Re: [cas-user] OutOfMemory on ticket cleanup

2014-12-18 Thread Robert Oschwald 
good point Mav. This is a long discussion around the ticket registry design and 
I think I created a Jira a long time ago gor this. It might be enough to expose 
the ticket timestamp in an own attribute of the registry so a deserialization 
of all tickets in the cleaner wouldn't be needed. Disabling SLO is not an 
option in our case, as you do not know when a logout occurs and users expect to 
be logged out from all services on SLO.

Sent while mobile.

Am 18.12.2014 um 16:12 schrieb Marvin Addison :

>> When I got a heap dump I was shocked to see that there were tickets in there 
>> which took close to 10Mb of memory (deserialized). After investigation this 
>> was pretty much all allocated in the 'services' map that is stored in the 
>> TGT.
> 
> This is a known issue and a great example of why we need to tighten up the 
> storage model in future versions of CAS. We hold on to way more data than is 
> needed to track accessed services (needed for logout). That said, despite 
> improvements and optimizations, it's not unreasonable to expect problems from 
> an SSO session that tracks service sessions for 90 days. We might want to 
> expose a configuration knob to turn off session tracking since the only case 
> for that is SLO, which is meaningless over a span that long. It seems like 
> you pretty much came to a similar conclusion on your own.
> 
> You might reframe your problem as a design suggestion and discuss further on 
> cas-dev.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Invalidating Long term tickets on password change

2014-09-23 Thread Robert Oschwald 
See https://issues.jasig.org/plugins/servlet/mobile#issue/CAS-814

You need to extend CAS to use that feature as far as i know.
We use a different approach. We invalidate all current tickets on tos version 
change. In the CAS login mask, we force users to accept the new tos version to 
allow login. This needs an extension of the casLoginView as well

Sent while mobile.

> Am 24.09.2014 um 07:10 schrieb John DC :
> 
> Can any one please provide thoughts/help on this.
> 
> Thanks
> John Davis C
> 
> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SSO approach without Cookies

2014-09-09 Thread Robert Oschwald 
Not that I’m aware of one.

Am 09.09.2014 um 13:19 schrieb Dheeraj Dubey :

> 
> Many thanks  rob for your help.
> Is there any opensource tool which provides Claim bases SSO for Java web 
> application?
> 
> 
> 
> Dheeraj 
> 
> 
> From: "Jay" 
> To: cas-user@lists.jasig.org
> Sent: Tuesday, September 9, 2014 4:34:28 PM
> Subject: Re: [cas-user] SSO approach without Cookies
> 
> Would there be any problem if some one deletes these cookies or hack it ?
> Any precautions to be taken ?
> 
> 
> On Tue, Sep 9, 2014 at 12:00 PM, Robert Oschwald  
> wrote:
> Authentication itself works without, but that is of no help for you, as 
> JASIG-CAS needs Cookies for SSO. 
> 
> Maybe another approach would fit your needs, like Claims-Based SSO.
> E.g. Windows Identity Foundation. It has it’s drawbacks and conceptual 
> limitations. See 
> http://msdn.microsoft.com/en-us/library/ff359102.aspx
> 
> Rob
> 
> 
> 
> Am 09.09.2014 um 12:36 schrieb Dheeraj Dubey :
> 
> Hi All,
> 
> I am new to CAS and trying to develop web application suite.
> Single sign on is on of my requirement.
> I am trying to deploy CAS 4.0 on my tomcat to achieve SSO.
> As far as I know that CAS uses TGT and it's cookie base method for 
> authentication.
> But as per my requirement system should not store any type of cookies on 
> client machine.
> Kindly help me to identify any method which help me achieve above requirement.
> I would be highly obliged and thankful if anyone help me by replying my mail.
> 
> 
> Thanks and Regards,
> Dheeraj Dubey
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> india@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dheeraj.du...@zensar.in
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SSO approach without Cookies

2014-09-09 Thread Robert Oschwald 
Authentication itself works without, but that is of no help for you, as 
JASIG-CAS needs Cookies for SSO. 

Maybe another approach would fit your needs, like Claims-Based SSO.
E.g. Windows Identity Foundation. It has it’s drawbacks and conceptual 
limitations. See 
http://msdn.microsoft.com/en-us/library/ff359102.aspx

Rob



Am 09.09.2014 um 12:36 schrieb Dheeraj Dubey :

> Hi All,
> 
> I am new to CAS and trying to develop web application suite.
> Single sign on is on of my requirement.
> I am trying to deploy CAS 4.0 on my tomcat to achieve SSO.
> As far as I know that CAS uses TGT and it's cookie base method for 
> authentication.
> But as per my requirement system should not store any type of cookies on 
> client machine.
> Kindly help me to identify any method which help me achieve above requirement.
> I would be highly obliged and thankful if anyone help me by replying my mail.
> 
> 
> Thanks and Regards,
> Dheeraj Dubey
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS-sify tomcat examples

2014-08-07 Thread Robert Oschwald 
See https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide


Am 07.08.2014 um 18:00 schrieb Patrick Pat :

> Hi,
> Problems: (all are in file "PROBLEMS.txt" on this mail)
> 
> Etat HTTP 500 - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable 
> to validate ProxyTicketValidator 
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] 
> [edu.yale.its.tp.cas.client.ServiceTicketValidator 
> casValidateUrl=[[url]https://192.168.0.136:8443/cas/serviceValidate][/url] 
> ticket=[ST-1-tIpTwQXNEPPepVXMU7rL-cas01.example.org] 
> service=[https%3A%2F%2F192.168.0.136%3A8443%2Fexamples%2Fservlets%2Fservlet%2FHelloWorldExample]
>  renew=false]]]
> 
> 
> javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
> No subject alternative names present
> 
> 
> 
> java.security.cert.CertificateException: No subject alternative names present
> 
> 
> Solution ?
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] How to compile source locally

2014-06-02 Thread Robert Oschwald 
Strongly recommending to use a local Maven overlay project.

You can use https://github.com/forsetti/jasig-cas-quickdemo as a starter.

If you need to add logging statements to any cas core classes, simply copy them 
over from the JASIG CAS sources into your local project (to the same package) 
and modify them.


Robert



Am 02.06.2014 um 15:21 schrieb Jérôme LELEU :

> Hi,
> 
> The new guide is definitely here: http://jasig.github.io/cas/4.0.0/index.html.
> Best regards,
> 
> 
> 2014-06-02 15:10 GMT+02:00 Zac Harvey :
> I need to add some log statements to CAS and build it locally to try and 
> debug something.  I tried looking for a CAS developer guide and only found 
> this:
> 
>  
> 
> https://wiki.jasig.org/display/CASUM/Development
> 
>  
> 
> I was hoping to get info on how to build the CAS JARs (all of the core ones) 
> via Maven but didn’t see anything.  So I ask, how do I build cas-server-core, 
> cas-server-webapp, and cas-server-support-ldap locally in Maven?
> 
>  
> 
> Thanks in advance!
> 
>  -- 
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> 
> -- 
> Jérôme LELEU
> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] populating attributes from same source as authentication

2014-04-23 Thread Robert Oschwald 
We released the DirectMappedPersonAttributeDao as well as a sample WS 
Authentication Handler under the Apache License.

See https://github.com/robertoschwald/jasig-cas-examples-robertoschwald


Best,
Robert

Am 10.04.2014 um 16:41 schrieb Stefan Paetow :

> Robert,
> 
> Would you be amenable to releasing that component as open-source? We'd be 
> interested (at Diamond Light Source and Janet) because we also receive a 
> large number of attributes after authentication (via RADIUS and/or SAML). 
> 
> With Regards
> 
> Stefan
> 
> 
> 
> On 8 April 2014 17:21, Robert Oschwald  wrote:
> Finished my own implementation MappedPersonAttributeDao (which extends 
> AbstractQueryPersonAttributeDao).
> This AttributeDao is backed by a ConcurrentHashMap with an public void 
> addAttributes(String netid, Map> attributes) method, 
> which gets called from my WebserviceAuthenticationHandler to update 
> principals attributes in authenticateUsernamePasswordInternal().
> 
> The map entries are short-term cached, as principals entry gets removed on a 
> serviceValidate call from the attributeMap. 
> Therefore I also define the possibleUserAttributeNames Set in the 
> deployerConfigContext bean config (so I can set attributes on a per-service 
> base in the Service Manager application).
> 
> Works pretty well so far in first tests.
> Attributes get serialized in the ticketRegistry TGT store as they should.
> 
> Only thing I figured out is the Principal vs. IPersonAttributes. 
> Principal defines attributes as Map whereas IPersonAttributes 
> are defined as Map>.
> The webserviceClient returns a SimplePrincipal in 
> WebserviceAuthenticationHandler, therefore I transform Map 
> before calling MappedPersonAttributeDao.addAttributes(String netid, 
> Map> attributes) 
> Sounds a bit inconsistent, but I know that I’m one of the few people who fill 
> the attributes in the authentication phase.
> 
> Now I have a solution which is lightweight and cheap in terms of request 
> roundtrips, as the attributes are provided from the same single 
> authentication SOAP request.
> 
> Robert
> 
> 
> Am 07.04.2014 um 22:11 schrieb Daniel Ellentuck :
> 
>> Hi Robert, Misagh, et. al.,
>> 
>> I think it depends on what you mean by "populate attributes directly." 
>> 
>> If your authentication call can store the attributes of interest somewhere 
>> that a personAttributeDao can retrieve them from (a database table, a 
>> distributed cache, etc.), then the dao can make them available to the 
>> attributeRepository. I've done this kind of thing in the past and it's 
>> pretty simple. It's maybe not "populate attributes directly" but it could 
>> save you that second web service call.
>> 
>> Dan
>> 
>> Dan Ellentuck
>> 
>> 
>> 
>> On Mon, Apr 7, 2014 at 3:14 PM, Misagh Moayyed  wrote:
>> I doubt it. You'd have to build one that talks to the WS.
>> 
>> > -Original Message-
>> > From: Robert Oschwald [mailto:robertoschw...@googlemail.com]
>> > Sent: Monday, April 07, 2014 10:38 AM
>> > To: cas-user@lists.jasig.org
>> > Subject: [cas-user] populating attributes from same source as
>> authentication
>> >
>> > I'm wondering if it is possible to populate attributes directly from the
>> > authentication source without performing a 2nd call.
>> > I already receive the additional attributes from a web service as a
>> response
>> > to the authentication call.
>> >
>> > Is there a special attributeRespository available which I can fill
>> during
>> > authentication?
>> >
>> >
>> > Robert
>> >
>> >
>> >
>> >
>> > --
>> > You are currently subscribed to cas-user@lists.jasig.org as:
>> > mmoay...@unicon.net To unsubscribe, change settings or access archives,
>> see
>> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> d...@columbia.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> robertoschw...@googlemail.com
>> 
>> 
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: o...@eons.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] populating attributes from same source as authentication

2014-04-10 Thread Robert Oschwald 
I think I can abstract the code and provide on GitHub. 
The only thing which is not implemented yet is cleanup of the attributeMap.
As I remove users attribute from the map on a serviceValidate call, I need to 
cleanup the map if no serviceValidate call ever happens for this user to avoid 
an OOM.
I need to take a look to the caching personAttributeDao how it is handled 
there, but the SSL HeartBleeding is keeping me very busy currently.

Robert



Am 10.04.2014 um 16:41 schrieb Stefan Paetow :

> Robert,
> 
> Would you be amenable to releasing that component as open-source? We'd be 
> interested (at Diamond Light Source and Janet) because we also receive a 
> large number of attributes after authentication (via RADIUS and/or SAML). 
> 
> With Regards
> 
> Stefan
> 
> 
> 
> On 8 April 2014 17:21, Robert Oschwald  wrote:
> Finished my own implementation MappedPersonAttributeDao (which extends 
> AbstractQueryPersonAttributeDao).
> This AttributeDao is backed by a ConcurrentHashMap with an public void 
> addAttributes(String netid, Map> attributes) method, 
> which gets called from my WebserviceAuthenticationHandler to update 
> principals attributes in authenticateUsernamePasswordInternal().
> 
> The map entries are short-term cached, as principals entry gets removed on a 
> serviceValidate call from the attributeMap. 
> Therefore I also define the possibleUserAttributeNames Set in the 
> deployerConfigContext bean config (so I can set attributes on a per-service 
> base in the Service Manager application).
> 
> Works pretty well so far in first tests.
> Attributes get serialized in the ticketRegistry TGT store as they should.
> 
> Only thing I figured out is the Principal vs. IPersonAttributes. 
> Principal defines attributes as Map whereas IPersonAttributes 
> are defined as Map>.
> The webserviceClient returns a SimplePrincipal in 
> WebserviceAuthenticationHandler, therefore I transform Map 
> before calling MappedPersonAttributeDao.addAttributes(String netid, 
> Map> attributes) 
> Sounds a bit inconsistent, but I know that I’m one of the few people who fill 
> the attributes in the authentication phase.
> 
> Now I have a solution which is lightweight and cheap in terms of request 
> roundtrips, as the attributes are provided from the same single 
> authentication SOAP request.
> 
> Robert
> 
> 
> Am 07.04.2014 um 22:11 schrieb Daniel Ellentuck :
> 
>> Hi Robert, Misagh, et. al.,
>> 
>> I think it depends on what you mean by "populate attributes directly." 
>> 
>> If your authentication call can store the attributes of interest somewhere 
>> that a personAttributeDao can retrieve them from (a database table, a 
>> distributed cache, etc.), then the dao can make them available to the 
>> attributeRepository. I've done this kind of thing in the past and it's 
>> pretty simple. It's maybe not "populate attributes directly" but it could 
>> save you that second web service call.
>> 
>> Dan
>> 
>> Dan Ellentuck
>> 
>> 
>> 
>> On Mon, Apr 7, 2014 at 3:14 PM, Misagh Moayyed  wrote:
>> I doubt it. You'd have to build one that talks to the WS.
>> 
>> > -Original Message-
>> > From: Robert Oschwald [mailto:robertoschw...@googlemail.com]
>> > Sent: Monday, April 07, 2014 10:38 AM
>> > To: cas-user@lists.jasig.org
>> > Subject: [cas-user] populating attributes from same source as
>> authentication
>> >
>> > I'm wondering if it is possible to populate attributes directly from the
>> > authentication source without performing a 2nd call.
>> > I already receive the additional attributes from a web service as a
>> response
>> > to the authentication call.
>> >
>> > Is there a special attributeRespository available which I can fill
>> during
>> > authentication?
>> >
>> >
>> > Robert
>> >
>> >
>> >
>> >
>> > --
>> > You are currently subscribed to cas-user@lists.jasig.org as:
>> > mmoay...@unicon.net To unsubscribe, change settings or access archives,
>> see
>> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> d...@columbia.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> robertoschw...@googlemail.com
>> 
>> 
>> 
>> To unsubscribe, change sett

Re: [cas-user] populating attributes from same source as authentication

2014-04-08 Thread Robert Oschwald 
Finished my own implementation MappedPersonAttributeDao (which extends 
AbstractQueryPersonAttributeDao).
This AttributeDao is backed by a ConcurrentHashMap with an public void 
addAttributes(String netid, Map> attributes) method, which 
gets called from my WebserviceAuthenticationHandler to update principals 
attributes in authenticateUsernamePasswordInternal().

The map entries are short-term cached, as principals entry gets removed on a 
serviceValidate call from the attributeMap. 
Therefore I also define the possibleUserAttributeNames Set in the 
deployerConfigContext bean config (so I can set attributes on a per-service 
base in the Service Manager application).

Works pretty well so far in first tests.
Attributes get serialized in the ticketRegistry TGT store as they should.

Only thing I figured out is the Principal vs. IPersonAttributes. 
Principal defines attributes as Map whereas IPersonAttributes 
are defined as Map>.
The webserviceClient returns a SimplePrincipal in 
WebserviceAuthenticationHandler, therefore I transform Map 
before calling MappedPersonAttributeDao.addAttributes(String netid, Map> attributes) 
Sounds a bit inconsistent, but I know that I’m one of the few people who fill 
the attributes in the authentication phase.

