Re:[cas-user] CAS Training

[Vipin Jain]

do you think people may come for this training.

On Sun, Jul 1, 2012 at 10:55 PM, Vipin Jain  wrote:

> Hello Everyone,
>
> Just checking with everyone, will anyone be ready to get trained on SSO
> concepts and CAS SSO system.
>
> I want to be trained on the same.
>
> Thanks
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Training

[Vipin Jain]

Hello Everyone,

Just checking with everyone, will anyone be ready to get trained on SSO
concepts and CAS SSO system.

I want to be trained on the same.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re:[cas-user] vBulletin CAS SSO

[Vipin Jain]

 Thanks Guys.

Can you please help me with how do I do the same with vBulletin.

Thanks

On Thursday, June 28, 2012, Joachim Fritschi wrote:

> Hi Rex,
>
> your statement was true until the version 1.2.0.
>
> Phpcas now has the ability to integrate into the sessions of other app
> much better. If that does not work you also have the ability to hook your
> own code into phpcas during authentication [1] and upon recieving a logout
> call[2]. This has already been helpful for other projects[3/4] to enable
> single sign out for very specific setups.
>
> The code docs should pretty much explain the way forward. There should
> also be some the jira issue that explains it a bit. [5]
>
> I'm sensing a documentation and example possibility :D
>
> Regards,
>
> Joachim
>
> [1]http://downloads.jasig.org/**cas-clients/php/current/docs/**
> api/group__internalBehave.**html#**ga41c4204c3ab191548f1ae48984f7**3848<http://downloads.jasig.org/cas-clients/php/current/docs/api/group__internalBehave.html#ga41c4204c3ab191548f1ae48984f73848>
>
> [2]http://downloads.jasig.org/**cas-clients/php/current/docs/**
> api/group__internalBehave.**html#**ga61a82c256483dff20a09cd9ca9c3**3a62<http://downloads.jasig.org/cas-clients/php/current/docs/api/group__internalBehave.html#ga61a82c256483dff20a09cd9ca9c33a62>
>
> [3]http://www.mediawiki.org/**wiki/Extension_talk:**CASAuthentication<http://www.mediawiki.org/wiki/Extension_talk:CASAuthentication>
> [4]http://drupal.org/node/**1077910 <http://drupal.org/node/1077910>
> [5]https://issues.jasig.org/**browse/PHPCAS-76<https://issues.jasig.org/browse/PHPCAS-76>
>
>
>
> On 27.06.2012 18:32, Rex Posadas wrote:
>
>> Are you experiencing any issues? One of the developers in my team
>> successfully integrated vBulletin and CAS. He used the phpCAS library.
>>
>> One caveat being Single Sign On works, but not Single Sing Out. phpCAS,
>> AFAIK, only supports Single Sign Out if you let the library handle the
>> session – which was not possible for us.
>>
>> *From:*Vipin Jain [mailto:vjsat...@gmail.com]
>> *Sent:* Wednesday, June 27, 2012 9:15 AM
>> *To:* cas-user@lists.jasig.org
>> *Subject:* Re: [cas-user] vBulletin CAS SSO
>>
>> Thanks,
>>
>> I will work on the links you have provided and let you know the updates.
>>
>> On Wed, Jun 27, 2012 at 7:29 PM, Aaron Grant > <mailto:asgr...@oakland.edu>> wrote:
>>
>> I was researching this a while ago, although I couldn't find anything
>> for the new 4.x version of vBulletin, it does look like a few folks
>> were attempting this though:
>>
>> http://www.vbulletin.org/**forum/showthread.php?t=214611&**
>> highlight=central+**authentication+service<http://www.vbulletin.org/forum/showthread.php?t=214611&highlight=central+authentication+service>
>> <http://www.vbulletin.org/**forum/showthread.php?t=214611&**
>> highlight=central+**authentication+service<http://www.vbulletin.org/forum/showthread.php?t=214611&highlight=central+authentication+service>
>> >
>> https://www.vbulletin.com/**forum/showthread.php/345107-**
>> Could-I-apply-my-own-CAS-(**Central-Authentication-**
>> Service)-in-vBulletin<https://www.vbulletin.com/forum/showthread.php/345107-Could-I-apply-my-own-CAS-(Central-Authentication-Service)-in-vBulletin>
>>
>>
>>
>> On Wed, Jun 27, 2012 at 9:09 AM, Marvin S. Addison
>> mailto:marvin.addi...@gmail.com>> wrote:
>>  >> Guys, any update on this...
>>  >
>>  >
>>  > Guess not. I'm not aware of any specific documentation about CAS and
>>  > vBulletin. Looks like it's a PHP app, which is a good sign since
>> phpCAS has
>>  > a solid track record for integrating PHP apps generally. As for the
>>  > details, you may have to work them out yourself, but I would
>> encourage you
>>  > to share with the community upon completion.
>>  >
>>  >
>>  > M
>>  >
>>  > --
>>  > You are currently subscribed to cas-user@lists.jasig.org
>> <mailto:cas-user@lists.jasig.org> as:
>>
>>  > asgr...@oakland.edu <mailto:asgr...@oakland.edu>
>>
>>  > To unsubscribe, change settings or access archives, see
>>  > 
>> http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org
>> <mailto:cas-user@lists.jasig.org> as: vjsat...@gmail.com
>> <mailto:vjsat...@gmail.com>
>> To unsubscribe, change settings or access archi

Re: [cas-user] vBulletin CAS SSO

[Vipin Jain]

I am trying to start today.

Can you please help me with this. Can you please let me know the whole
process and how was this implemented.

Thanks a lot for this.


On Wed, Jun 27, 2012 at 10:02 PM, Rex Posadas wrote:

> Are you experiencing any issues?  One of the developers in my team
> successfully integrated vBulletin and CAS.  He used the phpCAS library. **
> **
>
> ** **
>
> One caveat being Single Sign On works, but not Single Sing Out. phpCAS,
> AFAIK, only supports Single Sign Out if you let the library handle the
> session – which was not possible for us.
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Vipin Jain [mailto:vjsat...@gmail.com]
> *Sent:* Wednesday, June 27, 2012 9:15 AM
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] vBulletin CAS SSO
>
> ** **
>
> Thanks,
>
> ** **
>
> I will work on the links you have provided and let you know the updates.**
> **
>
> ** **
>
> On Wed, Jun 27, 2012 at 7:29 PM, Aaron Grant  wrote:*
> ***
>
> I was researching this a while ago, although I couldn't find anything
> for the new 4.x version of vBulletin, it does look like a few folks
> were attempting this though:
>
>
> http://www.vbulletin.org/forum/showthread.php?t=214611&highlight=central+authentication+service
>
> https://www.vbulletin.com/forum/showthread.php/345107-Could-I-apply-my-own-CAS-(Central-Authentication-Service)-in-vBulletin
> 
>
>
>
> On Wed, Jun 27, 2012 at 9:09 AM, Marvin S. Addison
>  wrote:
> >> Guys, any update on this...
> >
> >
> > Guess not.  I'm not aware of any specific documentation about CAS and
> > vBulletin.  Looks like it's a PHP app, which is a good sign since phpCAS
> has
> > a solid track record for integrating PHP apps generally.  As for the
> > details, you may have to work them out yourself, but I would encourage
> you
> > to share with the community upon completion.
> >
> >
> > M
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
>
> > asgr...@oakland.edu
>
> > To unsubscribe, change settings or access archives, see
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> ** **
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> rex.posa...@gazillion.com
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] vBulletin CAS SSO

[Vipin Jain]

Thanks,

I will work on the links you have provided and let you know the updates.


On Wed, Jun 27, 2012 at 7:29 PM, Aaron Grant  wrote:

> I was researching this a while ago, although I couldn't find anything
> for the new 4.x version of vBulletin, it does look like a few folks
> were attempting this though:
>
>
> http://www.vbulletin.org/forum/showthread.php?t=214611&highlight=central+authentication+service
>
> https://www.vbulletin.com/forum/showthread.php/345107-Could-I-apply-my-own-CAS-(Central-Authentication-Service)-in-vBulletin
>
>
> On Wed, Jun 27, 2012 at 9:09 AM, Marvin S. Addison
>  wrote:
> >> Guys, any update on this...
> >
> >
> > Guess not.  I'm not aware of any specific documentation about CAS and
> > vBulletin.  Looks like it's a PHP app, which is a good sign since phpCAS
> has
> > a solid track record for integrating PHP apps generally.  As for the
> > details, you may have to work them out yourself, but I would encourage
> you
> > to share with the community upon completion.
> >
> >
> > M
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> > asgr...@oakland.edu
> > To unsubscribe, change settings or access archives, see
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re:[cas-user] vBulletin CAS SSO

[Vipin Jain]

Guys, any update on this...

On Tue, Jun 26, 2012 at 3:00 PM, Vipin Jain  wrote:

> Hello Everyone,
>
> We are in a project where we need to enable SSO between CAS and vBulletin.
> Has anyone come across this and any pointers will be great.
>
> We use CAS for SSO with Liferay and Custom Java Apps now.
>
> Thanks
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] vBulletin CAS SSO

[Vipin Jain]

Hello Everyone,

We are in a project where we need to enable SSO between CAS and vBulletin.
Has anyone come across this and any pointers will be great.

We use CAS for SSO with Liferay and Custom Java Apps now.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] ProxyGrantingTicket

[Vipin Jain]

Hello Everyone.

I am working on a project with CAS. Just wanted to understand what is Proxy
Granting Ticket and how does it work.

What are the scenarios this can be used.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Issues with page refresh when CAS ticket is attached with URL

[Vipin Jain]

Hi Scott,

We are using Apache Module mod_auth_cas 1.0.9.1, Can you please help us if
we can do the same in Apache Module.

Thanks

On Thu, Feb 2, 2012 at 7:11 PM, Scott Battaglia
wrote:

> Depending on your CAS client, you can set it to redirect after ticket
> validation (which removes the ticket parameter).
>
>
> On Thu, Feb 2, 2012 at 8:39 AM, Chetna Pant  wrote:
>
>> Hi,
>>
>> We are using CAS to authenticate liferay portal. When it authenticates it
>> shows a ticket in the query string. When we refresh the page with the
>> ticket in the query string it gives a blank page. Is there any solution so
>> that we do not get the blank page on refresh?
>>
>>
>> --
>> Thanks & Regards,
>> Chetna Pant
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Automatic Login

[Vipin Jain]

Hi Andrew,

I did try to setup CAS NTLM but failed to. So set Liferay with NTLM and
then using CAS as trusted source for other Java applications.

Hi Marvin,

I agree with you Marvin, We have to trust the headers. I can also add a
validation code with the request and change the Trusted Authentication
Handler to check the Validation code. Let me know if we can do that.

Thanks

On Fri, Jan 27, 2012 at 9:31 PM, Tillinghast, Andrew P. <
atill...@conncoll.edu> wrote:

> It seems to me the safer was to handle this is to either enable an NTLM
> solution at the CAS side and then CAS enable Liferay, or to set up liferay
> as an OpenID provider and enable OpenID at the CAS side. Other then that
> you risk spoofing via the cookie data.
>
>  -Andrew
>
> On Jan 25, 2012, at 4:18 PM, Vipin Jain wrote:
>
> Thanks Marvin.
>
> Is it required to have only REMOTE_USER header or any other header is fine.
>
> How would i configure the  cookie for trust authentication. My plan is
> have the NTLM authentication done on Liferay side and then create a cookie
> which contains the user's name and then when anyone else accesses the CAS
> protected JAVA apps then it will read the header variable and automatically
> login.
>
> If it fails to parse the cookie then it will go to CAS Login Page.
>
> Please let me know
>
> On Wed, Jan 25, 2012 at 8:12 PM, Marvin Addison 
> wrote:
>
>> > Is it possible to have a script which can automatically login to CAS
>> Server
>> > if we getting the userid in the header variable.
>>
>> Sure it's possible.  This is typically called "remote user" or trust
>> authentication; see https://wiki.jasig.org/display/CASUM/Trusted for
>> more information.  Warning: you MUST carefully consider the components
>> providing the header such that the following criteria are met:
>>  - There is sufficient assurance that the authorized components are
>> the origin of the information.
>>  - You trust the information itself.
>>
>> Failure to meet the requirements above would reduce the security
>> provided by CAS to incidental at best.
>>
>> M
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> vjsat...@gmail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> atill...@conncoll.edu
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Automatic Login

[Vipin Jain]

Sure Marvin.
I was thinking to use the IP Validation or else can you please confirm if
we read it using the Header Variable.



