp: Resource 
 c:\SSO\CAS\src\
 licensing\header.txt not found in file system, classpath or URL: unknown 
 protocol
 l: c - [Help 1]
  
 I added a plugin section in the pom.xml and ran it again, to no avail.  Is 
 the license header information supposed to be fetched from mycila.com 
 http://mycila.com/, or …..?
  
 plugin
 groupIdcom.mycila.maven-license-plugin/groupId
 artifactIdmaven-license-plugin/artifactId
 configuration
   header${cs.dir}\src\licensing\header.txt/header
   skipExistingHeaderstrue/skipExistingHeaders
   strictChecktrue/strictCheck
   headerDefinitions
 
 headerDefinition${cs.dir}\src\licensing\header-definitions.xml/headerDefinition
   /headerDefinitions
   aggregatetrue/aggregate
   excludes
 excludeLICENSE/exclude
 exclude**/INSTALL*/exclude
 exclude**/NOTICE*/exclude
 exclude**/README*/exclude
 exclude**/readme*/exclude
 exclude**/*.log/exclude
 exclude**/*.license/exclude
 exclude**/*.txt/exclude
 exclude**/*.crt/exclude
 exclude**/*.crl/exclude
 exclude**/*.key/exclude
 exclude**/*.checkstyle/exclude
 exclude**/*.properties/exclude
 exclude**/.gitignore/exclude
 exclude**/overlays/**/exclude
 excludesrc/licensing/**/exclude
 exclude**/testCA/**/exclude
 exclude**/.idea/**/exclude
 exclude**/*.keystore/exclude
 exclude**/*.example/exclude
 exclude**/*.sample/exclude
 exclude**/*.conf/exclude
 exclude**/*.doc/exclude
 exclude**/*.jmx/exclude
   /excludes
 /configuration
 executions
 execution
 phasecompile/phase
 goals
 goalcheck/goal
 /goals
 /execution
 /executions
   /plugin
  
 From: John Gasper [mailto:jgas...@unicon.net mailto:jgas...@unicon.net] 
 Sent: Wednesday, December 17, 2014 8:43 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
  
 Chris,
 
 It looks like you are trying to build CAS Server from source, and not 
 building a deployment using the Maven WAR Overlay method. If so, unless you 
 have a specific reason, I'd look into using the overlay method.
 
 As for the specific error, that's common when mixing incompatible library 
 versions. You may need to do some excluding.
 
 Good luck!
 John
 
 On 12/16/14 1:04 PM, Chris Adams wrote:
 Hello all,
  
 When building a project, I get some error messages.  I know that I can build 
 without running tests, but I am wondering what this means and whether I 
 should figure it out before building. I did run with debug logging and this 
 is the result. I am not sure how to proceed.
  
 Results :
  
 Tests in error:
   testWiring(org.jasig.cas.WiringTests): Error creating bean with name 
 'serviceRegistryReloaderJobDetail' defined in file 
 [/usr/local/cas-server-4.0.0/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/applicationContext.xml]:
  Invocation of init method failed; nested exception is 
 java.lang.NoSuchMethodError: 
 org.apache.commons.collections.SetUtils.orderedSet(Ljava/util/Set;)Ljava/util/Set;
  
 Tests run: 1, Failures: 0, Errors: 1, Skipped: 0
  
 [INFO] 
 
 [INFO] BUILD FAILURE
 [INFO] 
 
 [INFO] Total time: 01:10 min
 [INFO] Finished at:

Re: [cas-user] errors when building project

You don’t have to pull in the CAS server source code repository at all. Just 
clone this overlay repo to your own local computer (where you have JDK and 
Maven installed) and do a build e.g. ‘mvn clean package’ at the top level 
directory. It will do the right thing and will build the final cas.war binary 
which you then deploy to your servlet container of choice. Does that make sense?

D.

 On Dec 19, 2014, at 11:45 AM, Chris Adams chris.a.ad...@state.or.us wrote:
 
 Thank you. Okay, so then I am assuming that I could utilize the template 
 referred to, create a workspace somewhere on the server and do the build, 
 then move the .war file to tomcat webapps. It seems that part of the problem 
 that I have been having is that I have been doing the build from within the 
 CAS install directory.
  
 Can someone verify this ?
  
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net] 
 Sent: Friday, December 19, 2014 8:19 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
  
 You could try this - 
 https://github.com/UniconLabs/simple-cas4-overlay-template 
 https://github.com/UniconLabs/simple-cas4-overlay-template
  
 Cheers,
 Dmitriy.
  
 On Dec 19, 2014, at 11:15 AM, Chris Adams chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.us wrote:
  
 Thank you for your reply. Where should I be building from ?
  