Now I have a solution which is lightweight and cheap in terms of request 
roundtrips, as the attributes are provided from the same single authentication 
SOAP request.

Robert


Am 07.04.2014 um 22:11 schrieb Daniel Ellentuck :

> Hi Robert, Misagh, et. al.,
> 
> I think it depends on what you mean by "populate attributes directly." 
> 
> If your authentication call can store the attributes of interest somewhere 
> that a personAttributeDao can retrieve them from (a database table, a 
> distributed cache, etc.), then the dao can make them available to the 
> attributeRepository. I've done this kind of thing in the past and it's pretty 
> simple. It's maybe not "populate attributes directly" but it could save you 
> that second web service call.
> 
> Dan
> 
> Dan Ellentuck
> 
> 
> 
> On Mon, Apr 7, 2014 at 3:14 PM, Misagh Moayyed  wrote:
> I doubt it. You'd have to build one that talks to the WS.
> 
> > -Original Message-
> > From: Robert Oschwald [mailto:robertoschw...@googlemail.com]
> > Sent: Monday, April 07, 2014 10:38 AM
> > To: cas-user@lists.jasig.org
> > Subject: [cas-user] populating attributes from same source as
> authentication
> >
> > I'm wondering if it is possible to populate attributes directly from the
> > authentication source without performing a 2nd call.
> > I already receive the additional attributes from a web service as a
> response
> > to the authentication call.
> >
> > Is there a special attributeRespository available which I can fill
> during
> > authentication?
> >
> >
> > Robert
> >
> >
> >
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> > mmoay...@unicon.net To unsubscribe, change settings or access archives,
> see
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: d...@columbia.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] populating attributes from same source as authentication

2014-04-07 Thread Robert Oschwald 
I’m wondering if it is possible to populate attributes directly from the 
authentication source without performing a 2nd call.
I already receive the additional attributes from a web service as a response to 
the authentication call.

Is there a special attributeRespository available which I can fill during 
authentication?


Robert




-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] About the CAS upgrade

2014-04-07 Thread Robert Oschwald 
Definitely no "chean" on 
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method
 

and not on 

http://jasig.github.io/cas/current/installation/Maven-Overlay-Installation.html 
as well.

So what link are you referring to, Kelvin?

Robert




Am 07.04.2014 um 16:24 schrieb Scott Battaglia :

> "clean" is the appropriate term, not "chean".  If you can point us to the 
> exact link that says chean instead of clean, we'll be happy to change it 
> (assuming we're the host of the page).
> 
> 
> On Mon, Apr 7, 2014 at 10:10 AM, Kelvin Young  wrote:
> Hi ,
>  
> the phase is copy from the link , so I sure it is correct command.
>  
> 
> 
>  
> 2014-04-07 18:17 GMT+08:00 Jérôme LELEU :
> 
> Hi,
> 
> Unknown lifecycle phase "chean": did you type chean instead of clean?
> Best,
> Jérôme
> 
> 
> 
> 2014-04-07 12:08 GMT+02:00 Kelvin Young :
>  
>  
> Hi ,
>  
> I have followed the link to setup it , but got the following error , would 
> advise what is wrong ? thanks
> 
> error message
> 
> Some problems were encountered while building the effective model for 
> adde.com:local-cas:war:1.0-SNAPSHOT
> [WARNING] 'build.plugins.plugin.version' for 
> org.apache.maven.plugins:maven-war-plugin is missing. @ line 13, column 12
> [WARNING] 
> [WARNING] It is highly recommended to fix these problems because they 
> threaten the stability of your build.
> [WARNING] 
> [WARNING] For this reason, future Maven versions might no longer support 
> building such malformed projects.
> [WARNING] 
> [INFO] 
> [INFO] Using the builder 
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder
>  with a thread count of 1
> [INFO]
>  
> [INFO] 
> 
> [INFO] Building local-cas 1.0-SNAPSHOT
> [INFO] 
> 
> [INFO] 
> 
> [INFO] BUILD FAILURE
> [INFO] 
> 
> [INFO] Total time: 0.292 s
> [INFO] Finished at: 2014-04-07T18:05:01+08:00
> [INFO] Final Memory: 7M/85M
> [INFO] 
> 
> [ERROR] Unknown lifecycle phase "chean". You must specify a valid lifecycle 
> phase or a goal in the format : or 
> :[:]:. Available 
> lifecycle phases are: validate, initialize, generate-sources, 
> process-sources, generate-resources, process-resources, compile, 
> process-classes, generate-test-sources, process-test-sources, 
> generate-test-resources, process-test-resources, test-compile, 
> process-test-classes, test, prepare-package, package, pre-integration-test, 
> integration-test, post-integration-test, verify, install, deploy, pre-clean, 
> clean, post-clean, pre-site, site, post-site, site-deploy. -> [Help 1]
> [ERROR] 
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
> switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR] 
> [ERROR] For more information about the errors and possible solutions, please 
> read the following articles:
> [ERROR] [Help 1] 
> http://cwiki.apache.org/confluence/display/MAVEN/LifecyclePhaseNotFoundException
> 
> $vi pom.xml
> 
> 
> 
> http://maven.apache.org/POM/4.0.0";
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
> http://maven.apache.org/xsd/maven-4.0.0.xsd ">
> 4.0.0
> adde.com
> local-cas
> war
> 1.0-SNAPSHOT
> 
> 
> 
>  maven-war-plugin
>  
>  cas
>  
> 
> 
> 
> 
> 
> org.jasig.cas
> cas-server-webapp
> ${cas.version}
> war
> runtime
> 
> 
> 
> 3.5.2
> 
> 
>  
>   ja-sig
>   http://oss.sonatype.org/content/repositories/releases/ 
> 
>  
> 
> 
> Let's walk through this step by step:
> 
> http://maven.apache.org/POM/4.0.0";
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>  xsi:schemaLocation="http://maven.apa

Re: [cas-user] About the CAS upgrade

2014-03-26 Thread Robert Oschwald 
See especially https://wiki.jasig.org/display/CASUM/Active+Directory and the 
linked LDAP wiki documents.

Robert


Am 26.03.2014 um 09:59 schrieb Kelvin Young :

> Hi ,
>  
> I will install it .
>  
> I want to setup CAS 3.x , and use active directory as a authentication server 
> , would advise the procedure for it ?
>  
>  
> 
> 
> 2014-03-26 16:51 GMT+08:00 Robert Oschwald :
> its not a must, but highly recommended if you want to modify views, extend 
> functionality or test locally.
> 
> Sent while mobile.
> 
> Am 26.03.2014 um 09:20 schrieb Kelvin Young :
> 
>> Hi ,
>>  
>> I can see the link in firefox , could advise maven is must to be install if 
>> use CAS 3.x ? thanks
>> 
>> 
>> 2014-03-26 16:16 GMT+08:00 Kelvin Young :
>> Hi ,
>>  
>> I see nothing in the link , would you please check .
>>  
>>  
>> 
>> 
>> 2014-03-26 16:05 GMT+08:00 Robert Oschwald :
>> 
>> https://wiki.jasig.org/plugins/servlet/mobile#content/view/27525810
>> 
>> use this
>> 
>> Sent while mobile.
>> 
>> Am 26.03.2014 um 08:28 schrieb Kelvin Young :
>> 
>>> Hi Stephan ,
>>>  
>>> thanks for your reply ,
>>>  
>>> I never use maven , do you mean I must use in CAS server ?   except it ,  
>>> what configuration file that I should change in CAS 3 server ?
>>>  
>>> Regards,
>>> Kelvin
>>> 
>>> 
>>> 2014-03-26 15:19 GMT+08:00 Stephan Arts :
>>> Hi Amy,
>>> 
>>> web.xml is the configuration-file for the application-server. pim.xml is 
>>> for maven, it is used to build cas. (mvn package)
>>> 
>>> The files are unrelated and do entirely different things.
>>> 
>>> Read about the cas mvn overlay build method and maven itself. Then create a 
>>> working-directory with your own pom.xml and build cas to your needs, with 
>>> all the plugins required.
>>> 
>>> Kind regards,
>>> 
>>> Stephan
>>> 
>>> 
>>> On 03/26/14 06:56 AM, amy  wrote:
>>>> I am new to use CAS .
>>>> I am doing the project of upgrade CAS 2.x to CAS 3 latest version , I just 
>>>> find these two version are very different , for example , I just found the 
>>>> file web.xml in CAS2 , the corresponding file in CAS3 is called pom.xml , 
>>>> am I right ?
>>>> I know there are many different in this two version , could advise which 
>>>> configuration file has changed the file name ? if I upgrade from CAS2 to 
>>>> CAS3 , what I should do ? could you provide advice ?  very thanks 
>>>> -- 
>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>> sa...@rssd.esa.int
>>>> 
>>>> To unsubscribe, change settings or access archives, see 
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> hksi...@gmail.com
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> robertoschw...@googlemail.com
>>> 
>>> 
>>> 
>>> 
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> hksi...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> robertoschw...@googlemail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: hksi...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] About the CAS upgrade

2014-03-26 Thread Robert Oschwald 
Have you read the cas user manual wiki? Ldap auth is described there.

Sent while mobile.

> Am 26.03.2014 um 09:59 schrieb Kelvin Young :
> 
> Hi ,
>  
> I will install it .
>  
> I want to setup CAS 3.x , and use active directory as a authentication server 
> , would advise the procedure for it ?
>  
>  
> 
> 
> 2014-03-26 16:51 GMT+08:00 Robert Oschwald :
>> its not a must, but highly recommended if you want to modify views, extend 
>> functionality or test locally.
>> 
>> Sent while mobile.
>> 
>>> Am 26.03.2014 um 09:20 schrieb Kelvin Young :
>>> 
>> 
>>> Hi ,
>>>  
>>> I can see the link in firefox , could advise maven is must to be install if 
>>> use CAS 3.x ? thanks 
>>> 
>>> 
>>> 2014-03-26 16:16 GMT+08:00 Kelvin Young :
>>>> Hi ,
>>>>  
>>>> I see nothing in the link , would you please check .
>>>>  
>>>>  
>>>> 
>>>> 
>>>> 2014-03-26 16:05 GMT+08:00 Robert Oschwald :
>>>> 
>>>>> https://wiki.jasig.org/plugins/servlet/mobile#content/view/27525810
>>>>> 
>>>>> use this
>>>>> 
>>>>> Sent while mobile.
>>>>> 
>>>>>> Am 26.03.2014 um 08:28 schrieb Kelvin Young :
>>>>>> 
>>>>>> Hi Stephan ,
>>>>>>  
>>>>>> thanks for your reply ,
>>>>>>  
>>>>>> I never use maven , do you mean I must use in CAS server ?   except it , 
>>>>>>  what configuration file that I should change in CAS 3 server ?
>>>>>>  
>>>>>> Regards,
>>>>>> Kelvin
>>>>>> 
>>>>>> 
>>>>>> 2014-03-26 15:19 GMT+08:00 Stephan Arts :
>>>>>>> Hi Amy,
>>>>>>> 
>>>>>>> web.xml is the configuration-file for the application-server. pim.xml 
>>>>>>> is for maven, it is used to build cas. (mvn package)
>>>>>>> 
>>>>>>> The files are unrelated and do entirely different things.
>>>>>>> 
>>>>>>> Read about the cas mvn overlay build method and maven itself. Then 
>>>>>>> create a working-directory with your own pom.xml and build cas to your 
>>>>>>> needs, with all the plugins required.
>>>>>>> 
>>>>>>> Kind regards,
>>>>>>> 
>>>>>>> Stephan
>>>>>>> 
>>>>>>> 
>>>>>>>> On 03/26/14 06:56 AM, amy  wrote:
>>>>>>>> I am new to use CAS .
>>>>>>>> I am doing the project of upgrade CAS 2.x to CAS 3 latest version , I 
>>>>>>>> just find these two version are very different , for example , I just 
>>>>>>>> found the file web.xml in CAS2 , the corresponding file in CAS3 is 
>>>>>>>> called pom.xml , am I right ?
>>>>>>>> I know there are many different in this two version , could advise 
>>>>>>>> which configuration file has changed the file name ? if I upgrade from 
>>>>>>>> CAS2 to CAS3 , what I should do ? could you provide advice ?  very 
>>>>>>>> thanks 
>>>>>>>> -- 
>>>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>>>>> sa...@rssd.esa.int
>>>>>>>> 
>>>>>>>> To unsubscribe, change settings or access archives, see 
>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>> -- 
>>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>>>> hksi...@gmail.com
>>>>>>> To unsubscribe, change settings or access archives, see 
>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>> 
>>>>>> -- 
>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>>> robertoschw...@googlemail.com
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> To unsubscribe, change settings or access archives, see 
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>> -- 
>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>> hksi...@gmail.com
>>>>> To unsubscribe, change settings or access archives, see 
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> robertoschw...@googlemail.com
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> hksi...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] About the CAS upgrade

2014-03-26 Thread Robert Oschwald 
its not a must, but highly recommended if you want to modify views, extend 
functionality or test locally.

Sent while mobile.

> Am 26.03.2014 um 09:20 schrieb Kelvin Young :
> 
> Hi ,
>  
> I can see the link in firefox , could advise maven is must to be install if 
> use CAS 3.x ? thanks
> 
> 
> 2014-03-26 16:16 GMT+08:00 Kelvin Young :
>> Hi ,
>>  
>> I see nothing in the link , would you please check .
>>  
>>  
>> 
>> 
>> 2014-03-26 16:05 GMT+08:00 Robert Oschwald :
>> 
>>> https://wiki.jasig.org/plugins/servlet/mobile#content/view/27525810
>>> 
>>> use this
>>> 
>>> Sent while mobile.
>>> 
>>>> Am 26.03.2014 um 08:28 schrieb Kelvin Young :
>>>> 
>>>> Hi Stephan ,
>>>>  
>>>> thanks for your reply ,
>>>>  
>>>> I never use maven , do you mean I must use in CAS server ?   except it ,  
>>>> what configuration file that I should change in CAS 3 server ?
>>>>  
>>>> Regards,
>>>> Kelvin
>>>> 
>>>> 
>>>> 2014-03-26 15:19 GMT+08:00 Stephan Arts :
>>>>> Hi Amy,
>>>>> 
>>>>> web.xml is the configuration-file for the application-server. pim.xml is 
>>>>> for maven, it is used to build cas. (mvn package)
>>>>> 
>>>>> The files are unrelated and do entirely different things.
>>>>> 
>>>>> Read about the cas mvn overlay build method and maven itself. Then create 
>>>>> a working-directory with your own pom.xml and build cas to your needs, 
>>>>> with all the plugins required.
>>>>> 
>>>>> Kind regards,
>>>>> 
>>>>> Stephan
>>>>> 
>>>>> 
>>>>>> On 03/26/14 06:56 AM, amy   wrote:
>>>>>> I am new to use CAS .
>>>>>> I am doing the project of upgrade CAS 2.x to CAS 3 latest version , I 
>>>>>> just find these two version are very different , for example , I just 
>>>>>> found the file web.xml in CAS2 , the corresponding file in CAS3 is 
>>>>>> called pom.xml , am I right ?
>>>>>> I know there are many different in this two version , could advise which 
>>>>>> configuration file has changed the file name ? if I upgrade from CAS2 to 
>>>>>> CAS3 , what I should do ? could you provide advice ?  very thanks 
>>>>>> -- 
>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>>> sa...@rssd.esa.int
>>>>>> 
>>>>>> To unsubscribe, change settings or access archives, see 
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>> -- 
>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>> hksi...@gmail.com
>>>>> To unsubscribe, change settings or access archives, see 
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>> 
>>>> -- 
>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>> robertoschw...@googlemail.com
>>>> 
>>>> 
>>>> 
>>>> To unsubscribe, change settings or access archives, see 
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> hksi...@gmail.com
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] About the CAS upgrade

2014-03-26 Thread Robert Oschwald 
https://wiki.jasig.org/plugins/servlet/mobile#content/view/27525810

use this

Sent while mobile.