On Fri, Jan 27, 2012 at 12:09 AM, Marvin Addison
wrote:

> > create a cookie which
> > contains the user's name and then when anyone else accesses the CAS
> > protected JAVA apps then it will read the header variable and
> automatically
> > login.
>
> How are you going to scope the cookie such that trusted applications,
> and _only_ trusted applications may access this cookie?  If you don't
> have a really good answer for that question, or don't understand why
> it's vitally important, I'd advise that you abandon this plan.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Automatic Login

[Vipin Jain]

Thanks Marvin.

Is it required to have only REMOTE_USER header or any other header is fine.

How would i configure the  cookie for trust authentication. My plan is have
the NTLM authentication done on Liferay side and then create a cookie which
contains the user's name and then when anyone else accesses the CAS
protected JAVA apps then it will read the header variable and automatically
login.

If it fails to parse the cookie then it will go to CAS Login Page.

Please let me know

On Wed, Jan 25, 2012 at 8:12 PM, Marvin Addison wrote:

> > Is it possible to have a script which can automatically login to CAS
> Server
> > if we getting the userid in the header variable.
>
> Sure it's possible.  This is typically called "remote user" or trust
> authentication; see https://wiki.jasig.org/display/CASUM/Trusted for
> more information.  Warning: you MUST carefully consider the components
> providing the header such that the following criteria are met:
>  - There is sufficient assurance that the authorized components are
> the origin of the information.
>  - You trust the information itself.
>
> Failure to meet the requirements above would reduce the security
> provided by CAS to incidental at best.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Automatic Login

[Vipin Jain]

Hello Everyone.

Is it possible to have a script which can automatically login to CAS Server
if we getting the userid in the header variable.

Thanks
Vipin Jain

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] NTLM CAS Setup

[Vipin Jain]

Hello Everyone,

We are setting up the NTLM setup on CAS and facing the issue when we are
testing the kinit access.

Can you please help me what was the issue.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Domino SSO

[Vipin Jain]

Thanks Scott for the information.

Andrew,

Can you please let me know if you can make the code available for Domino
Integration with CAS.

Thanks
Vipin

On Fri, Dec 30, 2011 at 2:20 PM, Scott Battaglia
wrote:

> Vipin, that code is not currently part of CAS which is why you can't find
> it ;-)
>
> Andrew,  Is this code gong to be made available?
>
>
> On Thu, Dec 29, 2011 at 10:23 PM, Vipin Jain  wrote:
>
>> Thanks Andrew for the details. Its really helpful.
>>
>> I am trying with CAS 3.4.3 but was not able to find
>> lotus-domino.properties file.
>>
>> Can you please let me know where i can find this file or should i make a
>> new one.
>>
>> Thanks
>> Vipin
>>
>> On Thu, Dec 29, 2011 at 9:16 PM, Andrew Petro  wrote:
>>
>>> Hi Vipin,
>>>
>>> For whatever it's worth, Unicon implemented CAS SSO into Lotus Domino
>>> iNotes for a client.
>>>
>>> Here's some documentation derived from that project:
>>>
>>>
>>> https://github.com/apetro/casify-lotus-domino-inotes/wiki/CasifyDominoLotusiNotes
>>>
>>> Kind regards,
>>>
>>> Andrew
>>>
>>>
>>>
>>> On Dec 27, 2011, at 1:10 PM, Vipin Jain wrote:
>>>
>>> > Hi All,
>>> >
>>> > We are implementing SSO for our client using CAS and now have to
>>> integrate with their Domino application.
>>> >
>>> > Do we have any CAS clients for it or has anybody implemented it.
>>> >
>>> > Please let me know about it.
>>> >
>>> > Thanks
>>> > Vipin
>>> >
>>> >
>>> >
>>> > --
>>> > You are currently subscribed to cas-user@lists.jasig.org as:
>>> ape...@unicon.net
>>> > To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> >
>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> vjsat...@gmail.com
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Domino SSO

[Vipin Jain]

Thanks Andrew for the details. Its really helpful.

I am trying with CAS 3.4.3 but was not able to find lotus-domino.properties
file.

Can you please let me know where i can find this file or should i make a
new one.

Thanks
Vipin

On Thu, Dec 29, 2011 at 9:16 PM, Andrew Petro  wrote:

> Hi Vipin,
>
> For whatever it's worth, Unicon implemented CAS SSO into Lotus Domino
> iNotes for a client.
>
> Here's some documentation derived from that project:
>
>
> https://github.com/apetro/casify-lotus-domino-inotes/wiki/CasifyDominoLotusiNotes
>
> Kind regards,
>
> Andrew
>
>
>
> On Dec 27, 2011, at 1:10 PM, Vipin Jain wrote:
>
> > Hi All,
> >
> > We are implementing SSO for our client using CAS and now have to
> integrate with their Domino application.
> >
> > Do we have any CAS clients for it or has anybody implemented it.
> >
> > Please let me know about it.
> >
> > Thanks
> > Vipin
> >
> >
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> ape...@unicon.net
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Domino SSO

[Vipin Jain]

Thanks Scott for the info.

Do you have any info on how to integrate Domino application with CAS for SSO.

Thanks



On Dec 29, 2011, at 2:44 PM, Scott Battaglia  wrote:

> I don't think anyone is actively working on it.  Again, the contributor name 
> listed there is Andrew Feller, who is no longer involved unfortunately.
> 
> 
> On Thu, Dec 29, 2011 at 2:27 PM, Vipin Jain  wrote:
> Thanks Scott for the reply.
> 
> I was referring to the below link
> 
> https://wiki.jasig.org/display/CASST/Lotus+Domino+SSO+Support
> 
> Can you please let me know who can help me with this.
> 
> Thanks
> 
> 
> 
> 
> On Dec 29, 2011, at 1:59 PM, Scott Battaglia  
> wrote:
> 
>> Sorry, I've never worked with Lotus Domino before.  Andrew Feller (who no 
>> longer works with CAS) is probably the person you were thinking of.
>> 
>> 
>> On Thu, Dec 29, 2011 at 10:06 AM, Vipin Jain  wrote:
>> 
>> Hi Scott,
>> 
>> Can you please help me with this. I think you were working on a similar 
>> project earlier.
>> 
>> Thanks
>> 
>> 
>> On Dec 27, 2011, at 7:18 PM, Vipin Jain  wrote:
>> 
>> > I am trying SSO with Lotus Domino Web applications.
>> >
>> >
>> >
>> > On Dec 27, 2011, at 6:18 PM, chaitanya velaga  wrote:
>> >
>> >> What is Domino application?
>> >>
>> >> Sent from mobile
>> >>
>> >> On Dec 27, 2011, at 1:10 PM, Vipin Jain  wrote:
>> >>
>> >>> Hi All,
>> >>>
>> >>> We are implementing SSO for our client using CAS and now have to 
>> >>> integrate with their Domino application.
>> >>>
>> >>> Do we have any CAS clients for it or has anybody implemented it.
>> >>>
>> >>> Please let me know about it.
>> >>>
>> >>> Thanks
>> >>> Vipin
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> >>> vela...@dlathe.com
>> >>> To unsubscribe, change settings or access archives, see 
>> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >>>
>> >>
>> >> --
>> >> You are currently subscribed to cas-user@lists.jasig.org as: 
>> >> vjsat...@gmail.com
>> >> To unsubscribe, change settings or access archives, see 
>> >> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >>
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> vjsat...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Domino SSO

[Vipin Jain]

Thanks Scott for the reply.

I was referring to the below link

https://wiki.jasig.org/display/CASST/Lotus+Domino+SSO+Support

Can you please let me know who can help me with this.

Thanks



On Dec 29, 2011, at 1:59 PM, Scott Battaglia  wrote:

> Sorry, I've never worked with Lotus Domino before.  Andrew Feller (who no 
> longer works with CAS) is probably the person you were thinking of.
> 
> 
> On Thu, Dec 29, 2011 at 10:06 AM, Vipin Jain  wrote:
> 
> Hi Scott,
> 
> Can you please help me with this. I think you were working on a similar 
> project earlier.
> 
> Thanks
> 
> 
> On Dec 27, 2011, at 7:18 PM, Vipin Jain  wrote:
> 
> > I am trying SSO with Lotus Domino Web applications.
> >
> >
> >
> > On Dec 27, 2011, at 6:18 PM, chaitanya velaga  wrote:
> >
> >> What is Domino application?
> >>
> >> Sent from mobile
> >>
> >> On Dec 27, 2011, at 1:10 PM, Vipin Jain  wrote:
> >>
> >>> Hi All,
> >>>
> >>> We are implementing SSO for our client using CAS and now have to 
> >>> integrate with their Domino application.
> >>>
> >>> Do we have any CAS clients for it or has anybody implemented it.
> >>>
> >>> Please let me know about it.
> >>>
> >>> Thanks
> >>> Vipin
> >>>
> >>>
> >>>
> >>> --
> >>> You are currently subscribed to cas-user@lists.jasig.org as: 
> >>> vela...@dlathe.com
> >>> To unsubscribe, change settings or access archives, see 
> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >>>
> >>
> >> --
> >> You are currently subscribed to cas-user@lists.jasig.org as: 
> >> vjsat...@gmail.com
> >> To unsubscribe, change settings or access archives, see 
> >> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >>
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Domino SSO

[Vipin Jain]

Hi Scott,

Can you please help me with this. I think you were working on a similar project 
earlier.

Thanks


On Dec 27, 2011, at 7:18 PM, Vipin Jain  wrote:

> I am trying SSO with Lotus Domino Web applications.
> 
> 
> 
> On Dec 27, 2011, at 6:18 PM, chaitanya velaga  wrote:
> 
>> What is Domino application?
>> 
>> Sent from mobile
>> 
>> On Dec 27, 2011, at 1:10 PM, Vipin Jain  wrote:
>> 
>>> Hi All,
>>> 
>>> We are implementing SSO for our client using CAS and now have to integrate 
>>> with their Domino application.
>>> 
>>> Do we have any CAS clients for it or has anybody implemented it.
>>> 
>>> Please let me know about it.
>>> 
>>> Thanks
>>> Vipin
>>> 
>>> 
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> vela...@dlathe.com
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> vjsat...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Domino SSO

[Vipin Jain]

I am trying SSO with Lotus Domino Web applications.



On Dec 27, 2011, at 6:18 PM, chaitanya velaga  wrote:

> What is Domino application?
> 
> Sent from mobile
> 
> On Dec 27, 2011, at 1:10 PM, Vipin Jain  wrote:
> 
>> Hi All,
>> 
>> We are implementing SSO for our client using CAS and now have to integrate 
>> with their Domino application.
>> 
>> Do we have any CAS clients for it or has anybody implemented it.
>> 
>> Please let me know about it.
>> 
>> Thanks
>> Vipin
>> 
>> 
>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> vela...@dlathe.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Domino SSO

[Vipin Jain]

Hi All,

We are implementing SSO for our client using CAS and now have to integrate with 
their Domino application.

Do we have any CAS clients for it or has anybody implemented it.

Please let me know about it.

Thanks
Vipin



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] mod_auth_cas xml parsing error

[Vipin Jain]

Hi Phil,

Thanks for the reply. I did a complete system cleanup and then downloaded 
Apache 2.2.23 and CAS 1.0.9.1.

I was able to configure the module after that.

Not sure why the problem came earlier.

Thanks for the help.