 From: Scott Battaglia [mailto:scott.battag...@gmail.com 
 mailto:scott.battag...@gmail.com] 
 Sent: Friday, December 19, 2014 5:33 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
  
 You're still building within CAS.  If you were using the pure WAR overlay 
 process, your errors should not be coming from this directory:
 /usr/local/cas-server-4.0.0/cas-server-webapp/target/surefire-reports
  
  
  
 On Thu, Dec 18, 2014 at 6:00 PM, Chris Adams chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.us wrote:
 Actually, I am using Maven WAR overlay. I am having a heck of a time building 
  a basic WAR package. I started on a Unix machine and now am testing on a Win 
 7. 
  
 The latest attempt gives me an error about the license plugin.
 [ERROR] Failed to execute goal 
 com.mycila.maven-license-plugin:maven-license-plu
 gin:1.9.0:check (default) on project cas-server-webapp: Resource 
 c:\SSO\CAS\src\
 licensing\header.txt not found in file system, classpath or URL: unknown 
 protocol
 l: c - [Help 1]
  
 I added a plugin section in the pom.xml and ran it again, to no avail.  Is 
 the license header information supposed to be fetched from mycila.com 
 http://mycila.com/, or …..?
  
 plugin
 groupIdcom.mycila.maven-license-plugin/groupId
 artifactIdmaven-license-plugin/artifactId
 configuration
   header${cs.dir}\src\licensing\header.txt/header
   skipExistingHeaderstrue/skipExistingHeaders
   strictChecktrue/strictCheck
   headerDefinitions
 
 headerDefinition${cs.dir}\src\licensing\header-definitions.xml/headerDefinition
   /headerDefinitions
   aggregatetrue/aggregate
   excludes
 excludeLICENSE/exclude
 exclude**/INSTALL*/exclude
 exclude**/NOTICE*/exclude
 exclude**/README*/exclude
 exclude**/readme*/exclude
 exclude**/*.log/exclude
 exclude**/*.license/exclude
 exclude**/*.txt/exclude
 exclude**/*.crt/exclude
 exclude**/*.crl/exclude
 exclude**/*.key/exclude
 exclude**/*.checkstyle/exclude
 exclude**/*.properties/exclude
 exclude**/.gitignore/exclude
 exclude**/overlays/**/exclude
 excludesrc/licensing/**/exclude
 exclude**/testCA/**/exclude
 exclude**/.idea/**/exclude
 exclude**/*.keystore/exclude
 exclude**/*.example/exclude
 exclude**/*.sample/exclude
 exclude**/*.conf/exclude
 exclude**/*.doc/exclude
 exclude**/*.jmx/exclude
   /excludes
 /configuration
 executions
 execution
 phasecompile/phase
 goals
 goalcheck/goal
 /goals
 /execution
 /executions
   /plugin
  
 From: John Gasper [mailto:jgas...@unicon.net mailto:jgas...@unicon.net] 
 Sent: Wednesday, December 17, 2014 8:43 AM
 To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
  
 Chris,
 
 It looks like you are trying to build CAS Server from source, and not 
 building a deployment using the Maven WAR Overlay method. If so, unless you 
 have a specific reason, I'd look into using the overlay method.
 
 As for the specific error, that's common when mixing incompatible library 
 versions. You may need to do

Re: [cas-user] errors when building project

Yep, the cas.properties from etc directory of the repo needs to be placed in 
/etc/cas, as stated here: 
https://github.com/UniconLabs/simple-cas4-overlay-template#configuration 
https://github.com/UniconLabs/simple-cas4-overlay-template#configuration

Cheers,
D.

 On Dec 19, 2014, at 12:53 PM, Milt Epstein mepst...@illinois.edu wrote:
 
 Does your build (and hence your cas.war) include a cas.properties file
 that has some settings that is leading to this behavior?
 
 Milt Epstein
 Applications Developer
 Graduate School of Library and Information Science (GSLIS)
 University of Illinois at Urbana-Champaign (UIUC)
 mepst...@illinois.edu mailto:mepst...@illinois.edu
 
 
 On Fri, 19 Dec 2014, Chris Adams wrote:
 
 Sorry, I mistyped. I am using port 8080 for both. The 
 cas-server-webapp-4.0.0/login (out of the box) works and /cas/login does not.
 
 From: Misagh Moayyed [mailto:mmoay...@unicon.net]
 Sent: Friday, December 19, 2014 9:28 AM
 To: cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 Your problem likely is that you are trying to get to a secure port under a 
 nonsecure protocol (8443 vs http)
 
 :)
 
 I don’t know how you would get a login page. That’s odd if you are using the 
 same tomcat.
 
 On Dec 19, 2014, at 10:22 AM, Chris Adams chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.us wrote:
 
 Thank you. Yes, that works flawlessly. However, after copying the cas.war 
 file over to the tomcat/webapps folder, when I browse to 
 http://localhost:8443/cas/login http://localhost:8443/cas/login, I get  a 
 404. If I copy the cas-server-webapp-4.0.0.war to the webapps folder and 
 navigate to it, I get a login page. What did I miss ?
 