> Am 26.03.2014 um 08:28 schrieb Kelvin Young :
> 
> Hi Stephan ,
>  
> thanks for your reply ,
>  
> I never use maven , do you mean I must use in CAS server ?   except it ,  
> what configuration file that I should change in CAS 3 server ?
>  
> Regards,
> Kelvin
> 
> 
> 2014-03-26 15:19 GMT+08:00 Stephan Arts :
>> Hi Amy,
>> 
>> web.xml is the configuration-file for the application-server. pim.xml is for 
>> maven, it is used to build cas. (mvn package)
>> 
>> The files are unrelated and do entirely different things.
>> 
>> Read about the cas mvn overlay build method and maven itself. Then create a 
>> working-directory with your own pom.xml and build cas to your needs, with 
>> all the plugins required.
>> 
>> Kind regards,
>> 
>> Stephan
>> 
>> 
>>> On 03/26/14 06:56 AM, amy  wrote:
>>> I am new to use CAS .
>>> I am doing the project of upgrade CAS 2.x to CAS 3 latest version , I just 
>>> find these two version are very different , for example , I just found the 
>>> file web.xml in CAS2 , the corresponding file in CAS3 is called pom.xml , 
>>> am I right ?
>>> I know there are many different in this two version , could advise which 
>>> configuration file has changed the file name ? if I upgrade from CAS2 to 
>>> CAS3 , what I should do ? could you provide advice ?  very thanks 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> sa...@rssd.esa.int
>>> 
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> hksi...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS protocol for logout

2014-03-11 Thread Robert Oschwald 
it was an extension added in cas 3.x servers and will be covered in the new 
spec.

Sent while mobile.

> Am 11.03.2014 um 21:59 schrieb "McClenon, Brady" :
> 
> It seems to work pre-CAS protocol 3.0
> 
> 
> http://jasig.275507.n4.nabble.com/Redirect-after-logout-td254421.html
> 
> 
> 
> -----Original Message-
> From: Robert Oschwald [mailto:robertoschw...@googlemail.com] 
> Sent: Tuesday, March 11, 2014 4:26 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] CAS protocol for logout
> 
> thats a CAS protocol 3.0 feature which is described here (spec is not final 
> released yet)
> 
> https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md
> 
> Sent while mobile.
> 
>> Am 11.03.2014 um 20:55 schrieb Tom Poage :
>> 
>> Hello,
>> 
>> The CAS protocol for logout says it takes an optional parameter 'url' 
>> as a +/- logout landing page.
>> 
>> I just noticed on one of our sites the use of
>> 
>>  .../logout?service=...
>> 
>> I was about to notify the site owners that this violated protocol 
>> (implying it wouldn't do what they thought it did), when I tried it 
>> myself, was logged out, and then redirected to the URL listed in the 
>> 'service' parameter.
>> 
>> Undocumented feature? Is the protocol page out of date? Something else?
>> 
>> Cf. http://www.jasig.org/cas/protocol
>> 
>> Thanks.
>> Tom.
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> robertoschw...@googlemail.com To unsubscribe, change settings or 
>> access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> brady.mccle...@oneonta.edu To unsubscribe, change settings or access 
> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS protocol for logout

2014-03-11 Thread Robert Oschwald 
thats a CAS protocol 3.0 feature which is described here (spec is not final 
released yet)

https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md

Sent while mobile.

> Am 11.03.2014 um 20:55 schrieb Tom Poage :
> 
> Hello,
> 
> The CAS protocol for logout says it takes an optional parameter 'url' as
> a +/- logout landing page.
> 
> I just noticed on one of our sites the use of
> 
>   .../logout?service=...
> 
> I was about to notify the site owners that this violated protocol
> (implying it wouldn't do what they thought it did), when I tried it
> myself, was logged out, and then redirected to the URL listed in the
> 'service' parameter.
> 
> Undocumented feature? Is the protocol page out of date? Something else?
> 
> Cf. http://www.jasig.org/cas/protocol
> 
> Thanks.
> Tom.
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Call for translators

2014-02-19 Thread Robert Oschwald 
I will handle german tonight.

Robert

Am 19.02.2014 um 17:38 schrieb Jérôme LELEU :

> Hi,
> 
> We have made many changes in the source code for the future CAS server 4.0, 
> impacting language properties as well.
> The english one is the reference, but others should be updated accordingly.
> 
> I've done the work for the French language property: 
> https://github.com/Jasig/cas/pull/400.
> 
> It would be great if other people could provide the appropriate translations 
> for their native languages.
> 
> If you are not comfortable with pull request and github, please just attach 
> your translations to the JIRA: https://issues.jasig.org/browse/CAS-1428.
> 
> Thanks.
> Best regards,
> Jérôme
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Web Services

2013-11-29 Thread Robert Oschwald 
Thats what we do for several clients using soap accesses to an authentication 
application. we use jaxb marshalled objects with the Spring-WS client.

> Am 29.11.2013 um 17:50 schrieb Joshua Brodie :
> 
> Hi List:
> 
> Can CAS be leverages to authorize calls to APIs on a web services module?
> 
> Thanks,
> 
> Josh
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] different css/logo per language

2013-10-16 Thread Robert Oschwald 
Maybe like this (untested) in casLoginView.jsp:

<%
String cssFileName = "mylogin.css"; // default
Locale locale = request.getLocale();
if (locale != null && StringUtils.isNotBlank(locale.getLanguage())){
String languageCssFileName = "mylogin_" + locale.getLanguage() + ".css";
   // Maybe test here if languageCssFile exists...
   cssFileName = languageCssFileName;
}
%>



I do a similliar test for LTR/RTL css file selections dependent on the locale.

Robert




Am 16.10.2013 um 16:47 schrieb Misagh Moayyed :

> The default bundle is the "messages.properties" file, which focuses on 
> English locale. 
> 
> ...and I am not so sure about having different css files per language, at 
> least not OOTB. That would require some additional JSP tweaks perhaps to 
> detect the locale and pull in the right css file.
> 
> -Misagh
> From: "Kapetanakis Giannis" 
> To: cas-user@lists.jasig.org
> Sent: Tuesday, October 15, 2013 5:33:01 PM
> Subject: Re: [cas-user] different css/logo per language
> 
> Thanks for the reply.
> 
> About the default language:
> messageSource contains the default basename for the messages files.
> How can I choose default language from there?
> 
> I've tried setting  in pom.xml but it didn't work.
> 
> About the different css per language. The example is not that helpful since 
> it is related to different
> theme per service.
> 
> G
> 
> On 14/10/13 16:41, Jérôme LELEU wrote:
> Hi,
> 
> This documentation will help : 
> https://wiki.jasig.org/display/CASUM/Theme+Control.
> You can certainly change the messageSource bean to use other default language 
> : 
> https://github.com/Jasig/cas/blob/3.5.x/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/applicationContext.xml#L48.
> Best regards,
> Jérôme
> 
> 
> 
> 2013/10/14 Kapetanakis Giannis 
> Hi,
> 
> Can someone point how to use different css file per language?
> I'd like to have different company logo per language choosen.
> 
> Also how can I change the default language to something else except English?
> 
> Thanks
> 
> Giannis
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to 
> cas-user@lists.jasig.org as: bil...@edu.physics.uoc.gr
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Permgen Error on Tomcat

2013-07-25 Thread Robert Oschwald 
javassist, cglib  and Hibernate could be such a candidates. 
It does not help to have it in WEB-INF/lib.

See  
http://my.opera.com/karmazilla/blog/2007/03/15/permgen-strikes-back
http://stackoverflow.com/questions/2051734/why-is-permgen-space-growing
http://stackoverflow.com/questions/1124131/what-can-be-done-with-permgen-out-of-space-exception-in-tomcat-spring-hibernat


Am 25.07.2013 um 17:27 schrieb Trenton D. Adams :
> 
> 
> If everything you use is in WEB-INF/lib, this can't happen because all the 
> classes would get unloaded, static or otherwise.  But, when they are shared, 
> such as in tomcat/lib, it can become a problem.
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Permgen Error on Tomcat

2013-07-25 Thread Robert Oschwald 
>  It's easier to simply deploy CAS in a Tomcat instance by itself and restart 
> the container as part of redeployment. I believe most CAS deployers do this; 
> we certainly do.


+1 same here.


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Permgen Error on Tomcat

2013-07-24 Thread Robert Oschwald 
Saw that on almost every Spring/Hibernate based Application.

Am 24.07.2013 um 21:34 schrieb Jonathan Rosenberg :

> I am trying to run CAS on Tomcat 7.0.22.  I have two instances on two
> servers.  Both Linux boxes.
> 
> One one of the boxes I see the following behavior when deploying:
> 
> 1) First deploy of CAS is fine.
> 2) Subsequent deploys fail due to running out of PermGen space.  I
> have tried increasing the Max permgen size to a very large size, but
> the problem still happens.
> 3) I have to start Tomcat to fix this issue.
> 
> On the the server, I see no problems.
> 
> Has anyone else seen such behavior?
> 
> --
> Jonathan Rosenberg
> Founder & Executive Director
> Tabby's Place, a Cat Sanctuary
> http://www.tabbysplace.org/
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] spammed by same email

2013-07-23 Thread Robert Oschwald 
Thanks!

Am 23.07.2013 um 18:49 schrieb Jérôme LELEU :

> Hi,
> 
> I just deleted the spammer. Sorry for this drastic solution... but it should 
> be ok now...
> Best,
> Jérôme
> 
> 
> 
> 2013/7/23 Scott Battaglia 
> Both Marvin and I have submitted requests (see our emails) to have it 
> stopped.  We're waiting on that.
> 
> 
> 
> 
> 
> On Tue, Jul 23, 2013 at 11:15 AM, Robert Oschwald 
>  wrote:
> I currently get spammed by tons of emails with subject "AUTO: Zbynek =
> Vavros is prepared for DELETION (FREEZE)" from the cas-user list.
> 
> Can someone please stop this?
> 
> 
> Thanks,
> Robert
> 
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
>  -- 
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] spammed by same email

2013-07-23 Thread Robert Oschwald 
I currently get spammed by tons of emails with subject "AUTO: Zbynek =
Vavros is prepared for DELETION (FREEZE)" from the cas-user list.

Can someone please stop this?


Thanks, 
Robert


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Service specific login message

2013-06-05 Thread Robert Oschwald 
Another possible way is to use CAS themes. 
See https://wiki.jasig.org/display/CASUM/Theme+Control

In your JSP, you can then use it like this:


….


  
   
 
  
   
 
  

  


Am 05.06.2013 um 16:05 schrieb James Sumners :

> Here's a snippet from my casLoginView.jsp that does something similar to what 
> you want:
> 
> 
>  
><%final String serviceUrl = request.getParameter("service");%>
>
> 
>code="screen.welcome.security"/>
> 
>
>  
>#targetUrl {
>  font-weight: bold;
>}
>  
>  
>After logging in you will be re-directed to  id="targetUrl">${serviceUrl}
>  
>
>  
> 
> 
> 
> On Jun 4, 2013, at 7:51 PM, Ananda  wrote:
> 
>> 
>> Hi, I am running CAS 3.5.0.  I would like to display a modified version of 
>> the login template if a certain app/url is requesting the login.
>> 
>> The way I was thinking to do it is to learn some jsp, modify 
>> src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginView.jsp
>> so if ${loginUrl} = "login?service=#url.iwant.edu#", then display specific 
>> message.. "hey I see you are trying to login to [uPortal, moodle,etc].."
>> 
>> Is this a valid way to do it? Is there a better way?
>> 
>> Sorry if this has been answered already, I skimmed the new archive and the 
>> old archive seems to not be working.
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> jamessumn...@mail.clayton.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Ticket Cleaner Job Failing with ORA-01555 and QueryTimeoutException

2013-05-01 Thread Robert Oschwald 
No remember-me used, right?

Von meinem iPhone gesendet

Am 01.05.2013 um 00:12 schrieb "Lazar, Michael E" :

> Following the wiki and from my own personal experience I would highly highly 
> recommend against using oracle as a jpa ticket registry, especially if you 
> intend to put any sort of volume into your system.
> I haven't tried with mysql, just jumped straight into ehcache. The biggest 
> issue we found with oracle as a backend is that when users log out, a select 
> for update/delete statement is run. Too many of these cause deadlocks, and 
> may also be helping contribute to your snapshot error.. The snapshot error 
> itself could be related to either a sort or the deletes themselves. We 
> typically see that on the peoplesoft side of things when stats need to be run.
> 
> Just hoping to save you some frustration, We are now in production (starting 
> our second week) with ehcache running under Jetty, load testing showed 
> logouts at 100,000 successful transactions per hour over an 8 hour window 
> (two nodes) went very smoothly. Using JPA we couldn't get over 1 per hour.
> 
> Hope this helps,
> -Michael.
> 
> 
> 
> -Original Message-
> From: Tim Lenz [mailto:t...@cornell.edu] 
> Sent: Tuesday, April 30, 2013 11:23 AM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] Ticket Cleaner Job Failing with ORA-01555 and 
> QueryTimeoutException
> 
> I'm running CAS 3.5.1 against an Oracle10 database. There are about 34,000 
> tickets in the ticketgrantingticket table. When the JPA ticket cleaner runs, 
> after about 90 seconds I see the following in the logs
> 
> 13:03:32.687 [scheduler_Worker-3] ERROR o.h.util.JDBCExceptionReporter - 
> ORA-01555: snapshot too old: rollback segment number  with name "" too 
> small...caused by javax.persistence.QueryTimeoutException. Invocation of 
> method 'clean' on target class [class 
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] failed; 
> nested exception is javax.persistence.QueryTimeoutException: could not 
> execute query
> 
> About a month ago I resolved these same errors by removing an abandoned 
> connection timeout (which was set to 60s) on the datasource, which allowed 
> the cleaner to complete in slightly over a minute. 
> 
> However, I've no idea where this 90s timeout might be configured, assuming 
> that's even the source of the problem. I've also had to increase the 
> available heap space on the server because all these tickets are being loaded 
> into memory. Nevertheless, CAS still seems to be going down every day or so 
> because this cleanup job is failing. Does anyone have any ideas on what to 
> do? 
> 
> Thanks much,
> Tim
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> michael.la...@csun.edu To unsubscribe, change settings or access archives, 
> see http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas Server authentication to external Web-Services.

2013-04-16 Thread Robert Oschwald 
Remove the line. Thats just setting the Log4J NDC by an internal utility.

Am 16.04.2013 um 09:53 schrieb Carlos Lorenzo :

> Thank's Rober for your detailed "how to".
> I have doubts with this line:
> 
> LogUtils.setNdcLogIdentifier(credentials); 
> 
> 
> Where you get this method??.
> 
> 
> Thank's for all.
> 
> 
> 
> 2013/4/11 Robert Oschwald 
> Here are the rough steps how I created a WsAuthenticationHandler for CAS 
> 3.4.xx using SpringWS 1.5.4 and JaxB marshalling.
> Use the recommended Maven Overlay project setup as stated in the CAS CASUM 
> Wiki manual.
> 
> 
> 1. Implement a WsAuthenticationHandler which extends 
> AbstractUsernamePasswordAuthenticationHandler and uses an injected 
> WebserviceClient for authentication:
> public class WebserviceAuthenticationHandler extends 
> AbstractWebserviceAuthenticationHandler implements InitializingBean {
>   protected final boolean authenticateUsernamePasswordInternal(
>   UsernamePasswordCredentials credentials) throws 
> AuthenticationException {
>   return this._webserviceClient.doAuthentication(credentials);
>   }
>   public final void setWebserviceClient(final WebserviceClient 
> webserviceClient) { 
>this._webserviceClient = webserviceClient; 
>}
> }
> 
> 2. Create WebserviceClient interface:
> public interface WebserviceClient  {
>   public boolean doAuthentication(final UsernamePasswordCredentials 
> credentials) throws AuthenticationException;
> }
> 
> 3. Create a webserviceClient impl
> e.g.:
> public class YourWsClient  implements WebserviceClient {
>   public boolean doAuthentication(UsernamePasswordCredentials 
> credentials) throws AuthenticationException { 
>LogUtils.setNdcLogIdentifier(credentials); 
>MyRequest request = ObjectFactory.createMyRequest();
>   request.setUsername(credentials.getUsername);
>   request.setPassword(credentials.getPassword);
>   try {
>   response = (AuthenticateUserResponse) 
> getWebServiceTemplate().marshalSendAndReceive(request);
>   return (response.isLoggedIn()); // just an example.
>   } catch (Exception e){
>   throw 
> AuthenticationException("error.authentication.credentials.bad");
>   }
>}
> }
> 
> 4. Define the wsClient bean with its marshaller and unmarshaller (I use a 
> separate wsConfigContext.xml file for this)
> 
> http://www.springframework.org/schema/beans";
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>   xsi:schemaLocation="http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
>   
> 
> 
>  value="https:///"/>
>   
>   
>   
>  value=""/>
>   
> 
> 
> 
> 5. Wire in the WebserviceAuthenticationHandler into deployerConfigContext.xml 
> authenticationManager:
> ...
>class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>   
>   
>   
>class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>   p:httpClient-ref="httpClient" />
> 
>   
>class="xxx.handler.WebserviceAuthenticationHandler">
>  ref="yourWsClient"/>
>   
>   
>   
> 
> …
> 
> 6. add the wsConfigContext.xml to web.xml:
>   
>   contextConfigLocation
>   
>   /WEB-INF/spring-configuration/*.xml
>   /WEB-INF/deployerConfigContext.xml
>   /WEB-INF/wsConfigContext.xml
>   
>   
> 
> 
> You can add the jaxb2 maven plugin to the pom.xml to generate the schema 
> classes automatically.
> See http://mojo.codehaus.org/jaxb2-maven-plugin/usage.html
> 
> 
> Robert
> 
> Am 11.04.2013 um 10:37 schrieb Carlos Lorenzo :
> 
>> Thank you for your quick response, Robert.
>> Could you elaborate a little more your solution??.
>> As I said in the previous mail I am fairly new with JASIG Cas Server.
>> 
>> 
>> Thanks.
>> 
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> robertoschw...@googlem

Re: [cas-user] Cas Server authentication to external Web-Services.