Thanks



On Dec 24, 2011, at 9:39 AM, Phil Ames  wrote:

> This unfortunately isn't enough to debug the problem.  Can you include all 
> the logs, or any additional information?  Are you redirected to your CAS 
> server to log in?  Does it redirect you back to the correct service URL?  Do 
> you see successful requests to the ticket validation URL on the CAS server?  
> Can you manually validate the ticket on the service validation URL and see 
> what the response should be?  What is the value of the "ticket=" parameter 
> after you are redirected (did you censor it below, or is it truly ***)? 
> 
> -Phil
> 
> On Fri, Dec 23, 2011 at 3:46 PM, Vipin Jain  wrote:
> Sure. Please find the below error
> 
> I cant copy the error so typing the whole error
> 
> Entering cas_authenticate()
> Modified r->args(old 'ticket=***',new'')
> entering getResponseFromServer()
> CAS Server "http://*";
> Validation Response:
> entering isValidCASTicket()
> MOD_AUTH_CAS: response =
> 
> MOD_AUTH_CAS: error retrieving XML document for CASv2 response: XML parser 
> error code: no element found (3)
> 
> Please let me know if you need any more information.
> 
> Thanks
> On Fri, Dec 23, 2011 at 3:42 PM, Phil Ames  wrote:
> Can you provide the debug output?
> 
> Please make sure that LogLevel is set to Debug for the Apache server in 
> conjunction with CASDebug On.
> 
> -Phil
> 
> On Fri, Dec 23, 2011 at 1:15 PM, Vipin Jain  wrote:
> Hi All,
> 
> We are facing a typical error with MOD_AUTH_CAS. We get a 401 error in the 
> browser and the below error in apache error log.
> 
> MOD_AUTH_CAS: error retrieving XML document for CASv2 response: XML parser 
> error code: no element found (3)
> 
> I have set the CASLoginURL, CASValidateURL, CASCookiePath, CASDebug. 
> CASCertificatePath.
> 
> Please let me know what can be the problem.
> 
> Thanks
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> modauth...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
>  -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> 
> 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> modauth...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] mod_auth_cas xml parsing error

[Vipin Jain]

Sure. Please find the below error

I cant copy the error so typing the whole error

Entering cas_authenticate()
Modified r->args(old 'ticket=***',new'')
entering getResponseFromServer()
CAS Server "http://*";
Validation Response:
entering isValidCASTicket()
MOD_AUTH_CAS: response =
MOD_AUTH_CAS: error retrieving XML document for CASv2 response: XML parser
error code: no element found (3)

Please let me know if you need any more information.

Thanks
On Fri, Dec 23, 2011 at 3:42 PM, Phil Ames  wrote:

> Can you provide the debug output?
>
> Please make sure that LogLevel is set to Debug for the Apache server in
> conjunction with CASDebug On.
>
> -Phil
>
> On Fri, Dec 23, 2011 at 1:15 PM, Vipin Jain  wrote:
>
>> Hi All,
>>
>> We are facing a typical error with MOD_AUTH_CAS. We get a 401 error in
>> the browser and the below error in apache error log.
>>
>> MOD_AUTH_CAS: error retrieving XML document for CASv2 response: XML
>> parser error code: no element found (3)
>>
>> I have set the CASLoginURL, CASValidateURL, CASCookiePath, CASDebug.
>> CASCertificatePath.
>>
>> Please let me know what can be the problem.
>>
>> Thanks
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> modauth...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] mod_auth_cas xml parsing error

[Vipin Jain]

Hi All,

We are facing a typical error with MOD_AUTH_CAS. We get a 401 error in the
browser and the below error in apache error log.

MOD_AUTH_CAS: error retrieving XML document for CASv2 response: XML parser
error code: no element found (3)

I have set the CASLoginURL, CASValidateURL, CASCookiePath, CASDebug.
CASCertificatePath.

Please let me know what can be the problem.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS SSL Error on Apache

[Vipin Jain]

Hi All,

We are using mod_auth_cas 1.0.9 on apache on linux and CAS installed on
JBOSS.

Whenever we try to proxy the URL to the CAS JBOSS SSL url from Apache. It
gives the below error


[Mon Dec 19 00:21:51 2011] [error] proxy: pass request body failed to
172.19.0.171:8443 (corpgptl01..com )
from 172.19.0.162 ()
[Mon Dec 19 00:44:18 2011] [error] (502)Unknown error 502: proxy: pass
request body failed to 172.19.0.171:8443
(corpgptl01.a
 
.com
)
[Mon Dec 19 00:44:18 2011] [error] [client 172.19.0.162] proxy: Error
during SSL Handshake with remote server returned by /cas
[Mon Dec 19 00:44:18 2011] [error] proxy: pass request body failed to
172.19.0.171:8443 (corpgptl01.

 
.com)
from 172.19.0.162 () Hi A

Can anyone please let me know what can be the problem.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Two Factor Authentication

[Vipin Jain]

Hi Marius,

Just wanted to check if you can please provide me the steps how to work on
login-webflow.xml.

Thanks
Vipin Jain

On Tue, Dec 6, 2011 at 2:18 PM, Vipin Jain  wrote:

> Hi Marius,
>
> Can you please help me setting up the login workflow. My understanding is
> that i have to a jsp and then
> have a new action state in the login-webflow.xml and then have  transition
> from realSubmit task.
>
> Please let me know if this is correct.
>
> Thanks
>
>
> On Sat, Dec 3, 2011 at 11:09 PM, Vipin Jain  wrote:
>
>> Thanks Marius.
>>
>> I an working on the custom login page and would integrate that in the
>> login flow.
>>
>> I may need ur help while configuring the login flow XML as I am new to
>> spring flow.
>>
>> Thanks again
>>
>> On Dec 3, 2011, at 9:28 AM, Marius  wrote:
>>
>> > Yes, custom JSP are for 2nd login page.
>> > To use the JSP in a login-webflow.xml you must register it as view in a
>> default_views.properties file. Then look at login-webflow.xml. There is
>> defined CAS authentication process. It is not very complex to modify the
>> process when you understand it. There is good article about it:
>> > http://www.jusfortechies.com/java/cas/architecture.php
>> >
>> > Best regards,
>> > Marius
>> >
>> > On 2011.12.02 22:21, Vipin Jain wrote:
>> >> Great Marius.
>> >>
>> >> Can you please help me with the spring web flow actions and cas login
>> >> flow. The custom JSP pages will be the 2nd login page right?
>> >>
>> >> Thanks
>> >>
>> >> On Fri, Dec 2, 2011 at 3:17 PM, Marius > >> <mailto:marius.seme...@gmx.com>> wrote:
>> >>
>> >>I've implemented two factor authentication with CAS.
>> >>I created custom JSP pages, Spring Web Flow actions and modified CAS
>> >>login web flow. I didn't find any other way to do it.
>> >>
>> >>Best regards,
>> >>Marius
>> >>
>> >>
>> >>On 2011.12.02 21:36, Marvin Addison wrote:
>> >>
>> >>I will start making a Custom authentication handler and then
>> >>i will return a
>> >>boolean from that.
>> >>
>> >>I have to include that in the deployerContextConfig right
>> >>and then refer
>> >>that in the LoginFlow.xml right?
>> >>
>> >>
>> >>Those sounds like first steps, yes.
>> >>
>> >>M
>> >>
>> >>
>> >>
>> >>--
>> >>You are currently subscribed to cas-user@lists.jasig.org
>> >><mailto:cas-user@lists.jasig.org> as: vjsat...@gmail.com
>> >><mailto:vjsat...@gmail.com>
>> >>To unsubscribe, change settings or access archives, see
>> >>http://www.ja-sig.org/wiki/__display/JSG/cas-user
>> >><http://www.ja-sig.org/wiki/display/JSG/cas-user>
>> >>
>> >>
>> >> --
>> >> You are currently subscribed to cas-user@lists.jasig.org as:
>> marius.seme...@gmx.com
>> >> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> >>
>> >
>> >
>> > --
>> > You are currently subscribed to cas-user@lists.jasig.org as:
>> vjsat...@gmail.com
>> > To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SSO at across multiple domains

[Vipin Jain]

Hi Marvin,

Can you please help us understand how the two factor authentication is setup 
without much hassle.

Thanks 

On Dec 9, 2011, at 1:38 PM, Marvin Addison  wrote:

>> Hi Marvin,
>> Did you get some time to read Field's article?
> 
> Finally got a change to skim it, and the design sounds the same or
> similar to what Anthony from University of Manchester (UK) described
> to me last year at the Spring Jasig conference.  They used this system
> design to implement two-factor authentication without heavily
> modifying CAS.  I thought it was pretty ingenious.
> 
> I realize your use case for this design is different, but hopefully
> the anecdote about U-Man indicates it's both flexible and in
> production at a couple places.
> 
> Hopefully the other folks addressed your questions adequately.  Speak
> up if you need more help.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Two Factor Authentication

[Vipin Jain]

Hi Marius,

Can you please help me setting up the login workflow. My understanding is
that i have to a jsp and then
have a new action state in the login-webflow.xml and then have  transition
from realSubmit task.

Please let me know if this is correct.

Thanks

On Sat, Dec 3, 2011 at 11:09 PM, Vipin Jain  wrote:

> Thanks Marius.
>
> I an working on the custom login page and would integrate that in the
> login flow.
>
> I may need ur help while configuring the login flow XML as I am new to
> spring flow.
>
> Thanks again
>
> On Dec 3, 2011, at 9:28 AM, Marius  wrote:
>
> > Yes, custom JSP are for 2nd login page.
> > To use the JSP in a login-webflow.xml you must register it as view in a
> default_views.properties file. Then look at login-webflow.xml. There is
> defined CAS authentication process. It is not very complex to modify the
> process when you understand it. There is good article about it:
> > http://www.jusfortechies.com/java/cas/architecture.php
> >
> > Best regards,
> > Marius
> >
> > On 2011.12.02 22:21, Vipin Jain wrote:
> >> Great Marius.
> >>
> >> Can you please help me with the spring web flow actions and cas login
> >> flow. The custom JSP pages will be the 2nd login page right?
> >>
> >> Thanks
> >>
> >> On Fri, Dec 2, 2011 at 3:17 PM, Marius  >> <mailto:marius.seme...@gmx.com>> wrote:
> >>
> >>I've implemented two factor authentication with CAS.
> >>I created custom JSP pages, Spring Web Flow actions and modified CAS
> >>login web flow. I didn't find any other way to do it.
> >>
> >>Best regards,
> >>Marius
> >>
> >>
> >>On 2011.12.02 21:36, Marvin Addison wrote:
> >>
> >>I will start making a Custom authentication handler and then
> >>i will return a
> >>boolean from that.
> >>
> >>I have to include that in the deployerContextConfig right
> >>and then refer
> >>that in the LoginFlow.xml right?
> >>
> >>
> >>Those sounds like first steps, yes.
> >>
> >>M
> >>
> >>
> >>
> >>--
> >>You are currently subscribed to cas-user@lists.jasig.org
> >><mailto:cas-user@lists.jasig.org> as: vjsat...@gmail.com
> >><mailto:vjsat...@gmail.com>
> >>To unsubscribe, change settings or access archives, see
> >>http://www.ja-sig.org/wiki/__display/JSG/cas-user
> >><http://www.ja-sig.org/wiki/display/JSG/cas-user>
> >>
> >>
> >> --
> >> You are currently subscribed to cas-user@lists.jasig.org as:
> marius.seme...@gmx.com
> >> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >>
> >
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Two Factor Authentication

[Vipin Jain]

Thanks Marius.

I an working on the custom login page and would integrate that in the login 
flow.

I may need ur help while configuring the login flow XML as I am new to spring 
flow.

Thanks again

On Dec 3, 2011, at 9:28 AM, Marius  wrote:

> Yes, custom JSP are for 2nd login page.
> To use the JSP in a login-webflow.xml you must register it as view in a 
> default_views.properties file. Then look at login-webflow.xml. There is 
> defined CAS authentication process. It is not very complex to modify the 
> process when you understand it. There is good article about it:
> http://www.jusfortechies.com/java/cas/architecture.php
> 
> Best regards,
> Marius
> 
> On 2011.12.02 22:21, Vipin Jain wrote:
>> Great Marius.
>> 
>> Can you please help me with the spring web flow actions and cas login
>> flow. The custom JSP pages will be the 2nd login page right?
>> 
>> Thanks
>> 
>> On Fri, Dec 2, 2011 at 3:17 PM, Marius > <mailto:marius.seme...@gmx.com>> wrote:
>> 
>>I've implemented two factor authentication with CAS.
>>I created custom JSP pages, Spring Web Flow actions and modified CAS
>>login web flow. I didn't find any other way to do it.
>> 
>>Best regards,
>>Marius
>> 
>> 
>>On 2011.12.02 21:36, Marvin Addison wrote:
>> 
>>I will start making a Custom authentication handler and then
>>i will return a
>>boolean from that.
>> 
>>I have to include that in the deployerContextConfig right
>>and then refer
>>that in the LoginFlow.xml right?
>> 
>> 
>>Those sounds like first steps, yes.
>> 
>>M
>> 
>> 
>> 
>>--
>>You are currently subscribed to cas-user@lists.jasig.org
>><mailto:cas-user@lists.jasig.org> as: vjsat...@gmail.com
>><mailto:vjsat...@gmail.com>
>>To unsubscribe, change settings or access archives, see
>>http://www.ja-sig.org/wiki/__display/JSG/cas-user
>><http://www.ja-sig.org/wiki/display/JSG/cas-user>
>> 
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> marius.seme...@gmx.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Two Factor Authentication

[Vipin Jain]

Great Marius.