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net]
 Sent: Friday, December 19, 2014 8:50 AM
 To: cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 You don’t have to pull in the CAS server source code repository at all. Just 
 clone this overlay repo to your own local computer (where you have JDK and 
 Maven installed) and do a build e.g. ‘mvn clean package’ at the top level 
 directory. It will do the right thing and will build the final cas.war 
 binary which you then deploy to your servlet container of choice. Does that 
 make sense?
 
 D.
 
 On Dec 19, 2014, at 11:45 AM, Chris Adams chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.us wrote:
 
 Thank you. Okay, so then I am assuming that I could utilize the template 
 referred to, create a workspace somewhere on the server and do the build, 
 then move the .war file to tomcat webapps. It seems that part of the problem 
 that I have been having is that I have been doing the build from within the 
 CAS install directory.
 
 Can someone verify this ?
 
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net]
 Sent: Friday, December 19, 2014 8:19 AM
 To: cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 You could try this - 
 https://github.com/UniconLabs/simple-cas4-overlay-template 
 https://github.com/UniconLabs/simple-cas4-overlay-template
 
 Cheers,
 Dmitriy.
 
 On Dec 19, 2014, at 11:15 AM, Chris Adams chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.us wrote:
 
 Thank you for your reply. Where should I be building from ?
 
 From: Scott Battaglia [mailto:scott.battag...@gmail.com 
 mailto:scott.battag...@gmail.com]
 Sent: Friday, December 19, 2014 5:33 AM
 To: cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 You're still building within CAS.  If you were using the pure WAR overlay 
 process, your errors should not be coming from this directory:
 /usr/local/cas-server-4.0.0/cas-server-webapp/target/surefire-reports
 
 
 
 On Thu, Dec 18, 2014 at 6:00 PM, Chris Adams chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us 
 mailto:chris.a.ad...@state.or.us wrote:
 Actually, I am using Maven WAR overlay. I am having a heck of a time 
 building  a basic WAR package. I started on a Unix machine and now am 
 testing on a Win 7.
 
 The latest attempt gives me an error about the license plugin.
 [ERROR] Failed to execute goal 
 com.mycila.maven-license-plugin:maven-license-plu
 gin:1.9.0:check (default) on project cas-server-webapp: Resource 
 c:\SSO\CAS\src\
 licensing\header.txt not found in file system, classpath or URL: unknown 
 protocol
 l: c - [Help 1]
 
 I added a plugin

Re: [cas-user] errors when building project

It's failing to deploy your war. You need to hunt down the exact cause in other 
Tomcat log files. 

D. 

Sent from my iPhone

 On Dec 19, 2014, at 15:34, Chris Adams chris.a.ad...@state.or.us wrote:
 
 Maybe this is helpful. However, I don’t see any previous errors.
  
 19-Dec-2014 11:56:17.261 INFO [localhost-startStop-1] 
 org.apache.catalina.startup.HostConfig.deployWAR Deploying web application 
 archive C:\SSO\tomcat\webapps\cas.war
 19-Dec-2014 11:56:19.483 SEVERE [localhost-startStop-1] 
 org.apache.catalina.core.StandardContext.startInternal Error filterStart
 19-Dec-2014 11:56:19.483 SEVERE [localhost-startStop-1] 
 org.apache.catalina.core.StandardContext.startInternal Context [/cas] startup 
 failed due to previous errors
 19-Dec-2014 11:56:19.491 INFO [localhost-startStop-1] 
 org.apache.catalina.startup.HostConfig.deployWAR Deployment of web 
 application archive C:\SSO\tomcat\webapps\cas.war has finished in 2,230 ms
  
 From: Chris Adams [mailto:chris.a.ad...@state.or.us] 
 Sent: Friday, December 19, 2014 11:39 AM
 To: cas-user@lists.jasig.org
 Subject: RE: [cas-user] errors when building project
  
 Thank you. I moved the cas.properties and log4j.xml from /etc in the template 
 to the /cas install folder. The cas.properties indicates that it should look 
 at ‘http://localhost:8080’, which I am using.  I ran ‘mvn clean package’ from 
 the project folder. I moved the cas.war to /tomcat/webapps and restarted 
 tomcat. I see that it is deploying the cas.war file. However, when I navigate 
 to the page, the logs show:
  
 127.0.0.1 - - [19/Dec/2014:11:18:57 -0800] GET /cas/login HTTP/1.1 404 1012
  
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
 Sent: Friday, December 19, 2014 9:56 AM
 To: cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
  
 Yep, the cas.properties from etc directory of the repo needs to be placed in 
 /etc/cas, as stated here: 
 https://github.com/UniconLabs/simple-cas4-overlay-template#configuration
  
 Cheers,
 D.
  