2013-04-11 Thread Robert Oschwald 
Here are the rough steps how I created a WsAuthenticationHandler for CAS 3.4.xx 
using SpringWS 1.5.4 and JaxB marshalling.
Use the recommended Maven Overlay project setup as stated in the CAS CASUM Wiki 
manual.


1. Implement a WsAuthenticationHandler which extends 
AbstractUsernamePasswordAuthenticationHandler and uses an injected 
WebserviceClient for authentication:
public class WebserviceAuthenticationHandler extends 
AbstractWebserviceAuthenticationHandler implements InitializingBean {
protected final boolean authenticateUsernamePasswordInternal(
UsernamePasswordCredentials credentials) throws 
AuthenticationException {
return this._webserviceClient.doAuthentication(credentials);
}
public final void setWebserviceClient(final WebserviceClient 
webserviceClient) { 
 this._webserviceClient = webserviceClient; 
 }
}

2. Create WebserviceClient interface:
public interface WebserviceClient  {
public boolean doAuthentication(final UsernamePasswordCredentials 
credentials) throws AuthenticationException;
}

3. Create a webserviceClient impl
e.g.:
public class YourWsClient  implements WebserviceClient {
public boolean doAuthentication(UsernamePasswordCredentials 
credentials) throws AuthenticationException { 
 LogUtils.setNdcLogIdentifier(credentials); 
 MyRequest request = ObjectFactory.createMyRequest();
request.setUsername(credentials.getUsername);
request.setPassword(credentials.getPassword);
try {
response = (AuthenticateUserResponse) 
getWebServiceTemplate().marshalSendAndReceive(request);
return (response.isLoggedIn()); // just an example.
} catch (Exception e){
throw 
AuthenticationException("error.authentication.credentials.bad");
}
 }
}

4. Define the wsClient bean with its marshaller and unmarshaller (I use a 
separate wsConfigContext.xml file for this)

http://www.springframework.org/schema/beans";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
  



  
  
  

  



5. Wire in the WebserviceAuthenticationHandler into deployerConfigContext.xml 
authenticationManager:
...








  




…

6. add the wsConfigContext.xml to web.xml:

contextConfigLocation

/WEB-INF/spring-configuration/*.xml
/WEB-INF/deployerConfigContext.xml
/WEB-INF/wsConfigContext.xml




You can add the jaxb2 maven plugin to the pom.xml to generate the schema 
classes automatically.
See http://mojo.codehaus.org/jaxb2-maven-plugin/usage.html


Robert

Am 11.04.2013 um 10:37 schrieb Carlos Lorenzo :

> Thank you for your quick response, Robert.
> Could you elaborate a little more your solution??.
> As I said in the previous mail I am fairly new with JASIG Cas Server.
> 
> 
> Thanks.
> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Cas Server authentication to external Web-Services.

2013-04-10 Thread Robert Oschwald 
I use a Soap Webservice Authentication Handler for this.
The WebserviceAuthenticationHandler extends 
AbstractUsernamePasswordAuthenticationHandler.

Webservice Client is a Spring-WS client injected into the 
WebserviceAuthenticationHandler using servers wsdl as Jaxb objects (created by 
Maven XJC plugin).

Robert


Am 10.04.2013 um 16:24 schrieb Carlos :

> I am new to working with Jasig Cas Server.
> Cas server may authenticate with external Web-service??.
> 
> Thanks.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Attributes via CAS 2.0 protocol

2013-03-27 Thread Robert Oschwald 
See 
https://wiki.jasig.org/display/CASUM/Attributes#Attributes-AccessingattributesusingtheCASclientforjava
 how to release attributes to the client.
If you use the SAML ticket validator, it works out of the box.

If you want to release the attributes using the /serviceValidate url, you must 
add attributes to the casServiceValidationSuccess.jsp.

Robert

Am 27.03.2013 um 16:50 schrieb Stephen More :

> According to the Client Feature Matrix (
> https://wiki.jasig.org/display/CASC/Client+Feature+Matrix ) Attributes
> are available by using either protocol SAML1.1 or CAS 2.0 support via
> known server sided extension point.
> 
> I see the SAML1.1 example here:
> https://wiki.jasig.org/display/CASC/Saml11TicketValidationFilter+Example
> 
> What is the CAS 2.0 server side extension that supports attributes and
> is there an example ?
> 
> 
> -Stephen More
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Public computer login and CAS

2013-03-01 Thread Robert Oschwald 
Are you using Firefox ?
Then this bug might be of interest: 
https://bugzilla.mozilla.org/show_bug.cgi?id=443354#c48


Am 01.03.2013 um 14:53 schrieb "Ohsie, David" :

> So I guess the next natural questions, based on the observations posted here 
> are as follows:
>  
> 1)  If you close your browser and then reopen it, is the MoodleSession cookie 
> still there, even though it is marked as "Expires: End of Session".
>  
> 2) What browser and version is that?
>  
> If the browser is going to hold on to session cookies even when it is closed, 
> then I'm not sure what you can do…
>  
> David Ohsie
> Software Architect
> EMC Corporation
>  
>  
> From: Danny Sinang [mailto:d.sin...@gmail.com] 
> Sent: Friday, March 01, 2013 6:26 AM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] Public computer login and CAS
>  
> Hi David,
>  
> No, I don't have "Remember Me" turned on.
>  
> As for the cache control headers, I clicked on "View Page Info" while on my 
> secure page (in Firefox) and this is what I saw :
>  
> 
> 
> For the session cookie, here's what I saw :
> 
>  
> Regards,
> Danny
>  
> On Thu, Feb 28, 2013 at 2:08 PM, Ohsie, David  wrote:
> Do you have "Remember Me" turned on?
>  
> If not, it is possible that either the session cookies from your site are 
> persistent (with an an explicit Expires/MaxAge) or else the cache control 
> headers are allowing some pages to remain withing the browser cache.
>  
> From: Danny Sinang [mailto:d.sin...@gmail.com] 
> Sent: Thursday, February 28, 2013 12:55 PM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] Public computer login and CAS
>  
> Hi,
>  
> I noticed that closing and reopening my browser allows me to access protected 
> webpages on my CASified site.
>  
> This could be a problem if I logged in from a public computer (internet cafe, 
> etc).
>  
> Is there a way to secure against this ?
>  
> Regards,
> Danny
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> david.oh...@emc.com
> 
>  
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> david.oh...@emc.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS LOGOUT

2013-01-16 Thread Robert Oschwald 
We're working on a new specification which includes all the features and 
parameters currently in CAS Server.
There, "service" parameter for logout is explained from specification side.

You can have a look into it on 
https://docs.google.com/document/d/1l0o60mLfXF4bkQdwRSH4i6P-IJQki3-v-zyoOAjxDd4/edit

Am 17.01.2013 um 08:14 schrieb Farzan Qureshi :

> Hi,
> 
> Thanks for your reply. I am using moodle and other is generating the url 
> parameter on its own. I am not sure if it is specific to moodle.  I will try 
> with some other app too.
> 
> Thanks.
> 
> Farzan
> 
> On 17/01/2013 8:11 PM, "Francisco Pascual"  wrote:
> In order to logout to the given url you should use "service" parameter 
> instead of url. I'd say there's a similar question a couple of days ago.
> 
> 2013/1/17 Farzan Qureshi 
> Hi,
> 
> Under cas.properties I have set cas.logout.followServiceRedirects=true but 
> still after logging out from a service it sits on logout screen of cas and 
> does not redirect back to application though in url I can see there is 
> ?url=encoded url
> 
> Any ideas?
> 
> Farzan
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. If 
> you have received this email in error please notify the system manager 
> (ad...@rosmini.school.nz). Please note that any views or opinions presented 
> in this email are solely those of the author and do not necessarily represent 
> those of the company. Finally, the recipient should check this email and any 
> attachments for the presence of viruses. Rosmini College accepts no liability 
> for any damage caused by any virus transmitted by this email.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: fran...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> fqure...@rosmini.school.nz
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. If 
> you have received this email in error please notify the system manager 
> (ad...@rosmini.school.nz). Please note that any views or opinions presented 
> in this email are solely those of the author and do not necessarily represent 
> those of the company. Finally, the recipient should check this email and any 
> attachments for the presence of viruses. Rosmini College accepts no liability 
> for any damage caused by any virus transmitted by this email.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] username trim problem

2013-01-03 Thread Robert Oschwald 
Yes, thats possible. I'm using a custom soap authentication handler. 

> Interesting. This would imply that your underlying AuthenticationHandler is 
> allowing users to login with a trailing space then correct? Are you using 
> some kind of Custom Authentication Handler? I just verified and my CAS server 
> does not let users login with a trailing space. I'm using the Bind LDAP 
> Authentication Handler pointing against an AD.
> 
> 
> -Original Message-
> From: Robert Oschwald [mailto:robertoschw...@googlemail.com] 
> Sent: Thursday, January 03, 2013 9:57 AM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] username trim problem
> 
> Today I noticed a problem in one of our CAS client applications.
> If a user enters the username with a trailing space, the CAS client 
> application fails, as the trailing space doesn't seem to be trimmed by the 
> cas server.
> 
> CAS Server: 3.4.11
> Client uses cas-client-core 3.1.3 and the trailing space gets passed to the 
> client application (this client uses xml validation response).
> Client gets the user by request.getRemoteUser().
> 
> Is this a feature or a bug?
> 
> 
> Robert
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> edomazli...@tacomacc.edu To unsubscribe, change settings or access archives, 
> see http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] username trim problem

2013-01-03 Thread Robert Oschwald 
Today I noticed a problem in one of our CAS client applications.
If a user enters the username with a trailing space, the CAS client application 
fails, as the trailing space doesn't seem to be trimmed by the cas server.

CAS Server: 3.4.11
Client uses cas-client-core 3.1.3 and the trailing space gets passed to the 
client application (this client uses xml validation response).
Client gets the user by request.getRemoteUser().

Is this a feature or a bug?


Robert
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] samlValidate documentation

2012-10-10 Thread Robert Oschwald 
We're currently working on the next version of the CAS protocol spec. This 
includes SAMLvalidate and other extensions.


Am 11.10.2012 um 03:51 schrieb Baron Fujimoto :

> Is there somewhere in the CASUM wiki I'm overlooking that documents the
> samlValidate CAS URI similarly to how other CAS URIs are documented on
> the protocol page at ?
> 
> I think we've managed to suss out the basics though a combination of
> splelunking through logs, client code, and googling.  We had run across
> this page , but it sort of
> only became apparent how to put that information in context after we more
> or less already knew what we were looking for.  Even there, I don't see
> mention of the TARGET parameter.
> 
> If this info could have been included on the protocol page, it would have
> been very helpful. If it's not entirely appropriate there because it's not
> strictly part of the CAS protocol, even some conspicuous mention of the
> SAML stuff necessary to obtain attributes with a pointer to another page
> that contained documentation similar to that of the protocol pages would
> have been a boon.
> 
> aloha,
> -baron
> -- 
> Baron Fujimoto  :: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Integrating spring security with CAS remember me authentication

2012-05-08 Thread Robert Oschwald 
Just to get an idea how we handle Remember Me:

We use CAS Remember Me since the beginning (we are the sponsors of this 
feature) and here is how we use it:

 - Note: Remember Me in the Applications Spring Security is disabled, so we use 
only CAS Remember Me.
 - As we do not use SAML response yet, we extended the validation response to 
signal remember me to the CAS clients. So we extended 
casServiceValidationSuccess.jsp with:

 
${fn:escapeXml(assertion.fromNewLogin)}
 


 - in all CAS client applications, it's only allowed to access non-critical 
pages with a Remembered login. If user accesses a critical page, we force a CAS 
relogin. 
For Spring Security based clients, we extended the CasAuthenticationProvider to 
check the validation response for a remembered login. 
Technically, we reduce the users current roles if remember Me login was 
perfomed so an access to critical pages is denied.

Hope it helps a bit.

Robert






Am 08.05.2012 um 07:56 schrieb jleleu:

> Hi Max,
> 
> I hope that someone could find a good solution...
> 
> I remember also having trouble with the different levels of authentication 
> (CAS remember me and CAS authentication by login/password) inside the same 
> application because both are based on CAS : changing from weak to strong 
> level forced me use the renew parameter to make CAS server "forget" the 
> previous authentication...
> 
> Does it worth it ? I think it depends on your application. CAS remember-me is 
> less secured than CAS login/password authentication, but it's still secured 
> as your identity is held by a secured cookie only send to the CAS server.
> If your application is not critical (just displaying not critical user 
> information), I would consider remember me authentication as a regular CAS 
> authentication. If your application allows its users to buy stuffs or such 
> critical actions, I think you can't escape supporting properly the CAS 
> remember me mode.
> 
> Keep me informed on how you handle CAS remember me mode in Spring Security.
> 
> Thanks.
> Best regards,
> Jérôme
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] casLogoutView.jsp & url parameter

2012-05-02 Thread Robert Oschwald 
How can that happen?
Normally, only registered service urls are allowed to use Cas.
Cas logout is initiated from these applications. So how can an attacker inject 
a malicious logout redirect URL?

Does the same problem apply for the service parameter on logout?

Von meinem iPhone gesendet

Am 02.05.2012 um 19:48 schrieb "jleleu" :

> Hi,
> 
> XML escaping, nor "http:(s)" check won't protect you against malicious 
> redirect urls like Marvin wrote : 
> https://cas.example.com/cas/logout?url=https://thepiratebay.se.
> 
> We faced the same problem and we had to check the host of the redirect url to 
> avoid security breach and unwanted redirections. You could do that with 
> regexp pattern matching or simple String.startsWith test (if 
> url.startsWith("http://www.authorizedurl.com/";)).
> 
> Best regards,
> Jérôme
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Link to Wiki missing on JASIG CAS Webpage

2012-03-12 Thread Robert Oschwald 
Thanks for the info.
Not very obvious to me. 
Documentation is  a major issue to me, so I expected it to be a main menu entry 
on the left.