Can you please help me with the spring web flow actions and cas login flow.
The custom JSP pages will be the 2nd login page right?

Thanks

On Fri, Dec 2, 2011 at 3:17 PM, Marius  wrote:

> I've implemented two factor authentication with CAS.
> I created custom JSP pages, Spring Web Flow actions and modified CAS login
> web flow. I didn't find any other way to do it.
>
> Best regards,
> Marius
>
>
> On 2011.12.02 21:36, Marvin Addison wrote:
>
>> I will start making a Custom authentication handler and then i will
>>> return a
>>> boolean from that.
>>>
>>> I have to include that in the deployerContextConfig right and then refer
>>> that in the LoginFlow.xml right?
>>>
>>
>> Those sounds like first steps, yes.
>>
>> M
>>
>>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/**display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Two Factor Authentication

[Vipin Jain]

Thanks Marvin.

I will start making a Custom authentication handler and then i will return
a boolean from that.

I have to include that in the deployerContextConfig right and then refer
that in the LoginFlow.xml right?

Thanks

On Fri, Dec 2, 2011 at 2:14 PM, Marvin Addison wrote:

> > Can you please give me a starting point which can help me understand how
> to
> > design the whole flow and integrate with CAS.
>
> A pointer is all we could provide because we ourselves do not know or
> cannot agree on what some of the vital workflows should be.  You'll
> need to consider the following:
>  - Login webflow
>  - Custom AuthenticationManager that handles pass/fail of individual
> authentication handlers (password, OTP)
>  - Means of communicating authentication method to services
>  - User experience
>
> The last point is by far the hardest.  For example, what happens when
> a user shows up to a service that demands a stronger authentication
> method than they used to start their SSO session?  A good UX would
> provide a graceful means to provide additional credentials to upgrade
> their LOA and transparently re-route the user to the
> originally-requested resource such that he or she can now access it.
>
> Good luck.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Two Factor Authentication

[Vipin Jain]

I agree with you. I have been working with CAS and have implemented with
one of our clients involving Liferay.

It went very well, This requirement is for a other client where we are
using CAS as a single layer authentication, Now we got a requirement to
implement two factor authentication.

Can you please give me a starting point which can help me understand how to
design the whole flow and integrate with CAS.

Thanks

On Fri, Dec 2, 2011 at 1:20 PM, Marvin Addison wrote:

> > Can you please explain us how to write a custom authentication handler
> and
> > then include that within the Login flow so that we have two levels of
> > authentication.
>
> That's a level of proficiency that you must cultivate on your own in
> order to develop and QA an advanced feature like multi-factor
> authentication.  Even the core developers and folks that have been
> affiliated with CAS for years are not entirely sure or in agreement
> over some of the UX factors involved with multi-factor.  This is
> advanced stuff and requires a commensurate amount of developer
> experience and expertise in order to develop in a secure and usable
> fashion.  You may consider an outside consultant to help with the
> project if you lack that expertise in house.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Two Factor Authentication

[Vipin Jain]

Thanks, It was helpful.

I understand that we have to write a Custom Authentication Handler.

We will have two levels of authentication

1. Default CAS Login Page
2. One Time Password where User will click a button which will send a Text
to his phone with the password and then the user will enter the same
password in the screen to login.

For the point no:2, We are thinking to use WIKID or Custom code which will
generate the token.

Can you please explain us how to write a custom authentication handler and
then include that within the Login flow so that we have two levels of
authentication.

Thanks

On Fri, Dec 2, 2011 at 12:45 PM, b savage  wrote:

> Hi,
>
> This thread may help you with what is possible:
>
>
> http://jasig.275507.n4.nabble.com/CAS-and-Two-factor-authentication-td2076003.html#a2124265
>
> Brian
>
> On Fri, Dec 2, 2011 at 12:22 PM, Vipin Jain  wrote:
>
>> Hi All,
>>
>> How can we include two factor authentication within the default CAS flow
>> and can we define that some URL's will have only Single Authentication,
>> Other will have two authentications.
>>
>> Please help
>>
>> Thanks
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> brianxsav...@gmail.com
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Two Factor Authentication

[Vipin Jain]

Hi All,

How can we include two factor authentication within the default CAS flow
and can we define that some URL's will have only Single Authentication,
Other will have two authentications.

Please help

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Login Flow Change

[Vipin Jain]

Hello All,

We have a requirement to have 2 level authentication with CAS. We are
thinking to create a new login page and then include it within the CAS
Login flow.

Is this possible with CAS?

Please let me know.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Lotus Notes Webmail SSO Configuration

[Vipin Jain]

Hi All,

Can we setup SSO between Lotus Notes Webmail and Liferay using CAS.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Gmail CAS Integration

[Vipin Jain]

Thanks Marvin. That was a nice information

On Fri, Nov 4, 2011 at 11:54 AM, Marvin Addison wrote:

> > Just wanted to know if we have to buy Google Apps or can we do it on
> public
> > gmail.
>
> As far as I know, the SAML2 authentication option used by CAS is only
> available for Google Apps domains.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Multiple AD Support

[Vipin Jain]

Hello All,

Does CAS support Multiple Active Directories, Our client has multiple ldap
repositories.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Gmail CAS Integration

[Vipin Jain]

Thanks Aaron.

Just wanted to know if we have to buy Google Apps or can we do it on public
gmail.



On Fri, Nov 4, 2011 at 9:35 AM, Aaron Fuleki  wrote:

> On Nov 4, 2011, at 9:09 AM, Vipin Jain wrote:
> > Can we integrate Gmail with CAS applicaiton. We have all email id's
> stored in the AD and they have to be signed into Gmail without their
> password.
>
>
> https://wiki.jasig.org/display/CASUM/SAML+2.0+%28Google+Accounts+Integration%29
>
> -Aaron
>
> -
> Aaron Fuleki
> Senior Web Architect
> Denison University
> 740.587.5752
> -
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Gmail CAS Integration

[Vipin Jain]

Hello All,

Can we integrate Gmail with CAS applicaiton. We have all email id's stored
in the AD and they have to be signed into Gmail without their password.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] logout page redirect

[Vipin Jain]

Which module of CAS you are using?

On May 12, 2011, at 1:38 PM, Jorge Infante Osorio  wrote:

> Hi all.
> 
> It´s possible that the logout action in all my applications protected by
> CAS, after send me to the logout page of CAS automatically redirect me to
> another page, for example the login page of CAS or another else page.
> 
> We don’t want to see the logout page of CAS in the final solution.
> 
> Thanks, 
> Ing. Jorge Infante Osorio.
> J´Dpto Soluciones SOA.
> CDAE.
> UCI
> 
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Pre Built VM

[Vipin Jain]

Hi everyone,

any feedback on this.

do we think CAS Pre Built VM's would work for Testing environment.

Thanks

2011/4/17 Michael Ströder 

> Marvin Addison wrote:
> >> Let me know what can we do to take it forward.
> >
> > We need answers from the community about whether they can deploy
> > VMs/appliances to production environments.
>
> For security reasons I wouldn't deploy pre-built VMs in production.
>
> >> I have built a simple VM with Ubuntu, Tomcat, CAS, OpenDJ and Apache.
> >
> > Do you mean Apache OpenDS for the LDAP backend?
>
> Probably he didn't mean that: OpenDJ is not Apache DS!
>
> Ciao, Michael.
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Pre Built VM

[Vipin Jain]

Sure I agree with you.

I only used Apache for using mod_auth_cas, mod_proxy module and we can 
remote_user for integrating appln.

thanks

On Apr 16, 2011, at 10:40 AM, Marvin Addison  wrote:

>> Let me know what can we do to take it forward.
> 
> We need answers from the community about whether they can deploy
> VMs/appliances to production environments.  I want to know whether
> we're creating resources for testing and evaluation or deployment
> resources for production environments.  Those two cases have
> dramatically different requirements.
> 
>> I have built a simple VM with Ubuntu, Tomcat, CAS, OpenDJ and Apache.
> 
> Do you mean Apache OpenDS for the LDAP backend?  If Apache on the end
> refers to the httpd Web server, I would argue it has no place in the
> mix for a pure CAS deployment.  The native connectors for Tomcat are
> built on top of APR/OpenSSL and provide better performance than
> httpd+mod_X for all cases of X (jk, proxy, whatever) that I'm aware
> of.
> 
> I sincerely don't mean to start an argument about what set of
> components is best, but I do want to point out that different folks
> have different ideas of the ideal component set needed for production
> environments.  I'm strongly of the opinion that Apache httpd only adds
> complexity with no consequent benefits, but I realize many folks are
> not of the same opinion.  We will want to provide a justifiably ideal
> component set if we're endeavoring to build VMs for production
> deployments.  On the other hand, no one will care about our choice of
> components, as long as they're reasonable, if the VMs are intended
> primarily for evaluating CAS.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Pre Built VM

[Vipin Jain]

Thanks Marvin for the reply.

Let me know what can we do to take it forward.

I have built a simple VM with Ubuntu, Tomcat, CAS, OpenDJ and Apache.



On Apr 16, 2011, at 10:11 AM, Marvin Addison  wrote:

> I think there's value in this work for sure, but I'm interested to
> know exactly what the value is.  If we provided VM images, would you
> deploy them to your VM infrastructure?  Is it even possible for an
> arbitrary VM infrastructure?  We use a mix of Xen and VMWare ESX, and
> I'm genuinely curious whether we could deploy an OVF appliance to that
> framework without modification.  OVF seems a good target format since
> it's open and designed for such a use case, but I'm interested in
> other target formats that may be equally or possibly more desirable.
> 
> My interest in this work is more than curiosity.  I've developed a set
> of VM images that demonstrate a HA setup for CAS using a virtualized
> hardware load balancer, clustered servers using Memcached for the
> ticket registry, and JBoss w/JBoss Cache for a clustered client setup.
> The intention at present is to provide a resource to developers to
> develop and test features intended for HA environments, but I imagine
> that with refinement this work could be something that folks could
> actually deploy.  There are a _lot_ of questions about how to do this
> in a way that folks would fine useful, but I'm eager to begin the
> discussion.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Pre Built VM

[Vipin Jain]

I was working last night to create a prebuilt VM with all Open Source stuff
and i thought we can help all developers with this VM so that we dont have
go with the hassle of installing/configuring the base CAS infrastructure.

Please let me know your thoughts about this, so that we can have different
options as per developers requirement and also help the community.

*This are the conponents i installed*
Ubuntu 10.10
OpenDJ
CAS 3.4.3
Apache 2.0.64


On Tue, Mar 29, 2011 at 10:52 AM, Andrew Petro  wrote:

> Matt,
>
> I noticed this email and have forwarded it to cas-steer for discussion of
> what the CAS Steering Committee would consider. :)
>
> Without that discussion having happened, I'm not prepared to speak
> authoritatively to what additional strategic effort, coordination, calories
> the CAS Steering Committee might be willing to consider applying.
>
> I will however note that in some ways this is less a question of whom Jasig
> and cas-steer would consider working with, and more a matter of who would
> consider working with the CAS community.  CAS is free and open source
> software with a simple, well-documented protocol, an extensible modular
> implementation, and most importantly, a community of developers and
> participants with a justly-earned reputation for friendliness. When
> providers of SSO-as-a-service apply effort and engage with the CAS community
> to enhance the CAS support of their products and services, I'd expect they'd
> get supportive responses on the lists and elsewhere as most other comers
> have, and I'd expect they could be quite successful in CAS-integrating their
> products.
>
> I appreciate that's not quite what you asked, though.  Your question seems
> to go more to the strategic value to Jasig and to CAS in instigating this
> kind of support for the CAS protocol in these products and services.  It's a
> worthwhile strategic question, one I'll take up with the CAS Steering
> Committee, which doesn't preclude further discussion here as well.
>
> Thanks for bringing it up.
>
> Andrew
>
>
>
>
> On 03/29/2011 08:22 AM, Smith, Matthew J. wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Would JASIG or the CAS Steering Committee (or whomever is appropriate)
>> consider working with an existing authentication provider like
>> http://www.protectnetwork.org/ to offer the CAS protocol as an
>> additional authentication service?  ProtectNetwork today advertises
>> "Open standards compliant: Shibboleth, SAML, OpenID", so they are
>> already multi-protocol.
>>
>> - -Matt
>>
>> On 03/28/2011 03:55 PM, Marvin Addison wrote:
>>
>>> I was thinking if we can start CAS on Cloud then it would very
 easier for any developer to test and learn CAS.