 On Dec 19, 2014, at 12:53 PM, Milt Epstein mepst...@illinois.edu wrote:
  
 Does your build (and hence your cas.war) include a cas.properties file
 that has some settings that is leading to this behavior?
 
 Milt Epstein
 Applications Developer
 Graduate School of Library and Information Science (GSLIS)
 University of Illinois at Urbana-Champaign (UIUC)
 mepst...@illinois.edu
 
 
 On Fri, 19 Dec 2014, Chris Adams wrote:
 
 
 Sorry, I mistyped. I am using port 8080 for both. The 
 cas-server-webapp-4.0.0/login (out of the box) works and /cas/login does not.
 
 From: Misagh Moayyed [mailto:mmoay...@unicon.net]
 Sent: Friday, December 19, 2014 9:28 AM
 To: cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 Your problem likely is that you are trying to get to a secure port under a 
 nonsecure protocol (8443 vs http)
 
 :)
 
 I don’t know how you would get a login page. That’s odd if you are using the 
 same tomcat.
 
 On Dec 19, 2014, at 10:22 AM, Chris Adams 
 chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 
 Thank you. Yes, that works flawlessly. However, after copying the cas.war 
 file over to the tomcat/webapps folder, when I browse to 
 http://localhost:8443/cas/login, I get  a 404. If I copy the 
 cas-server-webapp-4.0.0.war to the webapps folder and navigate to it, I get a 
 login page. What did I miss ?
 
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 Sent: Friday, December 19, 2014 8:50 AM
 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 You don’t have to pull in the CAS server source code repository at all. Just 
 clone this overlay repo to your own local computer (where you have JDK and 
 Maven installed) and do a build e.g. ‘mvn clean package’ at the top level 
 directory. It will do the right thing and will build the final cas.war binary 
 which you then deploy to your servlet container of choice. Does that make 
 sense?
 
 D.
 
 On Dec 19, 2014, at 11:45 AM, Chris Adams 
 chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 
 Thank you. Okay, so then I am assuming that I could utilize the template 
 referred to, create a workspace somewhere on the server and do the build, 
 then move the .war file to tomcat webapps. It seems that part of the problem 
 that I have been having is that I have been doing the build from within the 
 CAS install directory.
 
 Can someone verify this ?
 
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 Sent: Friday, December 19, 2014 8:19 AM
 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 You could try this - 
 https://github.com/UniconLabs/simple-cas4-overlay-template
 
 Cheers,
 Dmitriy.
 
 On Dec 19, 2014, at 11:15 AM, Chris Adams 
 chris.a.ad...@state.or.usmailto:chris.a.ad...@state.or.us wrote:
 
 Thank you for your reply. Where should I be building from ?
 
 From

Re: [cas-user] errors when building project

/etc/cas is the directory where the files need to be (as configured out of the 
box). 

Move the files cas.properties and log4j.xml from c:\SSO\CAS to c:\etc\cas then 
restart your Tomcat and it should work. 

D. 



Sent from my iPhone

 On Dec 19, 2014, at 16:54, Milt Epstein mepst...@illinois.edu wrote:
 
 Maybe this will help.  I also used the sample Maven overlay to do my
 local customization and build, and it contains the following file:
 
 ...src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml
 
 which has the following line in it:
 
context:property-placeholder location=file:/etc/cas/cas.properties/
 
 I think you need to do some more poking around among the files in the
 overlay to get a better understanding of how things fit together, and
 what you might need to customize to fit your installation.
 
 Milt Epstein
 Applications Developer
 Graduate School of Library and Information Science (GSLIS)
 University of Illinois at Urbana-Champaign (UIUC)
 mepst...@illinois.edu
 
 
 On Fri, 19 Dec 2014, Chris Adams wrote:
 
 Thanks. The log entry was from the catalina.2014-12-19.log. Apparently, 
 Tomcat does not generate a catalina.out log file in Windows. However, the 
 localhost log file show something interesting. Since this is Windows, it 
 looks like the path is assuming Unix. Where do I modify this so that it 
 looks in the right place, which is 'c:\SSO\CAS\cas.properties'   ?
 
 \
 19-Dec-2014 12:58:37.297 SEVERE [localhost-startStop-1] 
 org.apache.catalina.core.StandardContext.filterStart Exception starting 
 filter springSecurityFilterChain
 org.springframework.beans.factory.BeanInitializationException: Could not 
 load properties; nested exception is java.io.FileNotFoundException: 
 \etc\cas\cas.properties (The system cannot find the path specified)
 
 -Original Message-
 From: mepst...@gwork254.lis.illinois.edu 
 [mailto:mepst...@gwork254.lis.illinois.edu] On Behalf Of Milt Epstein
 Sent: Friday, December 19, 2014 1:17 PM
 To: cas-user@lists.jasig.org
 Subject: RE: [cas-user] errors when building project
 
 There must be more log entries, perhaps in other logs, that contain more 
 info about the problem.  That line stating Context [/cas] startup failed 
 indicates there was a problem.  Which log did you pull these lines from?  
 Based on my tomcat logs directory, the ones that might have more useful 
 information are:
 
 catalina.out
 catalina.date.log (e.g., catalina.2014-12-19.log) localhost.date.log 
 (e.g., localhost.2014-12-19.log)
 
 If Error filterStart is all you have, maybe that's a clue -- but I don't 
 know what it means.
 