Robert



Am 12.03.2012 um 17:08 schrieb Ben Branch:

> Robert,
> 
> When you go to the www.jasig.org/cas/ page, you will see a link on the left 
> that says "Community".  When you click on this, it will then show you a page 
> that has a link to the wiki on it.  I hope this helps.
> 
> Ben Branch
> Sun Administrator
> University of Central Oklahoma
> ITIL Foundation v3, Network+
> 
> 100 N. University Drive, Box 122
> Edmond, OK 73034
> D: 405.974.2649 | M: 405.550.6804 | bbra...@uco.edu | www.uco.edu
>  
> "If you wish to know your past, look at your present conditions.  If you wish 
> to know your future, look at your present actions."  - Siddhartha Gautama
> 
> -Original Message-
> From: Robert Oschwald [mailto:robertoschw...@googlemail.com] 
> Sent: Monday, March 12, 2012 10:47 AM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] Link to Wiki missing on JASIG CAS Webpage
> 
> Maybe I'm blind,
> but I do not find the link to the documentation wiki on 
> http://www.jasig.org/cas/.
> 
> 
> Robert
> 
> 
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: bbra...@uco.edu 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> 
> **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and 
> Green! Please print this e-mail only if absolutely necessary! 
> 
> **CONFIDENTIALITY** This e-mail (including any attachments) may contain 
> confidential, proprietary and privileged information. Any unauthorized 
> disclosure or use of this information is prohibited.
> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Link to Wiki missing on JASIG CAS Webpage

2012-03-12 Thread Robert Oschwald 
Maybe I'm blind,
but I do not find the link to the documentation wiki on 
http://www.jasig.org/cas/.


Robert



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Remember Me feature

2011-07-26 Thread Robert Oschwald 
We use InnoDB on all Tables but see the lock problems on 2 independent 
installations.


Am 25.07.2011 um 19:22 schrieb Eric Pierce:

> MySQL uses table-level locking if you're using the MyISAM storage engine and 
> row-level with InnoDB.  MyISAM was the default for years and is faster than 
> InnoDB in certain use cases, but tables with many updates/deletes should use 
> InnoDB
> 
> On Mon, Jul 25, 2011 at 11:10 AM, Marvin Addison  
> wrote:
> >
> > > What's your experience with MySQL?
> >
> > Not much other than using it for development testing and the reports
> > of deadlocks by other users.  My sense is that it falls somewhere in
> > the middle of the two I mentioned.
> >
> > M
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as: epie...@usf.edu
> > To unsubscribe, change settings or access archives, see 
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> 
> --
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868  -- epie...@usf.edu
> 
> 
> -- 
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- epie...@usf.edu
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Remember Me feature

2011-07-25 Thread Robert Oschwald 

Am 25.07.2011 um 15:48 schrieb Marvin Addison:
> 
> 
>> This could lead to a problem because the cleaner currently locks your ticket 
>> registry for a long time as all tickets are deserialized.
> 
> There is no such locking explicitly in the code, and it's hard to
> imagine how _any_ database platform would lock entire tables to
> perform row-level deletions in a way that would appear to lock the
> entire registry.

Correct. Due to the design of deserializing all tickets in the registry, this 
might take a lot of time.


> 
>> You can get java.sql.BatchUpdateException: Lock wait timeout exceeded; try 
>> restarting transaction exceptions due to this.
> 
> I believe this is simply one manifestation of a deadlock, which is a
> known issue with the current JPA implementation.  Some platforms
> handle deadlocks better than others; based on my experience Oracle is
> among the best and PostgreSQL among the worst.

What's your experience with MySQL? Thats the one we see the issue.

> It's doubtful it will be better until there are API changes, which
> are due in the CAS 4.x timeframe.
> 


Full ack. I think with direct finders in 4.0 on expired tickets this will be 
resolved.


Thanks,
Robert




-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Remember Me feature

2011-07-25 Thread Robert Oschwald 
One thing to note when using RememberMe is the DefaultTicketRegistryCleaner 
problem.
With RememberMe enabled with a TTL of weeks, you might get a lot of tickets in 
the registry.
This could lead to a problem because the cleaner currently locks your ticket 
registry for a long time as all tickets are deserialized.

You can get java.sql.BatchUpdateException: Lock wait timeout exceeded; try 
restarting transaction exceptions due to this.

I'm not sure if a Jira Ticket for this problem exists.
We see this problem on MySQL.


Robert




Am 25.07.2011 um 09:48 schrieb Jerome LELEU:

> Hello,
> 
> Exactly, remember me is a feature to keep the user authenticated for weeks 
> (months maybe) even if you close your browser and not only during a browsing 
> session when you type your login and password.
> The wiki page (https://wiki.jasig.org/display/CASUM/Remember+Me) describes 
> how to add this feature to the CAS server. After configuration you should 
> have a "remember me" check box on your login page : if you check it, your 
> identity will be kept after you close the browser. The CASTGC cookie will not 
> be destroyed when you close your browser : it will last and the user could be 
> reauthenticated whitout typing login and password in a next browsing session.
> If you want to make remember me feature works, you have to configure your CAS 
> server as described in the wiki page and also notify your application that it 
> is a remember me authentication. This last part was missing : I create a JIRA 
> ticket : https://issues.jasig.org/browse/CAS-973.
> It is now done in CAS server 3.4.9-SNAPSHOT. You should also use SAML 
> validation. This way, as a response of the service ticket validation, you'll 
> get an attribute called longTermAuthenticationRequestTokenUsed which says if 
> it is a remember me authentication or not.
> Regards,
> Jerome
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] How to get started with CAS ?

2011-05-31 Thread Robert Oschwald 
Do not modify the original source.
Instead, create an own maven project and copy the pom.xml contents described in 
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
 into your project as toplevel pom.xml
Now you can perform a mvn package which overlays all your changes on top of the 
original war contents.

Robert

Am 31.05.2011 um 11:56 schrieb flips:

> Hi,
> 
> I'm starting with CAS but cannot find updated documention about how to get 
> started...
> 
> I installed tomcat and maven2, is it enough ?
> 
> I downloaded CAS source files and got the demo webapp running.
> 
> Can I modify the demo webapp directly to use a database 
> authentificationHandler instead of the default one ?
> 
> Should I forget about the demo webapp and start working on the 
> cas-server-webapp source ? Does it make sense to "mvn package install" first, 
> make changes and "mvn package" to get a .war file ?
> 
> Thanks for helping.
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] cas jpa ticket registry - deadlocks

2011-05-25 Thread Robert Oschwald 
Only one CAS node is used per db (MySQL). But there are several CAS Servers 
using independent schemas on the same db server.
Currently, approx. 100.000-200.000 tickets are in the registry.

As this server uses the fairly old CAS 3.2.1 and the JPATicketRegistry was 
improved in 3.3.3, it might help to update, first.

Other servers we run CAS 3.4.3.1 on do not see this problem, but they by far do 
not hold that much tickets.

For the 4.0 redesign, is there a Jira ticket existing? (CAS-782 is set fixed).
On redesign of the ticket registry, I strongly recommend to not iterate over 
all tickets but to use a finder to get expired tickets from the db directly.
This requires a redesign/addition of Ticket attributes but I think thats a way 
to avoid bottlenecks. Additionally, we do not need to deserialize all tickets.

Robert



Am 26.05.2011 um 03:49 schrieb Marvin Addison:

>> It seems the problem happens when the cleaner is running.
> 
> Do you have multiple nodes attempting to clean the registry
> simultaneously?  That's often another cause of deadlocks, but cleaning
> in general can increase deadlock frequency.  You could consider
> disabling the cleaner altogether and simply run a scheduled job to
> clean up orphaned tickets.  Since you're using rememberMe, it may be
> tricky to identify a cutoff date beyond which you're _certain_ tickets
> have expired, but I'd wager it's possible.  I'd recommend this option
> only as a last resort.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] cas jpa ticket registry - deadlocks

2011-05-25 Thread Robert Oschwald 
Marvin, thanks for clarification.
It seems the problem happens when the cleaner is running.
I'm on MySQL 5 (RHES).

We need to use jpa because of rememberMe.


Robert

Am 25.05.2011 um 14:55 schrieb Marvin Addison :

>> One of my CAS Servers (3.2.1) is having a problem with deadlocks.
> 
> It's a known issue and appears to be caused in part by the design of
> JpaTicketRegistry.  The root problem is lock escalation caused by
> parent-child relationships between TGT and ST tables.  An example flow
> that illustrates the problem:
> 
> 1. Obtain read lock on parent TGT row
> 2. Insert ST with FK reference to TGT row
> 3. Upgrade lock on parent TGT to update lastUsedTimestamp and other metadata
> 
> The problem is at 3.  While this flow doesn't make clear how a
> circular lock condition is obtained, I'm fairly certain the root cause
> is lock escalation.  Additionally, the locking details are entirely
> platform specific.  Oracle handles this the best, followed by MSSQL,
> with PostgreSQL coming in distant third.
> 
> I hope to address these design issues for CAS 4, but you should try to
> triage the problem for now.  I'd recommend testing additional indices
> or dropping the FK reference between TGT and ST -- that helped in the
> case of PostgreSQL.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] cas jpa ticket registry - deadlocks

2011-05-25 Thread Robert Oschwald 
One of my CAS Servers (3.2.1) is having a problem with deadlocks.

The indexes for the foreign keys have been created but I still get deadlock 
exceptions sometimes.
Any idea what else could cause this problem?

Hibernate Version 3.2.4.sp1, Spring 2.5.1

Thanks,
Robert

java.sql.BatchUpdateException: Deadlock found when trying to get lock; try 
restarting transaction
at 
com.mysql.jdbc.ServerPreparedStatement.executeBatch(ServerPreparedStatement.java:647)
at 
org.apache.commons.dbcp.DelegatingStatement.executeBatch(DelegatingStatement.java:297)
at 
org.hibernate.jdbc.BatchingBatcher.doExecuteBatch(BatchingBatcher.java:48)
at 
org.hibernate.jdbc.AbstractBatcher.executeBatch(AbstractBatcher.java:246)
at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:237)
at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:142)
at 
org.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:298)
at 
org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:27)
at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1000)
at org.hibernate.impl.SessionImpl.managedFlush(SessionImpl.java:338)
at 
org.hibernate.transaction.JDBCTransaction.commit(JDBCTransaction.java:106)
at org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:54)
at 
org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:438)
at 
org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:709)
at 
org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:678)
at 
org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:319)
at 
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:116)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at 
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy31.grantServiceTicket(Unknown Source)
at 
org.jasig.cas.web.flow.GenerateServiceTicketAction.doExecute(GenerateServiceTicketAction.java:37)
at 
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:192)
at 
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:146)
at 
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:59)
at 
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:156)
at org.springframework.webflow.engine.State.enter(State.java:191)
at 
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at 
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:54)
at org.springframework.webflow.engine.State.enter(State.java:191)
at 
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at 
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:54)
at org.springframework.webflow.engine.State.enter(State.java:191)
at 
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at 
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:54)
at org.springframework.webflow.engine.State.enter(State.java:191)
at 
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at 
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:107)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534)
at 
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:205)
at 
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161)
at org.springframework.webflow.engine.State.enter(State.java:191)
at org.springframework.webflow.engine.Flow.start(Flow.java:521)
at 
org.springframework.webflow.engine.impl.RequestControlContextImpl.start(RequestControlContextImpl.java:193)
at 
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:177)
at 
org.springframework.webflow.executor.FlowExecutorImpl.launch(FlowExecutorImpl.java:187)
at 
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:125)
at 
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:165)
at 
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at

Re: [cas-user] Remember me working but how to notify client application ?

2011-04-26 Thread Robert Oschwald 
You must add the properties to the casServiceValidationSuccess jsp. This is a 
custom extension.

Example:

 
   
${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes['org.jasig.cas.authentication.principal.REMEMBER_ME'])}
   
${fn:escapeXml(assertion.fromNewLogin)}



The isRemembered attribute is just the checkbox state (and of no help to get if 
this was a remembered login or not)
The isFromNewLogin is the interesting one. This really gives you the info if 
this was an authentication via a rememberMe ticket/cookie.

The info above is missing in the wiki currently. A CAS Jira ticket was opened a 
while ago regarding this.


Robert




Am 26.04.2011 um 10:48 schrieb Jérôme LELEU:

> Hello,
> 
> I followed the doc to setup remember me : 
> https://wiki.jasig.org/display/CASUM/Remember+Me and it works fine on CAS 
> 3.4.7 : the Authentication object has a new property 
> AUTHENTICATION_ATTRIBUTE_REMEMBER_ME set to TRUE when I check the "Remember 
> me" checkbox.
> 
> My question is : how can I notify client applications that it is a "remember 
> me" authentication ? authentication attributes are never send to client 
> applications through /smalValidate or /serviceValidate ?
> 
> Thanks,
> Jérôme
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] view per theme

2011-03-23 Thread Robert Oschwald 
ci of the different cas client apps differ as well as the messages.
Also, we got a registration button only in some of the themes and on some we 
don't.

Could you please give me a pointer on how to achieve a view-per-theme solution?


Am 23.03.2011 um 14:28 schrieb Marvin Addison:

> 
> We use this approach at Virginia Tech for our two different
> authentication methods, user/password and X.509/SSL client auth.  If
> your views are substantially different, which is the case for us, then
> it's a good solution.  That said, 5 different login views seems
> excessive.  Can you explain further your need for so many themes?


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] view per theme

2011-03-23 Thread Robert Oschwald 
Currently, I use 5 themes in the loginView page.
As this is a very complex page now, I'm looking for an alternative.

E.g. different login page per theme or separate views for themes.

Any recommendations?


Thanks,
Robert


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] sometimes TicketException

2011-02-10 Thread Robert Oschwald 
Sorry for this lengthy email...

Sometimes I receive this exception for one of my Spring based client apps 
(other client apps work fine) on the Cas Server.
It occurs every few 100 authentications, sometimes more often.

The exception on CAS Server:

2011-02-10 02:29:54,226 [TP-Processor11] [u...@xxexample.net] INFO  
org.jasig.cas.authentication.AuthenticationManagerImpl - AuthenticationHandler: 
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
 successfully authenticated the user which provided the following credentials: 
[callbackUrl: https://casclientserver.xx/app/proxy/receptor]
2011-02-10 02:29:54,231 [TP-Processor11] [u...@xxexample.net] ERROR 
org.jasig.cas.web.ServiceValidateController - TicketException generating ticket 
for: [callbackUrl: https://casclientserver.xx/app/proxy/receptor]
org.jasig.cas.ticket.InvalidTicketException
at 
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:284)
at sun.reflect.GeneratedMethodAccessor462.invoke(Unknown Source)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at 
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at 
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
at 
org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:71)
at sun.reflect.GeneratedMethodAccessor186.invoke(Unknown Source)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
at 
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at 
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at 
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at 
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy65.delegateTicketGrantingTicket(Unknown Source)
at 
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:127)
at 
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at 
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
at 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
at 
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at 
org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115)
at 
org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44)
at 
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at 
com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:46)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapper

[cas-user] Important! Critical bug in all Java versions

2011-02-09 Thread Robert Oschwald 
This is off topic but important to all CAS users.

There exists a remotely exploitable critical bug in Java which can lead to a 
complete crash of the JVM. 
Every admin is urged to immediately patch all Sun/Bea/Oracle Java Versions on 
their servers.

Main cause of the problem is a flaw in the AMD/Intel floating point unit.

JVM Patcher:
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=fpupdater-oth-JPR@CDS-CDS_Developer


As noted above, every script kiddie can crash your remotely available java app 
by simply sending the magic string in the HTTP-HEADER (e.g. by using curl).


Hope it helps.

Robert
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Fwd: Java 1.6 vs. Java 1.5

2011-01-03 Thread Robert Oschwald 
+1 for 1.6


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Remember me feature

2010-12-20 Thread Robert Oschwald 
You need to read the complete document.
In the "Custom Implementations" section it's described how you extend the login 
page.