>>> Sounds great except "cloud" is far too vague in terms of both
>>> provisioning and consumption. Practically speaking, who would
>>> host this offering?
>>>
>>> What features should this cloud offering provide? (I assume the
>>> cloud offering is strictly for demonstration and evaluation). The
>>> most common features needed by deployers:
>>>
>>> - Username/password authentication with LDAP backend -
>>> JpaTicketRegistry for ticket storage/registered services
>>> (Memcached comes in second by my very unofficial scorekeeping)
>>>
>>> Anything else?
>>>
>>> M
>>>
>>>
>> - -- Matthew J. Smith
>> University of Connecticut UITS
>> matt.sm...@uconn.edu
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.10 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAk2RzyIACgkQGER0Au6g8xBUiACg5WVE+P09Cy25jPi5gIct2kW9
>> 1q0AoLKHCMaMprn2QWtKudbfP9zkDFoJ
>> =Ou5b
>> -END PGP SIGNATURE-
>>
>>
>>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS on the Cloud Service

[Vipin Jain]

Yes Marc.

I was thinking to have a demo environment where deployers can test their
scenarios.


  - Username/password authentication with LDAP backend - This one would work
  - JpaTicketRegistry for ticket storage/registered services (Memcached
comes in second by my very unofficial scorekeeping) -  I am not sure about
this.



On Mon, Mar 28, 2011 at 3:55 PM, Marvin Addison wrote:

> > I was thinking if we can start CAS on Cloud then it would very easier for
> > any developer to test and learn CAS.
>
> Sounds great except "cloud" is far too vague in terms of both
> provisioning and consumption.  Practically speaking, who would host
> this offering?
>
> What features should this cloud offering provide?  (I assume the cloud
> offering is strictly for demonstration and evaluation).  The most
> common features needed by deployers:
>
>  - Username/password authentication with LDAP backend
>  - JpaTicketRegistry for ticket storage/registered services (Memcached
> comes in second by my very unofficial scorekeeping)
>
> Anything else?
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS on the Cloud Service

[Vipin Jain]

Hello All,

I was thinking if we can start CAS on Cloud then it would very easier for
any developer to test and learn CAS.

Please let me know your thoughts.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SSO with CAS and reverse proxy

[Vipin Jain]

can you please let me know the exact issue and what is the current
configuration

On Fri, Mar 25, 2011 at 1:12 PM, Jorge Infante Osorio wrote:

> Vipin:
>
>
>
> Can you help me in this?  I need the general configuration of reverse
> proxy.
>
>
>
> Jorge.
>
>
>
> *De:* Vipin Jain [mailto:vjsat...@gmail.com]
> *Enviado el:* viernes, 25 de marzo de 2011 12:55
> *Para:* cas-user@lists.jasig.org
> *Asunto:* Re: [cas-user] SSO with CAS and reverse proxy
>
>
>
> i have done this with Liferay and Websphre in front of Apache as Reveree
> Proxy
>
> On Fri, Mar 25, 2011 at 12:04 PM, Jorge Infante Osorio 
> wrote:
>
> Hi all.
>
>
>
> I have configure an Apache reverse proxy to pass Request to a Liferay
> Portal and an Application in PHP. This work just well.
>
> By the another hand I have implemented the SSO functionality using CAS to
> authenticate users in Liferay and in the another application.
>
>
>
> The problem is that when I combine the reverse proxy with SSO the
> request/response are missing and the scenario don´t work.
>
>
>
> Anyone have this scenario implemented?
>
>
>
> Thanks,
>
> Ing. Jorge Infante Osorio.
>
> J´Dpto Soluciones SOA.
>
> CDAE.
>
> UCI
>
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: jorg...@uci.cu
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SSO with CAS and reverse proxy

[Vipin Jain]

i have done this with Liferay and Websphre in front of Apache as Reveree
Proxy

On Fri, Mar 25, 2011 at 12:04 PM, Jorge Infante Osorio wrote:

> Hi all.
>
>
>
> I have configure an Apache reverse proxy to pass Request to a Liferay
> Portal and an Application in PHP. This work just well.
>
> By the another hand I have implemented the SSO functionality using CAS to
> authenticate users in Liferay and in the another application.
>
>
>
> The problem is that when I combine the reverse proxy with SSO the
> request/response are missing and the scenario don´t work.
>
>
>
> Anyone have this scenario implemented?
>
>
>
> Thanks,
>
> Ing. Jorge Infante Osorio.
>
> J´Dpto Soluciones SOA.
>
> CDAE.
>
> UCI
>
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Precompiled mod_auth_cas for Linux

[Vipin Jain]

Thanks Robert

Can I have a copy of it with Apache on Redhat Linux

Thanks

On Feb 16, 2011, at 5:31 PM, "Marti, Robert"  wrote:

> Sorry - I just pinged and asked him - he's planning on continuing to maintain 
> and has a co-maintainer, so it should be fine to use the EPEL packages.
> 
> Rob Marti
> 
>> -Original Message-
>> From: Marti, Robert [mailto:rjm...@shsu.edu]
>> Sent: Wednesday, February 16, 2011 4:16 PM
>> To: cas-user@lists.jasig.org
>> Subject: RE: [cas-user] Precompiled mod_auth_cas for Linux
>> 
>> Just a note - the person that was packaging this used to work with me.  He
>> has changed jobs and may not maintain the package as his new job doesn't
>> require it.
>> 
>> Rob Marti
>> 
>>> -Original Message-
>>> From: Smith, Matthew J. [mailto:matt.sm...@uconn.edu]
>>> Sent: Wednesday, February 16, 2011 4:01 PM
>>> To: cas-user@lists.jasig.org
>>> Subject: RE: [cas-user] Precompiled mod_auth_cas for Linux
>>> 
>>> We do not provide any binaries for mod_auth_cas ourselves, but it
>>> should compile without problem on RH with Apache 2.0.  If it does not,
>>> please let us know.
>>> 
>>> Google tells me that RPMs are available from the Fedora Project.  If
>>> you try these, please let us know how they work for you:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=516284
>>> https://admin.fedoraproject.org/pkgdb/acls/name/mod_auth_cas
>>> 
>>> Thanks,
>>> -Matt
>>> 
>>> Matthew J. Smith
>>> University of Connecticut UITS
>>> matt.sm...@uconn.edu
>>> 
>>> From: Vipin Jain [vjsat...@gmail.com]
>>> Sent: Wednesday, February 16, 2011 1:22 PM
>>> To: cas-user@lists.jasig.org
>>> Subject: [cas-user] Precompiled mod_auth_cas for Linux
>>> 
>>> Hello All,
>>> 
>>> Do we have a precompiled mod_auth_cas.so for Apache 2.0 on Redhat
>> Linux.
>>> 
>>> Thanks
>>> Vipin
>>> 
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> matt.sm...@uconn.edu To unsubscribe, change settings or access
>>> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> 
>>> 
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> r...@shsu.edu To unsubscribe, change settings or access archives, see
>>> http://www.ja- sig.org/wiki/display/JSG/cas-user
>> 
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: r...@shsu.edu To
>> unsubscribe, change settings or access archives, see http://www.ja-
>> sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Precompiled mod_auth_cas for Linux

[Vipin Jain]

Hello All,

Do we have a precompiled mod_auth_cas.so for Apache 2.0 on Redhat Linux.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Single Sign on Timeout Apache

[Vipin Jain]

Thanks for replying

I did that and it works as expected.

It redirects to login page but again it goes back to the resource

I want the login page after the timeout but it goes back to the application page

Please let me know if I am doing anything wrong

Thanks

On Feb 7, 2011, at 8:44 PM, "Smith, Matthew J."  wrote:

> Not sure if I understand your problem correctly, but note that the settings 
> in ticketexpirationpolicy affect the expiration of the 
> ticket-granting-cookie.  If you want to modify the timeout of your 
> mod_auth_cas-protected resource, you should configure CASTimeout and 
> CASIdletimout in your mod_auth_cas settings 
> (https://source.jasig.org/cas-clients/mod_auth_cas/trunk/README) .
> 
> HTH,
> -Matt
> 
> Matthew J. Smith
> University of Connecticut UITS
> matt.sm...@uconn.edu
> ____
> From: Vipin Jain [vjsat...@gmail.com]
> Sent: Monday, February 07, 2011 8:35 PM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] CAS Single Sign on Timeout Apache
> 
> Hello All
> 
> I am struggling with a unique problem
> 
> I have to setup Apache and CAS with single sign on timeout
> 
> I have modified the ticketexpirationpolicy.XML and decreased the value to 2 
> minutes but it doesn't work
> 
> The default value is 2 hrs and it is staying unchanged.
> 
> We are using mod_auth_cas with apache and CAS 3.4.5 on JBOSS
> 
> Please let me know if we need to have change other values
> 
> Thanks
> Vipin
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> matt.sm...@uconn.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Single Sign on Timeout Apache

[Vipin Jain]

Hello All

I am struggling with a unique problem

I have to setup Apache and CAS with single sign on timeout

I have modified the ticketexpirationpolicy.XML and decreased the value to 2 
minutes but it doesn't work

The default value is 2 hrs and it is staying unchanged.

We are using mod_auth_cas with apache and CAS 3.4.5 on JBOSS

Please let me know if we need to have change other values

Thanks
Vipin
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Session Timeout CAS + Apache

[Vipin Jain]

Yes, I can understand.

We had two requirements

1. Have a global session timeout for a session (worked modifying 
ticketexpirationpolicies.xml)

2. The other requirement is to have a idle session timeout for a particular 
time period. Basically we want the user to be logged off if there us no 
activity in the session for a period if time

Please let me know

Thanks
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Session Timeout CAS + Apache

[Vipin Jain]

Thanks for the answers

I was looking out if CAS can provide idle session timeout for each application?

Is that possible?

On Feb 2, 2011, at 12:47 PM, Vipin Jain  wrote:

> I want to end the CAS session timeout after the ticket created by CAS expires.
>  
> Is that possible?
> 
> On Wed, Feb 2, 2011 at 12:22 PM, Marvin Addison  
> wrote:
> > How can we achieve Session Timeout in CAS 3.4.5
> 
> You should take some time to clarify what you mean by "Session
> Timeout" with regard to CAS.  For example, do you want to end the CAS
> SSO session when the servlet container session of a CAS-enabled webapp
> times out?
> 
> M
> 
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Session Timeout CAS + Apache

[Vipin Jain]

I want to end the CAS session timeout after the ticket created by CAS
expires.

Is that possible?

On Wed, Feb 2, 2011 at 12:22 PM, Marvin Addison wrote:

> > How can we achieve Session Timeout in CAS 3.4.5
>
> You should take some time to clarify what you mean by "Session
> Timeout" with regard to CAS.  For example, do you want to end the CAS
> SSO session when the servlet container session of a CAS-enabled webapp
> times out?
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Session Timeout CAS + Apache

[Vipin Jain]

How can we achieve Session Timeout in CAS 3.4.5

We are using Apache CAS module.

We have made changes in ticketExpirationPolicies.xml but that doesnt work
out

Do we have any other mechanism

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Ticket Storage

[Vipin Jain]

Thanks Scott.

Also, Can you please let me know what does a Proxy Ticket mean in siimple
terms and how can we use it.