 Milt Epstein
 Applications Developer
 Graduate School of Library and Information Science (GSLIS) University of 
 Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu
 
 
 On Fri, 19 Dec 2014, Chris Adams wrote:
 
 Maybe this is helpful. However, I don’t see any previous errors.
 
 19-Dec-2014 11:56:17.261 INFO [localhost-startStop-1] 
 org.apache.catalina.startup.HostConfig.deployWAR Deploying web 
 application archive C:\SSO\tomcat\webapps\cas.war
 19-Dec-2014 11:56:19.483 SEVERE [localhost-startStop-1] 
 org.apache.catalina.core.StandardContext.startInternal Error 
 filterStart
 19-Dec-2014 11:56:19.483 SEVERE [localhost-startStop-1] 
 org.apache.catalina.core.StandardContext.startInternal Context [/cas] 
 startup failed due to previous errors
 19-Dec-2014 11:56:19.491 INFO [localhost-startStop-1] 
 org.apache.catalina.startup.HostConfig.deployWAR Deployment of web 
 application archive C:\SSO\tomcat\webapps\cas.war has finished in 
 2,230 ms
 
 From: Chris Adams [mailto:chris.a.ad...@state.or.us]
 Sent: Friday, December 19, 2014 11:39 AM
 To: cas-user@lists.jasig.org
 Subject: RE: [cas-user] errors when building project
 
 Thank you. I moved the cas.properties and log4j.xml from /etc in the 
 template to the /cas install folder. The cas.properties indicates that it 
 should look at ‘http://localhost:8080’, which I am using.  I ran ‘mvn clean 
 package’ from the project folder. I moved the cas.war to /tomcat/webapps 
 and restarted tomcat. I see that it is deploying the cas.war file. However, 
 when I navigate to the page, the logs show:
 
 127.0.0.1 - - [19/Dec/2014:11:18:57 -0800] GET /cas/login HTTP/1.1 
 404 1012
 
 From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net]
 Sent: Friday, December 19, 2014 9:56 AM
 To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org
 Subject: Re: [cas-user] errors when building project
 
 Yep, the cas.properties from etc directory of the repo needs to be 
 placed in /etc/cas, as stated here: 
 https://github.com/UniconLabs/simple-cas4-overlay-template#configurati
 on
 
 Cheers,
 D.
 
 On Dec 19, 2014, at 12:53 PM, Milt Epstein 
 mepst...@illinois.edumailto:mepst...@illinois.edu wrote:
 
 Does your build (and hence your cas.war) include a cas.properties file 
 that has some settings that is leading to this behavior?
 
 Milt Epstein
 Applications Developer
 Graduate School

Re: [cas-user] json services registry for cas

2014-11-21 Thread Dmitriy Kopylenko

Just an FYI - I just released the 1.0.0-GA version and put the documentation 
out there: 
https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/README.md
 
https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/README.md

Have a great weekend.

Dmitriy.

 On Nov 20, 2014, at 7:01 PM, Dmitriy Kopylenko dkopyle...@unicon.net wrote:
 
 Glad that worked for you. It doesn't reload periodically, but on demand when 
 the config file is changed. Look at the beans config that I referenced 
 earlier. The entire config for this machinery is there. 
 
 Cheers,
 D.
 
 Sent from my iPhone
 
 On Nov 20, 2014, at 18:51, Milt Epstein mepst...@illinois.edu 
 mailto:mepst...@illinois.edu wrote:
 
 Thanks, that did the trick -- I was able install and use the
 cas-addon-yaml-service-registry package via a dependency in my pom.xml
 file.  The main problem was that I had used 1.0.0-M1 as the version
 (that was previously on the package's web page, but looks like you
 updated it to 1.0.0-RC1).
 
 And looks like it's automatically set up to reload periodically.  Is
 that controlled by these parameters in cas.properties:
 
 # Service Registry Periodic Reloading Scheduler
 # service.registry.quartz.reloader.startDelay=12
 # Reload services every 2 minutes
 # service.registry.quartz.reloader.repeatInterval=12
 
 (I didn't uncomment these, so it must be using default values.)
 
 And for the core CAS devs, can you address these questions?:
 
 Other questions: I assume the CAS-integrated JSON service registry is
 not available for version 4.0, just 4.1?  And when is 4.1 due for
 release?  Is there a candidate ready to be tried now?  How close to
 being ready to go is it?
 