Robert

> 
> On Mon, Dec 20, 2010 at 4:07 PM, colagero  wrote:
> 
> hi all,
> 
> 
> 
> i,m tryng to follow your Documentation to set Remember feature on CAS 3.4.2 
> but it doesnt work
> please help,
> 
> https://wiki.jasig.org/display/CASUM/Remember+Me
> 
> 
> 
> i did the setting on deployerConfigContext.xml,  login-webflow.xml , 
> ticketExpirationPolicies.xml  exactly matching the Doc,
> 
> i did net get the rememberMe   on CAS  login page
> 
> please advise,
> 
> this is my setting
> 
> 1- i add his on deployerConfigContext.xml
> 
> 
> 
>  
> 
>  class="org.jasig.cas.authentication.principal.RememberMeAuthenticationMetaDataPopulator"
>  />
> 
>  
> 
> 
> 
> 2- i change the same part with this added this on login-webflow.xml:
> 
> 
> 
> class="org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials"
>  />
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
> expression="authenticationViaFormAction.doBind(flowRequestContext, 
> flowScope.credentials)" />
> 
>
> 
> 
> 
> 3-i added this on ticketExpirationPolicies.xml
> 
> 
>   
>
>   
>
>   
>   
>
>   
>
>   
> 
>  class="org.jasig.cas.ticket.support.RememberMeDelegatingExpirationPolicy">
> 
>   
> 
>
> 
>   
> 
>
> 
>   
> 
>   
> 
>
> 
>   
> 
>
> 
>   
> 
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] casLoginView.jsp with third parameter

2010-11-12 Thread Robert Oschwald 
Thats exactly the correct way.
Do not forget to overwrite hashCode() and equals() which takes your new 
parameters into account. 
See RememberMeUsernamePasswordCredentials as an example.



Am 12.11.2010 um 18:52 schrieb Scott Battaglia:

> You should be extending our class with your own custom class and not 
> modifying the code.  My guess is even though you think you made the changes 
> you're probably still using the original class (that's merely a guess)
> 
> 
> On Fri, Nov 12, 2010 at 12:08 PM, Fco Javier Carreras Calero 
>  wrote:
> Hi,
> 
>  
> I´ve modified casLoginView.jsp for appears a select.  I´ve added:
> 
>  
>   
> 
>   
> 
> 
> 
>   
> 
>
> 
> 
> 
>  
> 
>  
> I´ve modified login-webflow.
> 
>  
> 
> 
>  class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> validate="true" to="realSubmit">
> 
> 
> 
>  expression="authenticationViaFormAction.doBind(flowRequestContext, 
> flowScope.credentials)" />
> 
> 
> 
> 
> 
>  
> And I´ve modified the class UsernamePasswordCredentials:
> 
>  
> private String sed;
> 
>  
> 
> public final String getSed() {
> 
> return this.sed;
> 
> }
> 
>  
> 
> public final void setSed(final String sed) {
> 
> this.sed = sed;
> 
> }
> 
>  
> but an error occurs:
> 
>  
> 2010-11-12 17:52:58,807 ERROR 
> [org.springframework.web.servlet.tags.form.SelectTag] - 
> 
> org.springframework.binding.expression.PropertyNotFoundException: Property 
> not found
> 
> at 
> org.springframework.binding.expression.ognl.OgnlExpression.getValue(OgnlExpression.java:87)
> 
> at 
> org.springframework.webflow.mvc.view.BindingModel.getFormattedValue(BindingModel.java:240)
> 
> at 
> org.springframework.webflow.mvc.view.BindingModel.getFieldValue(BindingModel.java:141)
> 
> at 
> org.springframework.web.servlet.support.BindStatus.(BindStatus.java:120)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractDataBoundFormElementTag.getBindStatus(AbstractDataBoundFormElementTag.java:174)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractDataBoundFormElementTag.getPropertyPath(AbstractDataBoundFormElementTag.java:194)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractDataBoundFormElementTag.getName(AbstractDataBoundFormElementTag.java:160)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractDataBoundFormElementTag.autogenerateId(AbstractDataBoundFormElementTag.java:147)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractDataBoundFormElementTag.resolveId(AbstractDataBoundFormElementTag.java:138)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractDataBoundFormElementTag.writeDefaultAttributes(AbstractDataBoundFormElementTag.java:122)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractHtmlElementTag.writeDefaultAttributes(AbstractHtmlElementTag.java:409)
> 
> at 
> org.springframework.web.servlet.tags.form.SelectTag.writeTagContent(SelectTag.java:198)
> 
> at 
> org.springframework.web.servlet.tags.form.AbstractFormTag.doStartTagInternal(AbstractFormTag.java:102)
> 
> at 
> org.springframework.web.servlet.tags.RequestContextAwareTag.doStartTag(RequestContextAwareTag.java:79)
> 
> at 
> org.apache.jsp.WEB_002dINF.view.jsp.default_.ui.casLoginView_jsp._jspService(casLoginView_jsp.java:241)
> 
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> 
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> 
> at 
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
> 
> at 
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
> 
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
> 
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> 
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> 
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 
> at 
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
> 
> at 
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
> 
> at 
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
> 
> at 
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
> 
> at 
> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputMo

Re: [cas-user] Delete all TGTs

2010-09-22 Thread Robert Oschwald 
In the meantime, I would go with my interim solution, as I need this 
functionality asap.
Later on, I would migrate to 3.5.

Robert

Am 23.09.2010 um 04:12 schrieb Scott Battaglia:

> Its unfortunately taking longer than expected (so we'll be cutting a 3.4.3 
> release in the meantime).  I'm going to take some time this weekend to go 
> through and write down (and open/update JIRA tickets) for all remaining tasks 
> which should give us a good idea of how much more time we need.
> 
> 
> On Wed, Sep 22, 2010 at 12:33 PM, Robert Oschwald 
>  wrote:
> Scott,
> 
> do you know yet when you will release 3.5?
> 
> Robert
> 
> Am 22.09.2010 um 18:27 schrieb Scott Battaglia:
> 
>> The CAS 3.5 API's will actually have a purge method :-)
>> 
>> 
>> On Wed, Sep 22, 2010 at 12:09 PM, Robert Oschwald 
>>  wrote:
>> Hi Folks,
>> 
>> as I use remember-me, I need to be able to force a relogin of all users 
>> (e.g. if Terms Of Service change).
>> 
>> For this, I added a deleteAllTgts() method to the 
>> CentralAuthenticationServiceImpl class (using maven overlay) to be able to 
>> force a relogin of all users (triggered via a REST call in my own 
>> controller).
>> Does anybody have a concern about this approach?
>> 
>> @Transactional(readOnly = false)
>> public void deleteAllTgts() {
>> this.log.info("Removing all TGTs from registry..");
>> Collection tickets = this.ticketRegistry.getTickets();
>> List ids = new ArrayList();
>> for (final Ticket ticket : tickets) {
>>  if (ticket instanceof TicketGrantingTicket){
>>   ids.add(ticket.getId());
>>  }
>> }
>> ticketsInCache = null;
>> for (String id : ids) {
>>  if (this.log.isDebugEnabled()) {
>>   this.log.debug("Deleting ticket >" + id + "<");
>>   }
>>  this.ticketRegistry.deleteTicket(id);
>>  }
>> }
>> 
>> Maybe such a function would be useful to CAS.
>> 
>> 
>> Robert
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>> 
>> 
>> 
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> robertoschw...@googlemail.com
>> 
>> 
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Delete all TGTs

2010-09-22 Thread Robert Oschwald 
Scott,

do you know yet when you will release 3.5?

Robert

Am 22.09.2010 um 18:27 schrieb Scott Battaglia:

> The CAS 3.5 API's will actually have a purge method :-)
> 
> 
> On Wed, Sep 22, 2010 at 12:09 PM, Robert Oschwald 
>  wrote:
> Hi Folks,
> 
> as I use remember-me, I need to be able to force a relogin of all users (e.g. 
> if Terms Of Service change).
> 
> For this, I added a deleteAllTgts() method to the 
> CentralAuthenticationServiceImpl class (using maven overlay) to be able to 
> force a relogin of all users (triggered via a REST call in my own controller).
> Does anybody have a concern about this approach?
> 
> @Transactional(readOnly = false)
> public void deleteAllTgts() {
> this.log.info("Removing all TGTs from registry..");
> Collection tickets = this.ticketRegistry.getTickets();
> List ids = new ArrayList();
> for (final Ticket ticket : tickets) {
>  if (ticket instanceof TicketGrantingTicket){
>   ids.add(ticket.getId());
>  }
> }
> ticketsInCache = null;
> for (String id : ids) {
>  if (this.log.isDebugEnabled()) {
>   this.log.debug("Deleting ticket >" + id + "<");
>}
>  this.ticketRegistry.deleteTicket(id);
>   }
> }
> 
> Maybe such a function would be useful to CAS.
> 
> 
> Robert
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@googlemail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Delete all TGTs

2010-09-22 Thread Robert Oschwald 
Hi Folks,

as I use remember-me, I need to be able to force a relogin of all users (e.g. 
if Terms Of Service change).

For this, I added a deleteAllTgts() method to the 
CentralAuthenticationServiceImpl class (using maven overlay) to be able to 
force a relogin of all users (triggered via a REST call in my own controller).
Does anybody have a concern about this approach?

@Transactional(readOnly = false)
public void deleteAllTgts() {
this.log.info("Removing all TGTs from registry..");
Collection tickets = this.ticketRegistry.getTickets();
List ids = new ArrayList();
for (final Ticket ticket : tickets) {
 if (ticket instanceof TicketGrantingTicket){
  ids.add(ticket.getId());
 }
}
ticketsInCache = null;
for (String id : ids) {
 if (this.log.isDebugEnabled()) {
  this.log.debug("Deleting ticket >" + id + "<");
 }
 this.ticketRegistry.deleteTicket(id);
}
}

Maybe such a function would be useful to CAS.


Robert
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Throttling config in cas 3.4.2.1

2010-09-17 Thread Robert Oschwald 
Hi folks,

upgrading CAS from 3.2.1 to 3.4.2.1 went smooth so far. Authentication via my 
webserviceHandler and rememberMe work perfect.
The only thing I'm struggling with is the new throttle interceptor 
configuration.

The CAS wiki page seems to hold info only for older cas versions and does not 
fit webflow2.

The trigger job works, but the interceptor is not fired on login.

In cas-servlet.xml I added the interceptor to the FlowHandlerMapping:
 

and I added a spring-configuration/throttleInterceptorTrigger.xml file:


http://www.springframework.org/schema/beans";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xmlns:p="http://www.springframework.org/schema/p";
  xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
  
  
  
  


Do I miss something else?


Robert


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS 3.4.2: where to get inspectr artifact

2010-03-29 Thread Robert Oschwald 
Thanks Scott for the quick reply.
Seems I get checksum errors for these artifacts in my Artifactory proxy.

Robert
Am 29.03.2010 um 17:29 schrieb Scott Battaglia:

> Its in the public repository:
> 
> http://repo2.maven.org/maven2/com/github/inspektr/
> 
> We're moving on up in the world! :-) (hopefully we'll get CAS there at some 
> point)
> 
> Cheers,
> Scott
> 
> 
> On Mon, Mar 29, 2010 at 11:26 AM, Robert Oschwald  
> wrote:
> I tried to build CAS 3.4.2 but cannot find com.github.inspektr 1.0.0.GA 
> artifact.
> I'm behind a maven proxy server, therefore I need to add a repo to the proxy 
> I think.
> 
> Unfortunately, I cannot find an explicit repository definition in the main 
> pom.xml file.
> In the old JASIG repo, only a prerelease artifact can be found.
> 
> Any help is appreciated.
> 
> Robert
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS 3.4.2: where to get inspectr artifact

2010-03-29 Thread Robert Oschwald 
I tried to build CAS 3.4.2 but cannot find com.github.inspektr 1.0.0.GA 
artifact.
I'm behind a maven proxy server, therefore I need to add a repo to the proxy I 
think.

Unfortunately, I cannot find an explicit repository definition in the main 
pom.xml file.
In the old JASIG repo, only a prerelease artifact can be found.

Any help is appreciated.

Robert
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] "remember me" and revoking/disabling accounts

2010-02-22 Thread Robert Oschwald 
Johan,
I opened rfe ticket CAS-814 for this problem a while back.
There needs to be a db schema change (adding a column for the username) I 
guess, as otherwise you cannot identifiy users TGTs.
Any news on this Scott?

Robert

Am 23.02.2010 um 00:07 schrieb Johan Reinalda:

> All,
> 
> we are testing the "remember me" feature. All seems fine, apart from a 
> procedural "problem":
> 
> User has "remember me" selected. In the period of "remember me", user account 
> needs to be disabled. We can disable underlying LDAP account, but we can't 
> seem to figure out how to revoke a TGT in our setup.  (We are running with 
> the Memcache/Repcache ticket store, in a clustered setup). Thus we need to 
> disable the account in all CAS enabled applications (yes, this would need to 
> be done for thouroughness anyway)
> 
> Is there any way to revoke a ticket based on the user's CAS Principal in this 
> scenario (ie. not knowing the TGT cookie name) ?
> 
> TIA,
> 
> Johan
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Problem with CAS Logout / Spring Security with Concurrent-session-control

2010-01-30 Thread Robert Oschwald 
It seems you didn't add the casLogoutFilter in your config:
13:06:13,286 ERROR [org.jasig.cas.util.HttpClient] - 


This is the CAS single logout POST request from CAS server to your CAS service 
URL. 
It seems it doesn't get accepted but is ignored within your app.
I recommend to add the SingleSignOutFilter to your web.xml and a pgt storage 
(if not done, yet):

web.xml:


  CAS Single Sign Out Filter
  org.jasig.cas.client.session.SingleSignOutFilter


(add a  corresponding filter mapping, which at least maps to your CAS service 
url)

and add the SingleSignOutHttpSessionListener to web.xml

 
org.jasig.cas.client.session.SingleSignOutHttpSessionListener


Spring config:

 

Add this proxyGrantingTicketStorage to the casAuthenticationFilter as a 
property if not done, yet)

I use this config since Spring Security 2.x and it works. With this config, CAS 
posts the CAS logout XML to your app and the filter logs out the user. 


Unfortunately, there doesn't exists a complete documentation for CAS Client 
with Spring AND Spring Security (or I haven't found it, yet).
The documentation in CAS Wiki is for Spring _only_ (without Spring Security and 
isn't using any Spring Framework Cas Classes like 
org.springframework.security.cas.web.CasProcessingFilter).
The documentation provided by SpringSource misses the Cas Single Log Out config 
described above.

But in the Spring Cas Client example, you can find a working configuration.
See http://jira.springframework.org/browse/SEC-937 for details.

It would be great if one could add a HowTo to the CAS wiki which describes how 
to configure CAS+Spring+Spring Security.


Robert

Am 28.01.2010 um 19:38 schrieb Barry Silk:

> I am having a problem that I've struggled with for the past couple of days.  
> Not sure whether this is a CAS issue or a Spring Security issue, but I have a 
> feeling it might be CAS.  The problem is logging out from a CAS client that 
> is configured with Spring Security (2.0.2) limiting the user to one 
> concurrent session and then trying to log back in. I have posted the details 
> of the Spring Security configuration and logs to the Spring Security forum:
>  
> http://forum.springsource.org/showthread.php?t=83840
>  
> I have been using the CAS (3.2.1) without any problems for about a year.  
> However, a new requirement requires that I limit each user to one login 
> session.  I changed the Spring Security configuration with the following 
> element:
>  
>  exception-if-maximum-exceeded="true"/>
>  
> As expected, this does not permit the user to login to the web-app with an 
> active session open.  The problem is, even after logging out from the 
> web-app, Spring Security still thinks the session is open.  During logout, 
> after the user's session has been destroyed by Spring Security's 
> HttpSessionEventPublisher:
>  
> 13:06:08,068 DEBUG 
> [org.springframework.security.ui.session.HttpSessionEventPublisher] - 
>  org.springframework.security.ui.session.httpsessiondestroyedevent[source=weblogic.servlet.internal.session.replicatedsessiond...@2b1475d]>
> But, then, it appears to get re-established during the CAS logout process by 
> the SamlService, before removing the CASTGC cookie:
> 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Service Management app

2009-12-02 Thread Robert Oschwald 
Are you using MyISAM or InnoDB?