Thanks

On Mon, Jan 24, 2011 at 8:55 PM, Scott Battaglia
wrote:

> The default implementation is in-memory.
>
> You can find all of the alternatives listed in our user manual:
> https://wiki.jasig.org/display/CASUM/Home
>
>
> On Mon, Jan 24, 2011 at 4:59 PM, Vipin Jain  wrote:
>
>> Hello All,
>>
>> Can you please let me know where does CAS stores the ticket and how does
>> it validate the ticket after it is used once.
>>
>> Thanks
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Ticket Storage

[Vipin Jain]

Hello All,

Can you please let me know where does CAS stores the ticket and how does it
validate the ticket after it is used once.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] authenticationHandlers

[Vipin Jain]

How can we have users have authenticated against AD or SQL

On Jan 21, 2011, at 11:15 AM, Marvin Addison  wrote:

>> I need that some services validate with ldap and the other with mssql.
> 
> Services don't authenticate via LDAP or RDBMS in CAS; on the contrary
> is it is users that authenticate via these means.  While it's possible
> for a user to be authenticated to one backend or the other, it's not
> possible for a particular service to require a particular
> authentication method.
> 
> M
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] JBOSS CAS

[Vipin Jain]

Thanks Scott

Solved that, I used CAS 3.3.5 to make it work.

3.4.2 fails on JBoss

Thanks
Vipin

On Jan 19, 2011, at 9:55 PM, Scott Battaglia  wrote:

> You're injecting the wrong class:
> nested exception is java.lang.IllegalArgumentException: Cannot convert value 
> of type [org.springframework.ldap.core.support.LdapContextSource] to required 
> type [org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> 
> You're apparently using an older version of CAS that still had an 
> AuthentictedLdapContextSource.
> 
> Cheers,
> Scott
> 
> 
> On Wed, Jan 19, 2011 at 5:40 AM, Vipin Jain  wrote:
> Hi Scott,
> 
> I am installing CAS on JBOSS and its failing with the below error. I am 
> trying to use LDAP. I have copied CAS-LDAP-SUPPORT.JAR and SPRINGLDAP.jar
> 
> 2011-01-19 16:07:49,799 INFO  [STDOUT] (main) 2011-01-19 16:07:49,799 ERROR 
> [org.springframework.web.context.ContextLoader] -  failed>
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'centralAuthenticationService' defined in ServletContext resource 
> [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve 
> reference to bean 'authenticationManager' while setting bean property 
> 'authenticationManager'; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'authenticationManager' defined in ServletContext resource 
> [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean 
> 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#1897b54' of type 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while setting 
> bean property 'authenticationHandlers' with key [2]; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#1897b54' 
> defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: 
> Initialization of bean failed; nested exception is 
> org.springframework.beans.TypeMismatchException: Failed to convert property 
> value of type [org.springframework.ldap.core.support.LdapContextSource] to 
> required type 
> [org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource] for 
> property 'contextSource'; nested exception is 
> java.lang.IllegalArgumentException: Cannot convert value of type 
> [org.springframework.ldap.core.support.LdapContextSource] to required type 
> [org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource] for 
> property 'contextSource': no matching editors or conversion strategy found
> at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
> at 
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
> at java.security.AccessController.doPrivileged(Native Method)
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
> at 
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
> at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
> at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
> at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
> at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
> at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
> at 
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
> at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApp

[cas-user] JBOSS CAS

[Vipin Jain]

Hi Scott,

I am installing CAS on JBOSS and its failing with the below error. I am
trying to use LDAP. I have copied CAS-LDAP-SUPPORT.JAR and SPRINGLDAP.jar

2011-01-19 16:07:49,799 INFO  [STDOUT] (main) 2011-01-19 16:07:49,799 ERROR
[org.springframework.web.context.ContextLoader] - 
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'centralAuthenticationService' defined in ServletContext resource
[/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve
reference to bean 'authenticationManager' while setting bean property
'authenticationManager'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authenticationManager' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean
'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#1897b54' of type
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while setting
bean property 'authenticationHandlers' with key [2]; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name
'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#1897b54' defined
in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
Initialization of bean failed; nested exception is
org.springframework.beans.TypeMismatchException: Failed to convert property
value of type [org.springframework.ldap.core.support.LdapContextSource] to
required type
[org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource] for
property 'contextSource'; nested exception is
java.lang.IllegalArgumentException: Cannot convert value of type
[org.springframework.ldap.core.support.LdapContextSource] to required type
[org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource] for
property 'contextSource': no matching editors or conversion strategy found
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at
org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at
org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:62)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
at
org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:312)
at
org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:144)
at
org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
at sun.reflect.NativeMethodAccessorImpl.invoke

[cas-user] CAS on JBOSS Error

[Vipin Jain]

Hi All,

Please help me with this

I am installing CAS on JBOSS and recieving the below error.


2011-01-19 02:28:27,614 ERROR [STDERR] (main) SLF4J: Class path contains
multiple SLF4J bindings.
2011-01-19 02:28:27,614 ERROR [STDERR] (main) SLF4J: Found binding in
[vfszip:/D:/JBoss2/
jboss-5.0.1.GA/common/lib/slf4j-jboss-logging.jar/org/slf4j/impl/StaticLoggerBinder.class
]
2011-01-19 02:28:27,614 ERROR [STDERR] (main) SLF4J: Found binding in
[vfszip:/D:/JBoss2/
jboss-5.0.1.GA/server/default/deploy/cas1.war/WEB-INF/lib/slf4j-log4j12-1.5.8.jar/org/slf4j/impl/StaticLoggerBinder.class
2011-01-19 02:28:27,660 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/cas1]]
(main) Error configuring application listener of class
org.jasig.cas.web.init.SafeContextLoaderListener
java.lang.ExceptionInInitializerError
at
org.slf4j.impl.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:73)
at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:243)
at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:255)
at
org.jasig.cas.web.init.SafeContextLoaderListener.(SafeContextLoaderListener.java:49)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at
org.jboss.web.tomcat.service.TomcatInjectionContainer.newInstance(TomcatInjectionContainer.java:258)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3859)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
at
org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:312)
at
org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:144)
at
org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at
org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
at $Proxy36.start(Unknown Source)
at
org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
at
org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
at
org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
at
org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
at
org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
at
org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
at
org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
at
org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
at
org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
at
org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
at
org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
at
org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
at
org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
at
org.jboss.system.ServiceController.doChange(ServiceController.java:688)
at org.jboss.system.ServiceController.start(ServiceController.java:460)
at
org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
at
org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
at
org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
at
org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDepl

Re: [cas-user] Protect an application on JBOSS using CAS

[Vipin Jain]

Thanks Marvin

Do we have a simpler way where we need to modify the web.xml.

The application doesn't use JAAS module

On Wed, Jan 5, 2011 at 10:19 AM, Marvin Addison wrote:

> > How to protect an application on JBOSS using CAS.
>
> See https://wiki.jasig.org/display/CASC/JAAS+Integration.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Protect an application on JBOSS using CAS

[Vipin Jain]

Hello All,

How to protect an application on JBOSS using CAS.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Alternative way for Single Sign Out for mod_auth_cas

[Vipin Jain]

i am using Windows 2003 Server and Apache 2.0.64

how can IIS help

On Thu, Dec 30, 2010 at 10:08 AM, Marvin Addison
wrote:

> On Thu, Dec 30, 2010 at 9:48 AM, Vipin Jain  wrote:
> > i am using 1.7 as it is on Windows. I think 1.0.9.1 doesnt work on
> Windows
> > Apache
>
> I don't think 1.0.7 has support for single sign-out.  I believe it was
> added in 1.0.8, but that's from my hazy memory.  What version of
> Windows/IIS are you using?  If you're using IIS7 there may be other
> options.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Alternative way for Single Sign Out for mod_auth_cas

[Vipin Jain]

i am using 1.7 as it is on Windows. I think 1.0.9.1 doesnt work on Windows
Apache

On Thu, Dec 30, 2010 at 8:36 AM, Marvin Addison wrote:

> > is there any way for single sign out for mod_auth_cas 1.0.7?
>
> I can never remember the version of mod_auth_cas that first contained
> support for single sign out, but the most recent version, 1.0.9.1, has
> support for this feature.  You can get the source from
>
> https://source.jasig.org/cas-clients/mod_auth_cas/tags/mod_auth_cas-1.0.9.1/
> .
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Alternative way for Single Sign Out for mod_auth_cas

[Vipin Jain]

Hello All,

is there any way for single sign out for mod_auth_cas 1.0.7?

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS and user group level permissions

[Vipin Jain]

yes, you can do that using Apache module of CAS.

https://wiki.jasig.org/display/CASC/mod_auth_cas

this is a link which has the details

On Wed, Dec 15, 2010 at 8:37 AM, Rene Richard wrote:

> Hello,
>
> I haven't read anything yet about CAS having the ability to grant access to
> certain portions of a web site to certain user groups and deny access to
> other groups. Is this functionality something CAS supports?
>
> Thanks
>
> R.
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Return of DN after Authentication in CAS

[Vipin Jain]

Hello Scott,

As we get the logged in user as getRemoteUser(), How can we get the DN of
the user?

Do we have any configurations for it.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Apache Protection with mod_auth_cas

[Vipin Jain]

Hello,

Can we have any setup at Apache level to protect only some files.

My case is that i want to protect only *.faces URL and other files in the
folder should be unprotected.

Please let me know how can we achieve this.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

Hello,

can we create a custom header after authentication at CAS server level

Thanks
Vipin

On Thu, Dec 9, 2010 at 1:36 PM, Vipin Jain  wrote:

> Thanks
>
> i am doing SSO with Liferay and WPS.
>
> so i should modify them at the Client at both the servers,
>
> Can i not modify the settings at Server level to create the remoteUser or
> any custom header after authentication.
>
> Thanks
> Vipin
>
>
> On Thu, Dec 9, 2010 at 11:05 AM, Marvin Addison 
> wrote:
>
>> > I tried to read the remoteUser but i always get null.
>>
>> Have you properly configured HttpServletRequestWrapperFilter?  See
>>
>> https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
>> for more info.
>>
>> M
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> vjsat...@gmail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

Thanks

i am doing SSO with Liferay and WPS.

so i should modify them at the Client at both the servers,

Can i not modify the settings at Server level to create the remoteUser or
any custom header after authentication.

Thanks
Vipin

On Thu, Dec 9, 2010 at 11:05 AM, Marvin Addison wrote:

> > I tried to read the remoteUser but i always get null.
>
> Have you properly configured HttpServletRequestWrapperFilter?  See
>
> https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
> for more info.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

one more update
i have disabled the mod_auth_cas  and using clients at Liferay and Websphere
server

On Thu, Dec 9, 2010 at 10:25 AM, Vipin Jain  wrote:

> I tried to read the remoteUser but i always get null.
> I deployed a servlet on the same Tomcat server as of CAS and displayed the
> headers. i see it null
>
> this is code snippet
>
> out.println("queryString=" + req.getQueryString());
>  out.println("uri=" + req.getRequestURI());
>  out.println("host=" + req.getServerName());
>  out.println("user=" + req.getUserPrincipal());
>  out.println("port=" + req.getServerPort());
>  out.println("remoteuser=" + req.getgetRemoteUser());
>
> Should we change anyting at the CAS Tomcat Server level for enabling this?
>
> On Thu, Dec 9, 2010 at 9:11 AM, Vipin Jain  wrote:
>
>> Thanks Scott
>>
>> trying things out now.
>>
>>
>> On Thu, Dec 9, 2010 at 8:53 AM, Scott Battaglia <
>> scott.battag...@gmail.com> wrote:
>>
>>> On Wed, Dec 8, 2010 at 10:21 PM, Vipin Jain  wrote:
>>>
>>>> ok, but i am using the same CAS server for issuing the ticket at both
>>>> the clients.
>>>
>>>
>>> It doesn't matter.  You can only validate a service ticket once.  So if
>>> both clients get the same ticket, the second one will fail.
>>>
>>>
>>>
>>>>
>>>> also, is remoteUser  a header which i can read
>>>>
>>>
>>> Its the HttpServletRequest#getRemoteUser().
>>>
>>>
>>>
>>>
>>>>
>>>>
>>>> On Thu, Dec 9, 2010 at 8:47 AM, Scott Battaglia <
>>>> scott.battag...@gmail.com> wrote:
>>>>
>>>>> Two of them can't read the same ticket.  Tickets can only be used once.
>>>>>
>>>>>
>>>>> On Wed, Dec 8, 2010 at 10:14 PM, Vipin Jain wrote:
>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> but we need protection even if anybody accesses the direct websphere
>>>>>> application so have CAS clients at both levels.
>>>>>>
>>>>>> Can't we have two CAS clients working at a time?
>>>>>>
>>>>>> Thanks
>>>>>> Vipin
>>>>>>
>>>>>> On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia <
>>>>>> scott.battag...@gmail.com> wrote:
>>>>>>
>>>>>>> You only need one CAS client.  You either need to use mod_auth_cas
>>>>>>> (and then read the remoteUser) or use the CAS Client.
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain wrote:
>>>>>>>
>>>>>>>> Hello Scott,
>>>>>>>>
>>>>>>>> I have a peculiar problem
>>>>>>>>
>>>>>>>> We have configured the environment as below
>>>>>>>>
>>>>>>>> 1. Install CAS on Tomcat
>>>>>>>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL
>>>>>>>> 3. Configured CAS Client as TAI on Websphere with the same CAS
>>>>>>>> Tomcat URL
>>>>>>>> 4. Proxy all the access through Apache
>>>>>>>>
>>>>>>>> Here is the flow
>>>>>>>>
>>>>>>>> 1. User access websphere application thru Apache
>>>>>>>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
>>>>>>>> 3. User authenticates and it is redirected to the websphere
>>>>>>>> application
>>>>>>>> 4. Websphere CAS agent is not able to read the ticket and gives the
>>>>>>>> below error
>>>>>>>>
>>>>>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O has ticket?
>>>>>>>> =false
>>>>>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O request url=
>>>>>>>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces
>>>>>>>>
>>>>>>>> If we remove the mod_auth_cas from Apache and only Proxy the
>>>>>>>> application through apache. Everything works fine.
>>>>>>>>

Re: [cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

I tried to read the remoteUser but i always get null.
I deployed a servlet on the same Tomcat server as of CAS and displayed the
headers. i see it null

this is code snippet

out.println("queryString=" + req.getQueryString());
 out.println("uri=" + req.getRequestURI());
 out.println("host=" + req.getServerName());
 out.println("user=" + req.getUserPrincipal());
 out.println("port=" + req.getServerPort());
 out.println("remoteuser=" + req.getgetRemoteUser());

Should we change anyting at the CAS Tomcat Server level for enabling this?

On Thu, Dec 9, 2010 at 9:11 AM, Vipin Jain  wrote:

> Thanks Scott
>
> trying things out now.
>
>
> On Thu, Dec 9, 2010 at 8:53 AM, Scott Battaglia  > wrote:
>
>> On Wed, Dec 8, 2010 at 10:21 PM, Vipin Jain  wrote:
>>
>>> ok, but i am using the same CAS server for issuing the ticket at both the
>>> clients.
>>
>>
>> It doesn't matter.  You can only validate a service ticket once.  So if
>> both clients get the same ticket, the second one will fail.
>>
>>
>>
>>>
>>> also, is remoteUser  a header which i can read
>>>
>>
>> Its the HttpServletRequest#getRemoteUser().
>>
>>
>>
>>
>>>
>>>
>>> On Thu, Dec 9, 2010 at 8:47 AM, Scott Battaglia <
>>> scott.battag...@gmail.com> wrote:
>>>
>>>> Two of them can't read the same ticket.  Tickets can only be used once.
>>>>
>>>>
>>>> On Wed, Dec 8, 2010 at 10:14 PM, Vipin Jain  wrote:
>>>>
>>>>> Thanks
>>>>>
>>>>> but we need protection even if anybody accesses the direct websphere
>>>>> application so have CAS clients at both levels.
>>>>>
>>>>> Can't we have two CAS clients working at a time?
>>>>>
>>>>> Thanks
>>>>> Vipin
>>>>>
>>>>> On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia <
>>>>> scott.battag...@gmail.com> wrote:
>>>>>
>>>>>> You only need one CAS client.  You either need to use mod_auth_cas
>>>>>> (and then read the remoteUser) or use the CAS Client.
>>>>>>
>>>>>>
>>>>>> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain wrote:
>>>>>>
>>>>>>> Hello Scott,
>>>>>>>
>>>>>>> I have a peculiar problem
>>>>>>>
>>>>>>> We have configured the environment as below
>>>>>>>
>>>>>>> 1. Install CAS on Tomcat
>>>>>>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL
>>>>>>> 3. Configured CAS Client as TAI on Websphere with the same CAS Tomcat
>>>>>>> URL
>>>>>>> 4. Proxy all the access through Apache
>>>>>>>
>>>>>>> Here is the flow
>>>>>>>
>>>>>>> 1. User access websphere application thru Apache
>>>>>>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
>>>>>>> 3. User authenticates and it is redirected to the websphere
>>>>>>> application
>>>>>>> 4. Websphere CAS agent is not able to read the ticket and gives the
>>>>>>> below error
>>>>>>>
>>>>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O has ticket? =false
>>>>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O request url=
>>>>>>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces
>>>>>>>
>>>>>>> If we remove the mod_auth_cas from Apache and only Proxy the
>>>>>>> application through apache. Everything works fine.
>>>>>>>
>>>>>>> So mod_auth_cas is creating issues.
>>>>>>>
>>>>>>>  Can you please help me whats the problem.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Vipin
>>>>>>>
>>>>>>> --
>>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>>>> scott.battag...@gmail.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>

Re: [cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

Thanks Scott

trying things out now.

On Thu, Dec 9, 2010 at 8:53 AM, Scott Battaglia
wrote:

> On Wed, Dec 8, 2010 at 10:21 PM, Vipin Jain  wrote:
>
>> ok, but i am using the same CAS server for issuing the ticket at both the
>> clients.
>
>
> It doesn't matter.  You can only validate a service ticket once.  So if
> both clients get the same ticket, the second one will fail.
>
>
>
>>
>> also, is remoteUser  a header which i can read
>>
>
> Its the HttpServletRequest#getRemoteUser().
>
>
>
>
>>
>>
>> On Thu, Dec 9, 2010 at 8:47 AM, Scott Battaglia <
>> scott.battag...@gmail.com> wrote:
>>
>>> Two of them can't read the same ticket.  Tickets can only be used once.
>>>
>>>
>>> On Wed, Dec 8, 2010 at 10:14 PM, Vipin Jain  wrote:
>>>
>>>> Thanks
>>>>
>>>> but we need protection even if anybody accesses the direct websphere
>>>> application so have CAS clients at both levels.
>>>>
>>>> Can't we have two CAS clients working at a time?
>>>>
>>>> Thanks
>>>> Vipin
>>>>
>>>> On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia <
>>>> scott.battag...@gmail.com> wrote:
>>>>
>>>>> You only need one CAS client.  You either need to use mod_auth_cas (and
>>>>> then read the remoteUser) or use the CAS Client.
>>>>>
>>>>>
>>>>> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain wrote:
>>>>>
>>>>>> Hello Scott,
>>>>>>
>>>>>> I have a peculiar problem
>>>>>>
>>>>>> We have configured the environment as below
>>>>>>
>>>>>> 1. Install CAS on Tomcat
>>>>>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL
>>>>>> 3. Configured CAS Client as TAI on Websphere with the same CAS Tomcat
>>>>>> URL
>>>>>> 4. Proxy all the access through Apache
>>>>>>
>>>>>> Here is the flow
>>>>>>
>>>>>> 1. User access websphere application thru Apache
>>>>>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
>>>>>> 3. User authenticates and it is redirected to the websphere
>>>>>> application
>>>>>> 4. Websphere CAS agent is not able to read the ticket and gives the
>>>>>> below error
>>>>>>
>>>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O has ticket? =false
>>>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O request url=
>>>>>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces
>>>>>>
>>>>>> If we remove the mod_auth_cas from Apache and only Proxy the
>>>>>> application through apache. Everything works fine.
>>>>>>
>>>>>> So mod_auth_cas is creating issues.
>>>>>>
>>>>>>  Can you please help me whats the problem.
>>>>>>
>>>>>> Thanks
>>>>>> Vipin
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>>> scott.battag...@gmail.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> To unsubscribe, change settings or access archives, see 
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>>
>>>>>  --
>>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>>> vjsat...@gmail.com
>>>>>
>>>>>
>>>>> To unsubscribe, change settings or access archives, see 
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>>
>>>> --
>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>> scott.battag...@gmail.com
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> To unsubscribe, change settings or access archives, see 
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>  --
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> vjsat...@gmail.com
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

ok, but i am using the same CAS server for issuing the ticket at both the
clients.

also, is remoteUser  a header which i can read

On Thu, Dec 9, 2010 at 8:47 AM, Scott Battaglia
wrote:

> Two of them can't read the same ticket.  Tickets can only be used once.
>
>
> On Wed, Dec 8, 2010 at 10:14 PM, Vipin Jain  wrote:
>
>> Thanks
>>
>> but we need protection even if anybody accesses the direct websphere
>> application so have CAS clients at both levels.
>>
>> Can't we have two CAS clients working at a time?
>>
>> Thanks
>> Vipin
>>
>> On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia <
>> scott.battag...@gmail.com> wrote:
>>
>>> You only need one CAS client.  You either need to use mod_auth_cas (and
>>> then read the remoteUser) or use the CAS Client.
>>>
>>>
>>> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain  wrote:
>>>
>>>> Hello Scott,
>>>>
>>>> I have a peculiar problem
>>>>
>>>> We have configured the environment as below
>>>>
>>>> 1. Install CAS on Tomcat
>>>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL
>>>> 3. Configured CAS Client as TAI on Websphere with the same CAS Tomcat
>>>> URL
>>>> 4. Proxy all the access through Apache
>>>>
>>>> Here is the flow
>>>>
>>>> 1. User access websphere application thru Apache
>>>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
>>>> 3. User authenticates and it is redirected to the websphere application
>>>> 4. Websphere CAS agent is not able to read the ticket and gives the
>>>> below error
>>>>
>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O has ticket? =false
>>>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O request url=
>>>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces
>>>>
>>>> If we remove the mod_auth_cas from Apache and only Proxy the application
>>>> through apache. Everything works fine.
>>>>
>>>> So mod_auth_cas is creating issues.
>>>>
>>>>  Can you please help me whats the problem.
>>>>
>>>> Thanks
>>>> Vipin
>>>>
>>>> --
>>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>>> scott.battag...@gmail.com
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> To unsubscribe, change settings or access archives, see 
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>  --
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> vjsat...@gmail.com
>>>
>>>
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

Thanks

but we need protection even if anybody accesses the direct websphere
application so have CAS clients at both levels.

Can't we have two CAS clients working at a time?

Thanks
Vipin

On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia
wrote:

> You only need one CAS client.  You either need to use mod_auth_cas (and
> then read the remoteUser) or use the CAS Client.
>
>
> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain  wrote:
>
>> Hello Scott,
>>
>> I have a peculiar problem
>>
>> We have configured the environment as below
>>
>> 1. Install CAS on Tomcat
>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL
>> 3. Configured CAS Client as TAI on Websphere with the same CAS Tomcat URL
>> 4. Proxy all the access through Apache
>>
>> Here is the flow
>>
>> 1. User access websphere application thru Apache
>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
>> 3. User authenticates and it is redirected to the websphere application
>> 4. Websphere CAS agent is not able to read the ticket and gives the below
>> error
>>
>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O has ticket? =false
>> [12/9/10 8:24:48:829 IST] 00ee SystemOut O request url=
>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces
>>
>> If we remove the mod_auth_cas from Apache and only Proxy the application
>> through apache. Everything works fine.
>>
>> So mod_auth_cas is creating issues.
>>
>>  Can you please help me whats the problem.
>>
>> Thanks
>> Vipin
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS + mod_auth_cas on Apache + Websphere

[Vipin Jain]

Hello Scott,

I have a peculiar problem

We have configured the environment as below

1. Install CAS on Tomcat
2. Configured mod_auth_cas on Apache with CAS Tomcat URL
3. Configured CAS Client as TAI on Websphere with the same CAS Tomcat URL
4. Proxy all the access through Apache

Here is the flow

1. User access websphere application thru Apache
2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
3. User authenticates and it is redirected to the websphere application
4. Websphere CAS agent is not able to read the ticket and gives the below
error

[12/9/10 8:24:48:829 IST] 00ee SystemOut O has ticket? =false
[12/9/10 8:24:48:829 IST] 00ee SystemOut O request url=
https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces

If we remove the mod_auth_cas from Apache and only Proxy the application
through apache. Everything works fine.