 This is the question for core CAS devs ;-)
 
 Thanks.
 
 Milt Epstein
 Applications Developer
 Graduate School of Library and Information Science (GSLIS)
 University of Illinois at Urbana-Champaign (UIUC)
 mepst...@illinois.edu mailto:mepst...@illinois.edu
 
 
 On Thu, 20 Nov 2014, Dmitriy Kopylenko wrote:
 
 On Nov 20, 2014, at 1:20 PM, Milt Epstein mepst...@illinois.edu 
 mailto:mepst...@illinois.edu wrote:
 [ ... ]
 But more importantly, it's still not clear how to use/integrate the
 cas-addon-yaml-service-registry package.  Can I put a dependency for
 it in my pom.xml?  I tried something for that, and it didn't work.
 Can I download it and put it into my maven overlay?  I tried
 downloading the master zip, and tried to build that (using gradlew?),
 separately, but it failed.
 
 Here’s an example of how to use it (version 1.0.0-RC1 is available in Maven 
 central since yesterday):
 
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/pom.xml#L62
  
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/pom.xml#L62
  
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/pom.xml#L62
  
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/pom.xml#L62
 
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/src/main/webapp/WEB-INF/spring-configuration/servicesRegistry.xml
  
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/src/main/webapp/WEB-INF/spring-configuration/servicesRegistry.xmlhttps://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/src/main/webapp/WEB-INF/spring-configuration/servicesRegistry.xml
  
 https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/src/main/webapp/WEB-INF/spring-configuration/servicesRegistry.xml
 
 Note that this config element cas-external:yaml-services-registry/ 
 assumes the default location to be: /etc/cas/servicesRegistry.yml Just put 
 the file there and you should be good to go.
 
 
 Other questions: I assume the CAS-integrated JSON service registry is
 not available for version 4.0, just 4.1?  And when is 4.1 due for
 release?  Is there a candidate ready to be tried now?  How close to
 being ready to go is it?
 
 This is the question for core CAS devs ;-)
 
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: mepst...@illinois.edu 
 mailto:mepst...@illinois.edu
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 -- 
 You are currently subscribed to cas-user@lists.jasig.org 
 mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user 
 http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] json services registry for cas

Hi Milt. Sorry for the confusion (I’m responsible for this confusion). I’ll fix
the README. So here’s a summary of things as far as add ons go:

Current monolithic cas-addons library has served us well for the 3.5.1+ line of
CAS (and continues to do so). But it has grown quite a bit since its inception
and became kind of like a “kitchen sink” or a Swiss army knife” if you will,
of the useful addon bits stuffed into a single jar which brings with it some
extra dependencies even if one doesn’t use some parts of the functionality, etc.

So we have thought to create a next generation of “micro addons” as separate
projects with small, cohesive set of functionalities and dependencies, so folks
could choose the appropriate one to use without bringing the ”extra baggage”
with them - and that’s exclusively for 4.0+ line. While Monolithic cas-addons
is alive and still supported for CAS 3.5.1+, we are not investing our time into
the new development of it and shifting our focus to develop and maintain new
micro add ons for CAS4 where it makes sense - as CAS4 is gaining momentum here.

Now, as far as JSON service registry - since CAS 4.1 is bringing its own JSON
service registry into the core, I’ve decided to drop it completely as it would
be a meaningless exercise to have an extra one out there. On the other hand,
one of the most useful properties of the JSON addon registry is the support for
extra metadata Map attached to an extension type namely
“RegisteredServicesWithAttributes which allowed us to build all kinds of
useful extension features with it over the years. And also a lightweight nature
of JSON svc registry implementation and dynamic runtime reloading feature.

Thus for the replacement of it, I have recently implemented a YAML services
registry to exhibit same behaviors as current JSON registry addon, as well as
added benefit of more human readable format that is YAML (IMHO) than JSON,
giving it more of a DSL-like look and feel. The current implementation is very
fresh (few days old), but I’ve done good amount of local testing and it works
like a charm. The plan is for it to be supported on CAS 4.0+ and be a main
alternative to the native CAS4 JSON svc registry (I will change that confusing
README message), as well as add wiki documentation and release 1.0 GA some time
next week. In the mean time, here’s how the services definition file looks like:

https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/src/test/resources/net/unicon/cas/addon/serviceregistry/yaml/servicesRegistry.yml

Hope this helps clearing things up a bit.

Best,
Dmitriy.

On Nov 20, 2014, at 10:18 AM, Milt Epstein mepst...@illinois.edu wrote:

OK, I'm getting a little confused, so I thought I'd ask here for
pointers. I'm trying to get a CAS verson 4.0 setup going, and I was
thinking of using the JSON services registry. We're using it with our
current version (3.4.12), and we're happy with how it's working. I
had to install a little bit of extra java and groovy code, but
otherwise it was quite simple to install and configure, quite easy to
use, and sufficient for our needs.