Robert

Am 02.12.2009 um 15:02 schrieb Andy Cowling:

> Hi all
> 
> The problem was caused by the mysql jdbc connector mapping java booleans to 
> mysql bit fields, instead of tinyints, as it should When hibernate reloads 
> the data from mysql all the booleans are read in as 'false', even though they 
> contained the single bit '1' (and should therefore be 'true'). The fix was to 
> drop the table and recreate it using tinyint instead of bit.
> 
> You can read more about this problem here: 
> http://www.jpox.org/servlet/forum/printthread_thread,3471_printall,yes
> http://bugs.mysql.com/bug.php?id=16854
> Might be worth putting a little warning about this on the cas wiki, just to 
> warn potential mysql users. (It cost us some days to debug this)
> 
> We're using cas 3.3.1 with mysql client 14.12 and tomcat 5. 
> 
> Cheers
> Andy
> 
> 
> Scott Battaglia wrote:
>> 
>> Something like this should work:
>> 
>> https://SERVERNAME:8443/cas/services/** (this is what we use)
>> 
>> But your exact matching should work also.
>> 
>> 
>> 
>> On Tue, Dec 1, 2009 at 4:33 AM, Andy Cowling 
>>  wrote:
>> Sadly it was/is not so simple. My ant pattern was indeed wrong - but even 
>> using the exact service string I see in the cas "services" logs I still 
>> cannot access the service management app after a tomcat restart. 
>> 
>> The logs say:
>> 
>> Service [https://cas-services:8443/cas/services/j_acegi_cas_security_check] 
>> not found in ServiceRegistry
>> 
>> Yet the table "RegisteredServiceImpl" contains:
>> 
>> mysql> select serviceId from RegisteredServiceImpl;
>> +---+
>> | serviceId |
>> +---+
>> | https://cas-services:8443/cas/services/j_acegi_cas_security_check |
>> +---+
>> 
>> Note that I CAN access the service management app as long as the 
>> RegisteredServiceImpl table is empty. It is only after I add this service 
>> that I then cannot access it. So it seems that the service management code 
>> is successful in reading the table contents from the database.
>> 
>> I also tried adding all the following serviceIds to the 
>> RegisteredServiceImpl table, all with no success:
>> MailScanner has detected a possible fraud attempt from "**" claiming to be 
>> https://**
>> https://cas-services:8443/cas/services/**
>> https://cas-services:8443/cas/services/j_acegi_cas_security_check**
>> 
>> Note that the service name 
>> "https://cas-services:8443/cas/services/j_acegi_cas_security_check"; is what 
>> is in cas.properties for "cas.securityContext.serviceProperties.service", 
>> and as stated above, it appears to be the actual service string being used 
>> by CAS' service management code, as we can see from the logs above.
>> 
>> 
>> 
>> Cheers
>> Andy
>> 
>> 
>> 
>> Robert Oschwald wrote:
>>> Ant patterns are slightly different than normal RegEx.
>>> 
>>> Use https://cas-services:8443/cas/services** instead.
>>> 
>>> Would be great to have a servlceURL example in the Wiki page.
>>> 
>>> 
>>> Robert
>>> 
>>> Am 30.11.2009 um 16:45 schrieb Andy Cowling:
>>> 
>>>   
>>>> Hi all
>>>> 
>>>> Following the instructions in the Service Management config page I added 
>>>> the service management app as the first entry in the list of services 
>>>> allowed by the cas. But when I restart tomcat, I get the "application not 
>>>> authorized" message.
>>>> 
>>>> The url I used for the service management app was:
>>>> 
>>>> https://cas-services:8443/cas/services*
>>>> 
>>>> Where cas-services is one of multiple names that maps to the local host 
>>>> (this method was used so that we can prove the config works on dev, then 
>>>> roll it out to test and live without requiring a config change). On the 
>>>> local desktop the /etc/hosts file also maps "cas-services" to the relevant 
>>>> cas machine.
>>>> 
>>>> Maybe my ant style pattern matching is just wrong. The best resource I 
>>>> found for this online was http://ant.apac

Re: [cas-user] Service Management app

2009-11-30 Thread Robert Oschwald 
Ant patterns are slightly different than normal RegEx.

Use https://cas-services:8443/cas/services** instead.

Would be great to have a servlceURL example in the Wiki page.


Robert

Am 30.11.2009 um 16:45 schrieb Andy Cowling:

> Hi all
> 
> Following the instructions in the Service Management config page I added the 
> service management app as the first entry in the list of services allowed by 
> the cas. But when I restart tomcat, I get the "application not authorized" 
> message.
> 
> The url I used for the service management app was:
> 
> https://cas-services:8443/cas/services*
> 
> Where cas-services is one of multiple names that maps to the local host (this 
> method was used so that we can prove the config works on dev, then roll it 
> out to test and live without requiring a config change). On the local desktop 
> the /etc/hosts file also maps "cas-services" to the relevant cas machine.
> 
> Maybe my ant style pattern matching is just wrong. The best resource I found 
> for this online was http://ant.apache.org/manual/dirtasks.html
> 
> Cheers
> Andy
> 
> 
> -- 
> 
> Andy Cowling | UK Core IT
> Interactive Data Managed Solutions Ltd
> ---
> Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK
> Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01
> andy.cowl...@interactivedata.com  
> http://www.interactivedata-ms.com
> 
> This message (including any files transmitted with it) may contain 
> confidential 
> and/or proprietary information, is the property of Interactive Data 
> Corporation 
> and/or its subsidiaries, and is directed only to the addressee(s). If you are 
> not 
> the designated recipient or have reason to believe you received this message 
> in
> error, please delete this message from your system and notify the sender 
> immediately. An unintended recipient's disclosure, copying, distribution, or 
> use of this message or any attachments is prohibited and may be unlawful. 
> Interactive Data (Europe) Ltd Registered No. 949387 England Registered 
> Office: 
> Fitzroy House 13-17 Epworth Street. London. EC2A 4DL


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS services page

2009-11-27 Thread Robert Oschwald 
I added a comment the the newly created issue 
http://www.ja-sig.org/issues/browse/CAS-818.

Also, the Services App does not perform a CAS logout if you press logout.
If you use RememberMe, you will not get logged-out of the app, as you are 
immediately logged back in if you click on any action.

Robert


Am 27.11.2009 um 20:04 schrieb Francisco Estanqueiro:

> Done. Thanks for your help.
> 
> Francisco Estanqueiro
> 
> Scott Battaglia wrote:
>> The easiest way is to remove it from the database if you've configured it to 
>> point to one of your databases.
>> 
>> And actually, if you wouldn't mind, can you open up a JIRA issue for an 
>> improvement that basically says "if there are 0 services, display a warning 
>> message that says the first service you should put in should be for the 
>> services management tool"  I think its apparently an unsafe assumption to 
>> assume people see that message in our wiki.
>> 
>> Cheers,
>> Scott
>> 
>> 
>> On Fri, Nov 27, 2009 at 1:41 PM, Francisco Estanqueiro 
>> mailto:fwestanque...@fc.ul.pt>> wrote:
>> 
>>My bad, I didnt found that page. How do I remove the service I
>>added to gain access to the page again?
>> 
>>Thanks,
>>Francisco
>> 
>>Scott Battaglia wrote:
>> 
>>Did you browse our documentation on the Services Management page?
>>It says the first thing you should do when using the services
>>management tool is authorize the tool itself to use CAS.  Yes,
>>a tiny bit backwards, but ensures every application is treated
>>the same (which may or may not be a good thing when it locks
>>you out ;-))
>> 
>>Cheers,
>>Scott
>> 
>> 
>>On Fri, Nov 27, 2009 at 1:10 PM, Francisco
>>mailto:fwestanque...@fc.ul.pt>
>>>>> wrote:
>> 
>>   Hi there,
>> 
>>   I'm having a problem with the CAS services page.. When I
>>add a new
>>   service on that page, everything seems alright. I then
>>logout, try
>>   to access the services page again, it appears the following
>>message:
>> 
>> 
>>   Application Not Authorized to Use CAS
>> 
>>   The application you attempted to authenticate to is not
>>authorized
>>   to use CAS.
>> 
>> 
>>   What am I doing wrong?
>> 
>>   Francisco Estanqueiro
>>   Faculty of Science - University of Lisbon
>>   --
>>   You are currently subscribed to cas-user@lists.jasig.org
>>
>>   >> as:
>>scott.battag...@gmail.com 
>>   >>
>> 
>>   To unsubscribe, change settings or access archives, see
>>   http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>>-- You are currently subscribed to cas-user@lists.jasig.org
>> as: fwestanque...@fc.ul.pt
>>
>> 
>>To unsubscribe, change settings or access archives, see
>>http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> 
>>-- You are currently subscribed to cas-user@lists.jasig.org
>> as: scott.battag...@gmail.com
>>
>>To unsubscribe, change settings or access archives, see
>>http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> fwestanque...@fc.ul.pt
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Remotely invalidation TGC

2009-11-12 Thread Robert Oschwald 

Am 11.11.2009 um 15:26 schrieb Scott Battaglia:

> On Mon, Nov 9, 2009 at 4:29 PM, Robert Oschwald  
> wrote:
> I'm using CAS with RememberMe.
> I need to invalidate a users Tickets (force relogin on next visit) from one 
> of my client apps.
> For this, I'm thinking of a REST Service, Servlet or SOAP Endpoint.
> 
> Is it not sufficient to send a renew=true to force them to log back in?
>  
This assumes the user is online.
But thats not always the case.

Scenario:
User has a valid long term TGC and is not online.
In the User Database, the Username is changed (either by another system or by 
the user but he used another browser (e.g. first Firefox, then Safari to change 
his Username, which is an emailaddr.)

We must ensure that all users need to interactively relogin on next visit if 
email-address gets changed.
 

> 
> Any pointers on how to implement it?
> I need to supply the users username, and thinking of a way to remove all 
> tickets for this user from the TicketRegistry.
> 
> We don't actually store based on username.  So you'd have to write something 
> custom that would map that userid to the ticketid so that you could later 
> retrieve the ticket ID.
> 
> 
Is this an enhancement for a future version?


Robert
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Remotely invalidation TGC

2009-11-09 Thread Robert Oschwald 

I'm using CAS with RememberMe.
I need to invalidate a users Tickets (force relogin on next visit)  
from one of my client apps.

For this, I'm thinking of a REST Service, Servlet or SOAP Endpoint.

Any pointers on how to implement it?
I need to supply the users username, and thinking of a way to remove  
all tickets for this user from the TicketRegistry.


I'm not talking about currently active users, but of users who are  
potentially not online but got a longterm TGC.


Thanks,
Robert


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] JVM survey

2009-10-23 Thread Robert Oschwald 

1.5 and 1.6 here.

Robert



On 22 Oct 2009, at 16:35, Scott Battaglia wrote:


Out of curiosity, is anyone still relying on the Java 1.4?  The CAS
Client for Java has been compatible with it for a while now.
However, we added a feature to support distributed proxy storage via
memcached and so one piece now requires 1.5.  I'm curious if its
okay to make the entire thing rely on Java 1.5.



--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Best practice for upgrading

2009-08-11 Thread Robert Oschwald 
Another approachf for this:
We use maven profiles.
You can define your props within each profile. (e.g. "dev", "prod1",  
"prod2" etc.)
"dev" is the default profile.
Advantage of this is, that you can define properties for maven plugins  
within each profile, too.
E.g. we define the "doCheck" and "doUpdate" props of the buildnumber- 
maven-plugin within each profile. With this, we ensure all resources  
are comitted before we create a production war file.

Robert

Am 11.08.2009 um 15:33 schrieb Bruno Melloni:

> We use a variation of this approach in most of our projects, by  
> taking advantage of the PropertyOverrideConfigurerÿÿ™s behavior:
>
> -  This configurer wasÿÿ designed so that you can have  
> multiple PropertyOverrideConfigurer that load different files, even  
> if they have the same properties.ÿ  If a variable is defined/loaded  
> multiple times, the definition from the last configurer is the one  
> used.
> -  So, we define identical properties files for each  
> environment, and load them in order of finality (PROD first, DEV  
> last).
> -  We use ignoreResourceNotFound = ÿÿœtruÿÿ€ so that  
> missing properties files donÿÿ™t cause problems.
>
> The result is:
>
> -  In version control and DEV environments we have all of  
> the properties files, allowing us to work and prepare them for all  
> environmentsÿÿ  But only the DEV configuration gets usedÿÿ€“ because  
> its property configurer is the last one.
> -  When deploying to other environments we simply doÿÿ€™t  
> deploy unnecessary properties filesÿÿ  For example, in PROD we only  
> deploy the PROD properties filÿÿÂ  The missing files are ignored,  
> and the app behaves as PROÿÿâÿ“ with no fuss.
> -  We never have to modify the app, context or even property  
> files during deployment.
>


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] ThrottledSubmissionByIpAddressHandlerInterceptorAdapter configuration

2009-05-17 Thread Robert Oschwald 
Yes, just add it to the list of interceptors on handlerMappingB.
Thats all.

Robert


> >Is there any other configuration changes necessary?


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Webservice Security with CAS

2009-05-15 Thread Robert Oschwald 
Do you mean you want to secure an endpoint by cas?
Or do you want to implement an endpoint using normal WSSE  
authentication together in an application which uses CAS  
authentication for Webusers, also?

The first one I have never done.
I think you must get the CAS proxy ticket (PGTIOU via the  
ProxyTicketReceptor from CasAuthenticationToken) to perform the  
authentication.

The second one is quite easy. You need to configure two  
authenticationManagers in your spring config.
One which performs CAS auth (for Web users) and one for webservices  
which has other providers set, like a daoAuthenticationProvider.


Robert

Am 16.05.2009 um 02:37 schrieb Nandini Obhrai:

> Anyone implemented webservice security with CAS. Do I have to use  
> Spring Security or CXF?
>
> Thanks
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Where to implement a wsclient call on a RememberMe Login

2009-05-15 Thread Robert Oschwald 
No, I want to perform an action if this is a non-interactive  
remembered login.

Am 15.05.2009 um 14:01 schrieb Scott Battaglia:

> I'm not sure what you mean by this.  If someone logs in and chooses  
> "Remember Me" you want to execute something?
>
> Cheers,
> Scott
>
>
> On Thu, May 14, 2009 at 6:55 AM, Robert Oschwald  > wrote:
> I need to update a foreign (non CAS) application using a wsclient on  
> a CAS RememberMe login.
>
> What is the best point in CAS to add this code to?
>
> Robert
>
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Where to implement a wsclient call on a RememberMe Login

2009-05-14 Thread Robert Oschwald 
I need to update a foreign (non CAS) application using a wsclient on a  
CAS RememberMe login.


What is the best point in CAS to add this code to?

Robert


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Not authorized error when accessing service management tool

2009-04-22 Thread Robert Oschwald 
Thats a quite annoying thing.
You must add the service application first, otherwise you lock out  
yourselve.
There exists a ticket to hardcode the service application definition  
into the spring config files or to set it to readonly to avoid exactly  
this problem.

To resolve the problem, you must stop cas, add the entry to the db  
directly (or delete all rows).

If one of the admins delete the service app definition (which can  
happen easily), you lockout again.

Robert

Am 22.04.2009 um 11:03 schrieb Sukma Agung Verdianto:

> Hi Guys,
>
> I'm having a problem accessing service management application (/cas/ 
> services) on CAS 3.3.1
> It its work fine after a fresh install, however after I register  
> some services trough service management tool and then logout, I am  
> not able to access that page again.
>
> Am I doing something wrong here? or should I just put /cas/services  
> as a registered service? or this is a bug on 3.3.1?
>
> Regards,
> Sukma
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] password expiration

2009-03-14 Thread Robert Oschwald 
It might be better to inform the user those errors.
You can do this by different Exceptions you throw.