So mod_auth_cas is creating issues.

Can you please help me whats the problem.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Change Cookie Path and Domain for CAS Tomcat

[Vipin Jain]

Thanks Scott.

It did the job. changed the cookie path at the application level to make it
work.

One more question, Can i create a Custom Cookie after CAS authenticates and
redirects to actual application

On Tue, Dec 7, 2010 at 11:33 PM, Scott Battaglia
wrote:

> The cookie path is set automatically to be the request context path.
>  Domains can be controlled by the Spring Cookie Generators configured in our
> config files.
>
> Cheers,
> Scott
>
>   On Tue, Dec 7, 2010 at 8:44 PM, Vipin Jain  wrote:
>
>>  Hello,
>>
>> How can we change the Cookie Path and Domain for CAS on Tomcat Server.
>>
>> Thanks
>> Vipin
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Change Cookie Path and Domain for CAS Tomcat

[Vipin Jain]

Hello,

How can we change the Cookie Path and Domain for CAS on Tomcat Server.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] mod_auth_cas for windows apache server

[Vipin Jain]

Sure

Thanks

On Wed, Dec 8, 2010 at 7:05 AM, Smith, Matthew J. wrote:

> Please do try trunk, but we have done little to validate that the new
> libcurl-based design works well on Windows.  If you have problems, please
> use 1.0.8.1, which is known to work on Windows.
>
>
> https://source.jasig.org/cas-clients/mod_auth_cas/tags/mod_auth_cas-1.0.8.1/
>
> If trunk (1.0.9) does work for you, please let us know.
>
> -Matt
>
> Matthew J. Smith
> University of Connecticut UITS
> matt.sm...@uconn.edu
> 
> From: Balendran Thavarajah [balendran.thavara...@standards.org.au]
> Sent: Tuesday, December 07, 2010 4:09 PM
> To: cas-user@lists.jasig.org
> Cc: cas-user@lists.jasig.org
> Subject: Re: [cas-user] mod_auth_cas for windows apache server
>
> https://wiki.jasig.org/display/CASC/mod_auth_cas
>
> Download latest version from the trunk and build with ms visual studio.
>
> Sent from my iPhone
>
>
>
> On 08/12/2010, at 6:37 AM, "Vipin Jain"  wrote:
>
> > Hi All.
> >
> > do we have mod_auth_cas for windows apache server
> >
> > Thanks
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> balendran.thavara...@standards.org.au
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
> > __
> > This email has been scanned by the MessageLabs Email Security System.
> > For more information please visit http://www.messagelabs.com/email
> > __
>
> __
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> __
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> matt.sm...@uconn.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] mod_auth_cas for windows apache server

[Vipin Jain]

Hi All.

do we have mod_auth_cas for windows apache server

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Single sign on between Liferay deployed on JBOSS + Websphere Application using CAS deployed on Tomcat

[Vipin Jain]

Hi All,

We have got a requirement for single sign on between Liferay 5.2, Websphere
Process Server deployed on Websphere 6 with CAS 3.4 deployed on Tomcat.

Please let me know what can be the wrong for my configuration.

*Steps Followed*

*CAS Config* - *Working Fine*

   1. Modified deployerconfig.xml to authenticate with LDAP
   2. Download the latest spring ldap jar

*Liferay Config* - *Issues*

   1. Download and placed the CASClient 3.1 in the WEB-INF/lib folder
   2. Changed the Authentication Settings at Liferay admin for using Screen
   Name and CAS for authentication

*Issues*

   - *Login page of Liferay is not redirecting to CAS Login Page*
   - *Logout works well*

*Websphere Config** - Issues*

Followed the guide on the link

https://wiki.jasig.org/pages/viewpage.action?pageId=19314

*Issues*

   - *WAS is not using the TAI interceptor*
   - *Logs shows that the CAS is intercepted*


   - [11/25/10 13:39:21:447 IST] 000a TrustAssociat A SECJ0121I: Trust
   Association Init class com.octo.cas.client.websphere.CasTAI511 loaded
   successfully


   - [11/25/10 13:39:21:494 IST] 000a SystemOut O
   - CasTAIHelper configuration :
   - CAS_REALM_NAME='CAS_REALM'
   - CAS_VALIDATION_URL='http://10.31.9.202:9090/cas1/serviceValidate'
   - STORE_PROXY_TICKET='false'
   - CAS_CALLBACK_PROXY_URL='null'
   - CAS_CALLBACK_PROXY_SERVLET='/CasProxyServlet'
   - PRINCIPAL_PREFIX=''uid=''
   - PRINCIPAL_SUFFIX='cn=People,O=TCL'
   - DEBUG='false'



-

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Single Sign Out with Apache CAS Module

[Vipin Jain]

Can we have Single Sign Out with Apache CAS Module

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Apache+CAS+Single Sign On

[Vipin Jain]

yes Scott

can we use that for my approach

On Mon, Nov 15, 2010 at 2:45 PM, Vipin Jain  wrote:

> that was for a different thing and my colleague is working on it.
>
> got a diff requirement and this is idea which i am thinking of
>
> Use Case:
> We have 3-4 apps written in Java, .NET and custom lang.We need single sign
> on between this applications.
>
> Approach:
> We can have Apache in front of all the apps (Single Point of Entry) and use
> CAS module on Apache to do the authentication with CAS Server ( deployed on
> Tomcat ) and LDAP.
>
> After the authentication, we can use Reverse Proxy to do the forward of the
> URL.
>
> ---
>
> Please let me know if this can be worked because this makes the application
> more safer and also the configuration is also easy.
>
>
>
> On Mon, Nov 15, 2010 at 2:36 PM, Marvin Addison 
> wrote:
>
>> > Can we have SSO between two apps using Apache as a single point of entry
>> > with CAS module on that.
>>
>> Are you still trying to solve the problem of SSO between two different
>> organizations?  It would be very helpful if you described your use
>> case in detail, then we will be able to help further.
>>
>> M
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> vjsat...@gmail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Apache+CAS+Single Sign On

[Vipin Jain]

that was for a different thing and my colleague is working on it.

got a diff requirement and this is idea which i am thinking of

Use Case:
We have 3-4 apps written in Java, .NET and custom lang.We need single sign
on between this applications.

Approach:
We can have Apache in front of all the apps (Single Point of Entry) and use
CAS module on Apache to do the authentication with CAS Server ( deployed on
Tomcat ) and LDAP.

After the authentication, we can use Reverse Proxy to do the forward of the
URL.

---

Please let me know if this can be worked because this makes the application
more safer and also the configuration is also easy.



On Mon, Nov 15, 2010 at 2:36 PM, Marvin Addison wrote:

> > Can we have SSO between two apps using Apache as a single point of entry
> > with CAS module on that.
>
> Are you still trying to solve the problem of SSO between two different
> organizations?  It would be very helpful if you described your use
> case in detail, then we will be able to help further.
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Apache+CAS+Single Sign On

[Vipin Jain]

do have cas module right called mod_cas?

On Mon, Nov 15, 2010 at 2:24 PM, nero...@googlemail.com <
nero...@googlemail.com> wrote:

> what is your aim? i dont quite get it.. youll need to have a CAS server
> anyway, then you could just casify both apps to get sso. your idea would
> create more problems i guess, since apache is technically a web-server so
> youd most like need to write some cas module yourself, and then your apps
> need to communicate with it... thats my thoughts
>
>
> On 11/15/2010 8:12 PM, Vipin Jain wrote:
>
>>
>> Can we have SSO between two apps using Apache as a single point of entry
>> with CAS module on that.
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> nero...@googlemail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Apache+CAS+Single Sign On

[Vipin Jain]

Can we have SSO between two apps using Apache as a single point of entry
with CAS module on that.

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] using CAS for Single Sign On between two different organisations

[Vipin Jain]

Thanks Marvin

On Mon, Nov 15, 2010 at 11:06 AM, Marvin Addison
wrote:

> > what are the ways to have SSO between two different organisations using
> CAS.
>
> Does each organization have its own CAS infrastructure and you're
> trying to enable SSO between them?  If that's the case, it will be
> difficult to accomplish.  CAS simply doesn't support that use case.  I
> can imagine a hack whereby each CAS server is a client of the other at
> a special login URI that uses a special authentication handler to
> simply accept a successful ticket validation response as a valid
> credential to create a TGT in the SSO domain of the the other
> institution.  In any case this integration will require a sound
> understanding of CAS client/server interaction as well as CAS server
> components.  Good luck.
>
> M
>
> --
>  You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] using CAS for Single Sign On between two different organisations

[Vipin Jain]

Thanks Fred.

Can you please elaborate more the steps.

We need to give a approach doc which would give the complete technical steps
and details.

On Mon, Nov 15, 2010 at 10:31 AM, Jacquet, Frederic  wrote:

> Hello
>
> All appropriate web sites (service providers) will have to be CAS enabled
>
> Cas server will need to know how to contact both identity  server to
> federate them after that
>
> If cas cannot speak to both, SAML is a better way ( not easy but ... )
>
> Regards
> fred
>
> On Nov 15, 2010, at 4:01 PM, Vipin Jain wrote:
>
> > Hello All,
> >
> > what are the ways to have SSO between two different organisations using
> CAS.
> >
> > Thanks
> >
> > --
> > You are currently subscribed to cas-user@lists.jasig.org as:
> frederic.jacq...@imd.ch
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] using CAS for Single Sign On between two different organisations

[Vipin Jain]

Hello All,

what are the ways to have SSO between two different organisations using CAS.

Thanks

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Single Sign On Between Java and .Net App

[Vipin Jain]

Thanks Marvin

The requirement is

1. User accesses App A (Java Based Portal) (Company A) - Form Login
2. User clicks a link on App A leading to App B (.Net Based App) (Company B)
- Single Sign On

I think we need to use SAML for this, can we use CAS for this?

On Fri, Nov 12, 2010 at 11:25 AM, Marvin Addison
wrote:

> > Can anyone please let me know what are the steps we need to single sign
> on
> > between two Java and .Net application using CAS.
>
> I will assume you already have a CAS server available for integration
> with your clients.
>
> Java client - https://wiki.jasig.org/display/CASC/CAS+Client+for+Java+3.1
> .NET client - https://wiki.jasig.org/display/CASC/.Net+Cas+Client
>
> M
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> vjsat...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Single Sign On Between Java and .Net App

[Vipin Jain]

Hi All,

Can anyone please let me know what are the steps we need to single sign on
between two Java and .Net application using CAS.

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS LDAP issue

[Vipin Jain]

Hi Scott,

I am configuring CAS with LDAP and facing issues with that.

CAS Version : 3.4.2.1
Server : Tomcat

Config made in pom.xml and deployerConfigContext.xml, Copied jar files.

2010-10-01 17:47:45,478 WARN
[org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler]
-

2010-10-01 17:47:47,212 INFO
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - 
2010-10-01 17:47:53,602 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - 
2010-10-01 17:47:53,805 ERROR
[org.springframework.web.context.ContextLoader] - 
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'centralAuthenticationService' defined in ServletContext resource
[/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve
reference to bean 'authenticationManager' while setting bean property
'authenticationManager'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authenticationManager' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean
'contextSource' of type
[org.springframework.ldap.core.support.LdapContextSource] while setting bean
property 'authenticationHandlers' with key [1]; nested exception is
org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find
class [org.springframework.ldap.core.support.LdapContextSource] for bean
with name 'contextSource' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]; nested exception is
java.lang.ClassNotFoundException:
org.springframework.ldap.core.support.LdapContextSource

Please let me know about it.

Thanks
Vipin Jain

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS for JBOSS and Websphere Process Server

[Vipin Jain]

Hi Scott,

Can we use CAS for Single Sign on between JBOSS and Websphere Process
Server?

Thanks
Vipin

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user