From things I had seen on the list since I did that installation, I
had gotten the impression that it had gotten even easier to install
and configure, more well integrated with CAS, put into its own
complete package (e.g, part of the Unicon cas-addons packages), and
more functional. So it seemed like a no-brainer to use it again. And
I thought it'd be very easy to find and install. But that doesn't
seem to be the way things are going.

For instance, when I go to this page:

https://github.com/Unicon/cas-addons/

There's a NOTICE that states:

... 1.x series of cas-addons is not supported on CAS 4.x. For CAS
4.x support look for the upcoming series of micro addons libraries
grouped by distinct features in upcoming months.

So I follow the link for the micro addons:

https://github.com/unicon-cas-addons

There's no json services registry package there. But there is one for
yaml, so I have a look at that:

https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry

This one states:

This library replaces cas-addons 1.x JSON ServiceRegistry and serves
as an alternative to the new JSON Service Registry in CAS core version
4.1.

CAS core version 4.1? Does that exist yet? I thought 4.0 was the
latest. And is there a version of the JSON Service Registry that I
can use with 4.0?

Or perhaps I should use this YAML version -- it seems like it provides
similar functionality. But how do I do that? Do I just reference it
in the pom.xml in my maven overlay directory, and add a bit of config
somewhere? What config, where?

Thanks for any assistance with this.

Milt Epstein

Re: [cas-user] json services registry for cas

Linda,

that is correct for the YAML implementation. It still uses the Spring 
Application Events/Listener (just broken into separate cohesive projects) 
mechanism for live reloading and the same mechanism could be used for creating 
custom listeners to react to local config file changes and do what is necessary.

I cannot speak for CAS’ JSON impl as I did not examine it in great details. 
Someone from CAS' dev team might comment on that.

Here are the libraries for event publisher/listener:

https://github.com/unicon-cas-addons/cas-addon-spring-resource-reloading-support
 
https://github.com/unicon-cas-addons/cas-addon-spring-resource-reloading-support

https://github.com/unicon-cas-addons/cas-addon-external-config-services-registry-support
 
https://github.com/unicon-cas-addons/cas-addon-external-config-services-registry-support

Example dependency usage as used by the YAML package:

https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/build.gradle#L36
 
https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/build.gradle#L36

Best,
D.

 On Nov 20, 2014, at 1:17 PM, Linda Toth ltt...@alaska.edu wrote:
 
 Dmitriy,
 
 I am assuming the YAML version as well as the CAS 4.1 JSON implementation do 
 not support clustered environments either, correct?  I would still need to 
 make use of your earlier suggestion in order to get away from using a 
 database with data guard to ensure synchronization.
 
 Linda
 
 Linda Toth
 University of Alaska - Office of Information Technology (OIT) - Identity and 
 Access Management
 910 Yukon Drive, Suite 103
 Fairbanks, Alaska 99775
 Tel: 907-450-8320
 Fax: 907-450-8381
 linda.t...@alaska.edu mailto:linda.t...@alaska.edu | www.alaska.edu/oit/ 
 http://www.alaska.edu/oit/
 
 
 On Thu, Nov 20, 2014 at 6:44 AM, Dmitriy Kopylenko dkopyle...@unicon.net 
 mailto:dkopyle...@unicon.net wrote:
 Hi Milt. Sorry for the confusion (I’m responsible for this confusion). I’ll 
 fix the README. So here’s a summary of things as far as add ons go:
 
 Current monolithic cas-addons library has served us well for the 3.5.1+ line 
 of CAS (and continues to do so). But it has grown quite a bit since its 
 inception and became kind of like a “kitchen sink” or a Swiss army knife” if 
 you will, of the useful addon bits stuffed into a single jar which brings 
 with it some extra dependencies even if one doesn’t use some parts of the 
 functionality, etc.
 
 So we have thought to create a next generation of “micro addons” as separate 
 projects with small, cohesive set of functionalities and dependencies, so 
 folks could choose the appropriate one to use without bringing the ”extra 
 baggage” with them - and that’s exclusively for 4.0+ line. While Monolithic 
 cas-addons is alive and still supported for CAS 3.5.1+, we are not investing 
 our time into the new development of it and shifting our focus to develop and 
 maintain new micro add ons for CAS4 where it makes sense - as CAS4 is gaining 
 momentum here.
 
 Now, as far as JSON service registry - since CAS 4.1 is bringing its own JSON 
 service registry into the core, I’ve decided to drop it completely as it 
 would be a meaningless exercise to have an extra one out there. On the other 
 hand, one of the most useful properties of the JSON addon registry is the 
 support for extra metadata Map attached to an extension type namely 
 “RegisteredServicesWithAttributes which allowed us to build all kinds of 
 useful extension features with it over the years. And also a lightweight 
 nature of JSON svc registry implementation and dynamic runtime reloading 
 feature.
 