Here is an example for a SearchModeSearchDatabaseAuhenticationHandler:

protected final boolean authenticateUsernamePasswordInternal(
UsernamePasswordCredentials credentials) throws  
AuthenticationException {
if (StringUtils.isBlank(credentials.getUsername()) ||  
StringUtils.isBlank(credentials.getPassword())) {
 throw new MissingFieldAuthenticationException();
}
final String encyptedPassword =
 getPasswordEncoder().encode(credentials.getPassword());
final int count =
 getJdbcTemplate().queryForInt(this.sql,  
credentials.getUsername(), encyptedPassword);
if (count != 1) return false; // no user found
// check account status
int validateStatus = this.getUserAccountStatus(credentials);
try {
if (validateStatus == UserStatus.NORMAL) return true;
if (validateStatus == UserStatus.MUST_VALIDATE_EMAIL) throw new  
UserMustValidateEmailAuthException();
throw new BlockedCredentialsAuthenticationException();
} catch (AuthenticationException e) {
 throw e;
}

  private int getUserAccountStatus(Credentials credentials) {
final String query =
"Select STATUS from " + this.tableUsers + " " +
"Where " + this.fieldUser + " = ?";
if (credentials instanceof UsernamePasswordCredentials) {
UsernamePasswordCredentials upCredentials =  
(UsernamePasswordCredentials) credentials;
 int lockStatus = getJdbcTemplate().queryForInt(query,  
upCredentials.getUsername());
return lockStatus;
}
log.error("credentials not supported: " +  
credentials.getClass().getName());
return -1;
}

Here you see I throw several different Exceptions to inform the user  
on the login mask.
The same can be used for  password expired handling in your handler.
I successfully use this in several AuthHandlers (db, webservice etc.)

Robert
-
> I think that you should implement your own  
> org.jasig.cas.authentication.handler.AuthenticationHandler to plugin  
> to CAS in the deployerConfigContext.xml, In this way you can  
> retrieve a password for the user, and password expiration value for  
> the user, them proceed to authenticate the user and if the password  
> is valid check the password expiration value, to implement the  
> org.jasig.cas.authentication.handler.AuthenticationHandler you can  
> do something like this
>
> public boolean authenticate(Credentials cred) throws  
> AuthenticationException{
>
> String user = ((UsernamePasswordCredentials)cred).getUsername();
> String pass = (UsernamePasswordCredentials)cred).getPassword();
>
> //retrieve the user password and expiration value that is stored in db
>
> if(pass.equals(passdb) && !passexpired)
> return true;
>
> return false;
> }
>
> Consider the use of an password encoder
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] how to set up cas 3 logout redirect

2009-02-18 Thread Robert Oschwald 


Its an addition that some people did, like the url parameter.  Its  
probably a good contender for our new process of updating the  
protocol ;-)


There's no need to modify your logoutView.jsp.  If you've enabled  
serviceRedirects on the LogoutController and you give it the service  
url it will redirect manually.  If you give it the url param, it  
will just display it on the JSP page (assuming you haven't removed  
that).


Yes, but then you can't add additional parameters to the redirect url,  
as logoutController just takes the service param (like a language  
param or others)
Therefore, I don't set the followServiceRedirect parameter and  
therefore got full control of what is done in the logoutView page.


Robert


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] how to set up cas 3 logout redirect

2009-02-16 Thread Robert Oschwald 
Scott,

the "service" param is not defined in the CAS Protocol specs for the / 
logout phase, only "url" is defined.
See http://www.jasig.org/cas/protocol section 2.3.1.
Is your suggested "service" param on /logout a JA-SIG CAS 3 extension?

Thanks,
Robert

I now changed my logoutView.jsp to redirect on service or url param,  
if given.

Robert

>
>
>> When you call http://my.server.com/cas/logout you would do 
>> http://my.server.com/cas/logout?service=http://www.cnn.com 
>>  where cnn.com is wherever you want to redirect to.
>>
>> -Scott


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Login user from database

2009-02-14 Thread Robert Oschwald 
You don't need to develop an own auth handler, if  one of the jdbc  
handlers who come with cas are enough for your needs.


See http://www.ja-sig.org/wiki/display/CASUM/JDBC

Example:
Set the handler up in the deployerConfigContext.xml file:




 
   class 
= 
"org 
..jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
yourUserTableNameproperty>
yourUsernameFieldNamevalue>
yourPwFieldNameproperty>





  


   
 




class="org.apache.commons.dbcp.BasicDataSource">

  
com.mysql.jdbc.Driver
  
  
jdbc:mysql://localhost:3306/mydb
  
  
yourDBUserName
  
  
   yourDBPassword
  




Bye, Robert

Am 13.02.2009 um 18:46 schrieb Vinicius Borges:


Hi everybody,

I want to login only users that are in a database. So, where and  
what I have to change to do it?

There's a class in cas-server that I have to develop?

thanks
--
You are currently subscribed to cas-user@lists.jasig.org as: 
robertoschw...@yahoo.de
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user




--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] how to set up cas 3 logout redirect

2009-02-13 Thread Robert Oschwald 
Scott,

shouldn't it be http://my.server.com/cas/logout?url=http://www.cnn.com ?

Robert

Am 13.02.2009 um 15:53 schrieb Scott Battaglia:

> When you call http://my.server.com/cas/logout you would do 
> http://my.server.com/cas/logout?service=http://www.cnn.com 
>  where cnn.com is wherever you want to redirect to.
>
> -Scott
>
>
>
> On Fri, Feb 13, 2009 at 9:49 AM, zhang li  wrote:
> Hi,
>
> I'm using CAS 3.3.1 server on my Windows 2003 server.
> I want to redirect to another URL after the user logs out.
> Now I've set "followServiceRedirects" to be true in the
> cas-servlet.xml as following:
>
>p:centralAuthenticationService- 
> ref="centralAuthenticationService"
>   p:logoutView="casLogoutView"
>   p:warnCookieGenerator-ref="warnCookieGenerator"
>   p:ticketGrantingTicketCookieGenerator- 
> ref="ticketGrantingTicketCookieGenerator"
>   p:followServiceRedirects="true" />
>  Then where do I put the redirection URL ?
>
>
> Thanks.
>
>
> Li
>
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> robertoschw...@yahoo.de
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] java cas client on linux

2009-02-09 Thread Robert Oschwald 

But I don't see any cas client logs in the mail you sent.
There must be debug/trace logs for the cas clients serviceValidate  
requests.


Please check your cas clients debug log settings.

Robert

Am 09.02.2009 um 10:15 schrieb ::SammyRulez:::


they are on the same server. The mentioned redirect to

https://liber.lit.trend.it:9443/Profile_Web_two/j_acegi_cas_security_check?ticket=ST-4-c7digmz2ZRawvDuNnsU7EOFzBbgXnhg6bhz-20

goes directly to the access denied page

2009/2/9 Robert Oschwald :

That seems to be the log for the CAS server, only.
What about the CAS client log?

Robert

Am 09.02.2009 um 09:45 schrieb ::SammyRulez:::


Nothing more than the debug level. Here the  log



2009-02-09 09:43:29,943 DEBUG
[org.acegisecurity.adapters.cas3.CasAuthenticationHandler]
Authentication request for admin_profile successful.
2009-02-09 09:43:29,943 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl]
AuthenticationHandler:
org.acegisecurity.adapters.cas3.CasAuthenticationHandler  
successfully

authenticated the user which provided the following credentials:
admin_profile
2009-02-09 09:43:29,943 DEBUG
[org
.jasig
.cas
.authentication
.principal.UsernamePasswordCredentialsToPrincipalResolver]
Creating SimplePrincipal for [admin_profile]
2009-02-09 09:43:29,945 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Added ticket
[TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50] to registry.
2009-02-09 09:43:29,945 DEBUG
[org.springframework.web.util.CookieGenerator] Removed cookie with
name [CASPRIVACY]
2009-02-09 09:43:29,945 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] Action
'AuthenticationViaFormAction' completed execution; result is  
'success'

2009-02-09 09:43:29,945 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] Action
'SendTicketGrantingTicketAction' beginning execution
2009-02-09 09:43:29,946 DEBUG
[org.springframework.web.util.CookieGenerator] Added cookie with  
name

[CASTGC] and value [TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50]
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] Action
'SendTicketGrantingTicketAction' completed execution; result is
'success'
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.HasServiceCheckAction] Action
'HasServiceCheckAction' beginning execution
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.HasServiceCheckAction] Action
'HasServiceCheckAction' completed execution; result is 'hasService'
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] Action
'GenerateServiceTicketAction' beginning execution
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Attempting to
retrieve ticket [TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50]
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Ticket
[TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50] found in registry.
2009-02-09 09:43:29,958 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Added ticket
[ST-3-MfKeiUVktxcERr1Ve963c90uR6wiwJ5vqVA-20] to registry.
2009-02-09 09:43:29,958 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] Granted service
ticket [ST-3-MfKeiUVktxcERr1Ve963c90uR6wiwJ5vqVA-20] for service

[https://liber.lit.trend.it:9443/Profile_Web_two/j_acegi_cas_security_check 
]

for user [admin_profile]
2009-02-09 09:43:29,958 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] Action
'GenerateServiceTicketAction' completed execution; result is  
'success'

2009-02-09 09:43:29,958 DEBUG [org.jasig.cas.web.flow.WarnAction]
Action 'WarnAction' beginning execution
2009-02-09 09:43:29,958 DEBUG [org.jasig.cas.web.flow.WarnAction]
Action 'WarnAction' completed execution; result is 'redirect'
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.DispatcherServlet] Rendering view
[org.springframework.web.servlet.view.RedirectView: unnamed; URL

[https://liber.lit.trend.it:9443/Profile_Web_two/j_acegi_cas_security_check;jsessionid=FEB7BA97D2396C68E97A55192D589862?ticket=ST-3-MfKeiUVktxcERr1Ve963c90uR6wiwJ5vqVA-20 
]]

in DispatcherServlet with name 'cas'
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.view.RedirectView] Rendering view
with name 'null' with model null and static attributes {}
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.DispatcherServlet] Cleared
thread-bound request context:
org.apache.catalina.connector.requestfac...@ed8363
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.DispatcherServlet] Successfully
completed request
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.context.support.XmlWebApplicationContext]
Publishing event in context
[org 
.springframework 
.web.context.support.xmlwebapplicationcont...@f0761a]:

ServletRequestHandledEvent: url=[/PRJ_CAS_Web/login];
cli

Re: [cas-user] java cas client on linux

2009-02-09 Thread Robert Oschwald 

That seems to be the log for the CAS server, only.
What about the CAS client log?

Robert

Am 09.02.2009 um 09:45 schrieb ::SammyRulez:::


Nothing more than the debug level. Here the  log



2009-02-09 09:43:29,943 DEBUG
[org.acegisecurity.adapters.cas3.CasAuthenticationHandler]
Authentication request for admin_profile successful.
2009-02-09 09:43:29,943 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl]
AuthenticationHandler:
org.acegisecurity.adapters.cas3.CasAuthenticationHandler successfully
authenticated the user which provided the following credentials:
admin_profile
2009-02-09 09:43:29,943 DEBUG
[org
.jasig
.cas
.authentication
.principal.UsernamePasswordCredentialsToPrincipalResolver]
Creating SimplePrincipal for [admin_profile]
2009-02-09 09:43:29,945 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Added ticket
[TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50] to registry.
2009-02-09 09:43:29,945 DEBUG
[org.springframework.web.util.CookieGenerator] Removed cookie with
name [CASPRIVACY]
2009-02-09 09:43:29,945 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2009-02-09 09:43:29,945 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] Action
'SendTicketGrantingTicketAction' beginning execution
2009-02-09 09:43:29,946 DEBUG
[org.springframework.web.util.CookieGenerator] Added cookie with name
[CASTGC] and value [TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50]
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] Action
'SendTicketGrantingTicketAction' completed execution; result is
'success'
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.HasServiceCheckAction] Action
'HasServiceCheckAction' beginning execution
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.HasServiceCheckAction] Action
'HasServiceCheckAction' completed execution; result is 'hasService'
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] Action
'GenerateServiceTicketAction' beginning execution
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Attempting to
retrieve ticket [TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50]
2009-02-09 09:43:29,946 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Ticket
[TGT-3-IgL4GISq6ZWAbCPYdsrB77Y091WA3cyJaJw-50] found in registry.
2009-02-09 09:43:29,958 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] Added ticket
[ST-3-MfKeiUVktxcERr1Ve963c90uR6wiwJ5vqVA-20] to registry.
2009-02-09 09:43:29,958 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] Granted service
ticket [ST-3-MfKeiUVktxcERr1Ve963c90uR6wiwJ5vqVA-20] for service
[https://liber.lit.trend.it:9443/Profile_Web_two/j_acegi_cas_security_check 
]

for user [admin_profile]
2009-02-09 09:43:29,958 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] Action
'GenerateServiceTicketAction' completed execution; result is 'success'
2009-02-09 09:43:29,958 DEBUG [org.jasig.cas.web.flow.WarnAction]
Action 'WarnAction' beginning execution
2009-02-09 09:43:29,958 DEBUG [org.jasig.cas.web.flow.WarnAction]
Action 'WarnAction' completed execution; result is 'redirect'
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.DispatcherServlet] Rendering view
[org.springframework.web.servlet.view.RedirectView: unnamed; URL
[https://liber.lit.trend.it:9443/Profile_Web_two/j_acegi_cas_security_check;jsessionid=FEB7BA97D2396C68E97A55192D589862?ticket=ST-3-MfKeiUVktxcERr1Ve963c90uR6wiwJ5vqVA-20 
]]

in DispatcherServlet with name 'cas'
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.view.RedirectView] Rendering view
with name 'null' with model null and static attributes {}
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.DispatcherServlet] Cleared
thread-bound request context:
org.apache.catalina.connector.requestfac...@ed8363
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.servlet.DispatcherServlet] Successfully
completed request
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.context.support.XmlWebApplicationContext]
Publishing event in context
[org 
.springframework.web.context.support.xmlwebapplicationcont...@f0761a]:

ServletRequestHandledEvent: url=[/PRJ_CAS_Web/login];
client=[10.1.226.169]; method=[POST]; servlet=[cas];
session=[FEB7BA97D2396C68E97A55192D589862]; user=[null]; time=[472ms];
status=[OK]
2009-02-09 09:43:29,961 DEBUG
[org.springframework.web.context.support.XmlWebApplicationContext]
Publishing event in context
[org 
.springframework.web.context.support.xmlwebapplicationcont...@20463e]:

ServletRequestHandledEvent: url=[/PRJ_CAS_Web/login];
client=[10.1.226.169]; method=[POST]; servlet=[cas];
session=[FEB7BA97D2396C68E97A55192D589862]; user=[null]; time=[472ms];
status=[OK]


2009/2/9

Re: [cas-user] java cas client on linux

2009-02-09 Thread Robert Oschwald 
Try to set your log level to "trace". If it is a cert problem, you  
might get the error.


Robert
Am 09.02.2009 um 09:25 schrieb ::SammyRulez:::


yes, as I said the same exact setup works well on windows. I created
the cert following cas FAQ

2009/2/9 Robert Oschwald :

Have you added the cert to your Java Keystore?

Robert

Am 09.02.2009 um 09:00 schrieb ::SammyRulez:::


Hi folks

I have a problem with cas client on Linux. (Sun jdk 1.6 jboss 4.0.5
GA, acegi on client side) Cas server authentication goes well but  
when

redirected to the client web app something goes wrong and the
authentication page is displayed. Even with log at debug level no
error is traced. The same exact setup works on both win xp and win
server 2003. I sense that the problem is the ticket validation. I  
use
a self signed certificate. How could I trace the cause of this  
issue?


Thanks

Sam

--
You are currently subscribed to cas-user@lists.jasig.org as:
robertoschw...@yahoo.de
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user




--
You are currently subscribed to cas-user@lists.jasig.org as:
sammyru...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user



--
You are currently subscribed to cas-user@lists.jasig.org as: 
robertoschw...@yahoo.de
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user




--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] java cas client on linux

2009-02-09 Thread Robert Oschwald 

Have you added the cert to your Java Keystore?

Robert

Am 09.02.2009 um 09:00 schrieb ::SammyRulez:::


Hi folks

I have a problem with cas client on Linux. (Sun jdk 1.6 jboss 4.0.5
GA, acegi on client side) Cas server authentication goes well but when
redirected to the client web app something goes wrong and the
authentication page is displayed. Even with log at debug level no
error is traced. The same exact setup works on both win xp and win
server 2003. I sense that the problem is the ticket validation. I use
a self signed certificate. How could I trace the cause of this issue?

Thanks

Sam

--
You are currently subscribed to cas-user@lists.jasig.org as: 
robertoschw...@yahoo.de
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user




--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user