 Thus for the replacement of it, I have recently implemented a YAML services 
 registry to exhibit same behaviors as current JSON registry addon, as well as 
 added benefit of more human readable format that is YAML (IMHO) than JSON, 
 giving it more of a DSL-like look and feel. The current implementation is 
 very fresh (few days old), but I’ve done good amount of local testing and it 
 works like a charm. The plan is for it to be supported on CAS 4.0+ and be a 
 main alternative to the native CAS4 JSON svc registry (I will change that 
 confusing README message), as well as add wiki documentation and release 1.0 
 GA some time next week. In the mean time, here’s how the services definition 
 file looks like:
 
 https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/src/test/resources/net/unicon/cas/addon/serviceregistry/yaml/servicesRegistry.yml
  
 https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/src/test/resources/net/unicon/cas/addon/serviceregistry/yaml/servicesRegistry.yml
 
 Hope this helps clearing things up a bit.
 
 Best,
 Dmitriy.
 
 
 
 On Nov 20, 2014, at 10:18 AM, Milt Epstein mepst...@illinois.edu 
 mailto:mepst...@illinois.edu wrote:
 
 OK, I'm getting a little confused, so I thought I'd ask here for
 pointers.  I'm trying to get a CAS verson 4.0 setup going

Re: [cas-user] json services registry for cas

On Nov 20, 2014, at 1:20 PM, Milt Epstein mepst...@illinois.edu wrote:

But it does sound like I'm in a bit of a lurch trying to use CAS 4.0
and the JSON service registry. You mention that Monolithic cas-addons
is still supported for CAS 3.5.1+ -- but, to clarify, I assume that
support ends with 4.0?

Correct. That’d be only supported for 3.x line of CAS

Your pointer to a sample YAML service definition file is helpful --
although I do have a few questions about what some of the
parameters/attributes mean. Is there documentation/a guide for that
somewhere?

There is no documentation yet. I’m hoping to put it out there some time next
week to make it more clearer. Before then, to clear up some confusion, this
implementation uses SnakeYAMl library (a standard, “de-facto” YAML library in
the Java world), as well as YamlTag library to create short, DSL-like tags for
internal objects used to create instances: https://github.com/xrrocha/yamltag
https://github.com/xrrocha/yamltag

So current implementation define the following tags (the ones that start with
‘!’):

!serviceWithAttributes - maps to
net.unicon.cas.addon.registeredservices.DefaultRegisteredServiceWithAttributes

!regexServiceWithAttributes - maps to
net.unicon.cas.addon.registeredservices.RegexRegisteredServiceWithAttributes

!defaultAttributeFilter - maps to
org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter

!regexAttributeFilter -
org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter

As CAS 4.1 introduces more collaborating classes, there will be more of these
DSL tags. Of course all of this will be documented.
Everything else are standard reg svc properties.

But more importantly, it's still not clear how to use/integrate the
cas-addon-yaml-service-registry package. Can I put a dependency for
it in my pom.xml? I tried something for that, and it didn't work.
Can I download it and put it into my maven overlay? I tried
downloading the master zip, and tried to build that (using gradlew?),
separately, but it failed.

Here’s an example of how to use it (version 1.0.0-RC1 is available in Maven
central since yesterday):

https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/pom.xml#L62

https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/src/main/webapp/WEB-INF/spring-configuration/servicesRegistry.xml

Note that this config element cas-external:yaml-services-registry/ assumes
the default location to be: /etc/cas/servicesRegistry.yml Just put the file
there and you should be good to go.

Other questions: I assume the CAS-integrated JSON service registry is
not available for version 4.0, just 4.1? And when is 4.1 due for
release? Is there a candidate ready to be tried now? How close to
being ready to go is it?

This is the question for core CAS devs ;-)

--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Client/Software

It depends on the meaning of “SAML support” ;-)

Cheers,
D.

 On Nov 20, 2014, at 3:07 PM, Alberto Cabello Sánchez albe...@unex.es wrote:
 
 On Thu, 20 Nov 2014 14:51:16 + (UTC)
 JULIE BROWN julieabr...@rogers.com wrote:
 
 They say that CAS does not support SAML until CAS 4
 
 ...but Jérôme says otherwise:
 
 https://groups.google.com/forum/#!msg/jasig-cas-user/7SwINyH0x_M/WmrzIF8eN0EJ
 
 -- 
 Alberto Cabello Sánchez
 albe...@unex.es
 
 -- 
 You are currently subscribed to cas-user@lists.jasig.org as: 
 dkopyle...@unicon.net
 To unsubscribe, change settings or access archives, see 
 http://www.ja-sig.org/wiki/display/JSG/cas-user
 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] json services registry for cas