Re: [cas-user] Re: LdapPersonAttributeDao: source attribute to > 1 result attribute?

Whoops, typo in my config, the "multi-valued key support for attributes" works after all. Mea culpa. Mahalo for all the suggestions! On Tue, May 10, 2016 at 12:21:45PM -1000, Baron Fujimoto wrote: >[*] > >Actually, upon further review of that page

RE: [cas-user] Re: LdapPersonAttributeDao: source attribute to > 1 result attribute?

It is 4.x specific, yes. > -Original Message- > From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of > Baron Fujimoto > Sent: Tuesday, May 10, 2016 3:29 PM > To: CAS Users > Subject: Re: [cas-user] Re: LdapPersonAttributeDao: source attribute to > > 1 > result attribute? >

Re: [cas-user] Re: LdapPersonAttributeDao: source attribute to > 1 result attribute?

I think 2. would suffice. But is that suggestion below specific to 4.x? I'm using 3.4.11... On Tue, May 10, 2016 at 01:37:57PM -0700, Misagh Moayyed wrote: >Let me ask: which of the following scenarios is what you're after: > >1. Service A gets resultAttr1 and Service B gets resultAttr2 >2. Servic

Re: [cas-user] Re: LdapPersonAttributeDao: source attribute to > 1 result attribute?

Hi Dan, Mahalo for the response. Do you know if there is an example of adding a second personAttributeDao to the attributeRepository? We're currently using an attributeRepository configuration based on an example from the old Jasig wiki[*] that basically looks like:

RE: [cas-user] Re: LdapPersonAttributeDao: source attribute to > 1 result attribute?

Let me ask: which of the following scenarios is what you're after: 1. Service A gets resultAttr1 and Service B gets resultAttr2 2. Service A may get both resultAttr1 and resultAttr2 I don't know why you would ever want 2, but if you answered 1, there is this: http://apereo.github.io/cas/4.2.x/in

[cas-user] NIST preview SP 800-63-3

Hello CAS developers Does the intent to remove tokens (as insecure authenticators) from NIST Digital Authentication Guidelines affect CAS going forward? Linda Linda Toth University of Alaska - Office of Information Technology (OIT) - Identity and Access Management 910 Yukon Drive, Suite 103 Fair

Re: [cas-user] Re: LdapPersonAttributeDao: source attribute to > 1 result attribute?

Hi Baron, You can definitely get what you want without changing LDAP. Referring to the Spring bean definitions, you could create a second personAttributeDao for your attributeRepository that adds in resultAttr2. Or, to take it to the next level, if your requirements were more complicated and you

[cas-user] Re: LdapPersonAttributeDao: source attribute to > 1 result attribute?

On Fri, May 06, 2016 at 04:51:33PM -1000, Baron Fujimoto wrote: >We're using LdapPersonAttributeDao in CAS 3.4.11's deployerConfigContext.xml >to return attributes for /samlValidate. Is there a way to configure it to >use the same source attribute to return more than one result attribute? That >is,

Re: [cas-user] Java CAS Client is now under Apereo on Github

I prefer that the JAR file be included in the zip releases. As an alternative, perhaps that maven link could be included somewhere prominent on the Github page, either in the top-level README.md or in the release announcement. Thanks, Andy On Tue, 10 May 2016, Scott Battaglia wrote:

Re: [cas-user] Java CAS Client is now under Apereo on Github

They should always be available via the Maven repository: http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22org.jasig.cas.client%22%20AND%20a%3A%22cas-client-core%22 Do people prefer the "zip" releases versus dependency management? (we can look to add any missing ones then) On Tue, May 10, 2016

Re: [cas-user] Java CAS Client is now under Apereo on Github

On Tue, 10 May 2016, Misagh Moayyed wrote: New repository url: https://github.com/apereo/java-cas-client Old urls should auto-redirect to the new location. Where can I find the compiled JAR files for releases? The cas-client-3.4.1 release download is only the source code. I'm not build

[cas-user] Re: CAS 4.1.7 REST API, Illegal character in path

well, has a space in host.name entry in my cas.properties file. That was it! On Tuesday, May 10, 2016 at 1:14:11 PM UTC-4, Yan Zhou wrote: > > Hi there, > > I thought I figured it out, but not quite. It works on my local Tomcat > 7.0.59, but on our dev server, getting error. > > When I post to

[cas-user] CAS 4.1.7 REST API, Illegal character in path

Hi there, I thought I figured it out, but not quite. It works on my local Tomcat 7.0.59, but on our dev server, getting error. When I post to /cas/v1/tickets, I get 400 bad request in response. TicketsResource class is throwing error. Why is this? java.net.URISyntaxException: Illegal cha

[cas-user] Java CAS Client is now under Apereo on Github

New repository url: https://github.com/apereo/java-cas-client Old urls should auto-redirect to the new location. Misagh -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it,

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

Carl, Just saw your response. You are correct. I would need to pass a service ticket, but the service ticket is invalidated right after you login so I cannot reuse that ticket against the "/validate" endpoint. Regards, William Crowell -- You received this message because you are subscrib

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

William, The ST shouldn't be disabled immediately after login. For an accurate functional test, I think you ought to be able to obtain the ST from the /login response, either from a `Location` header or from scraping the response body. You should be able to present that ticket to the CAS /servic

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

William, You just need to visit /login again with the TGC you obtained the first time, when you presented credentials. Or you could visit with no cookies and just present the credentials again if you don't want to test SSO. Thanks, Carl - Original Message - From: "William" To: "CAS Co

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

I saw on another post Dmitriy proposed this: "For the automated testing tools you might need to choose to use CAS’ REST resources: https://apereo.github.io/cas/4.2.x/protocol/REST-Protocol.html"; I will give that a shot. Regards, William Crowell -- You received this message because you are s

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

Dmitriy and Misagh, I would prefer not to disable the ticket encryption. For the validation tests (https://wiki.jasig.org/display/CAS/CAS+Functional+Tests), I need to login through the user interface to generate a ticket. I need to be able to take that ticket and pass it into the "/validate"

[cas-user] Re: Unable to get REST API to work CAS 4.1.7 overlay

Figured it out. Thanks for the documentation. Yan On Tuesday, May 10, 2016 at 10:36:49 AM UTC-4, Yan Zhou wrote: > > Hi there, > > I am unable to get REST API to work with my CAS 4.1.7 overlay setup. I do > have a local copy of web.xml. > > All I did was to add this in my overlay pom.xml: the

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

William, That endpoint usually gets passed a *service ticket*. Not a ticket granting ticket. Are you sure you are passing the correct ticket? Thanks, Carl Waldbieser ITS Systems Programmer Lafayette College - Original Message - From: "William" To: "CAS Community" Cc: mmoay...@unicon.

[cas-user] Unable to get REST API to work CAS 4.1.7 overlay

Hi there, I am unable to get REST API to work with my CAS 4.1.7 overlay setup. I do have a local copy of web.xml. All I did was to add this in my overlay pom.xml: the jar does show up in my CAS web-inf/lib directory. The other required changes are already in my Web.xml. org.jasig.cas

RE: [cas-user] Re: cas documentation

See https://msdn.microsoft.com/en-us/library/ms679635(v=vs.85).aspx What is your LDAP directory? If you are not familiar with sAMAccountName, chances are for you this would be uid or cn. Or even nothing. That value is optional. From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behal

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

Hi William, you’d need to map the default cookie cipher executor to the noop one here: https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml#L76

RE: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

Help me out: Why do you need to pass the cookie, as I understand your question, to that endpoint? From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of William Sent: Tuesday, May 10, 2016 7:14 AM To: CAS Community Cc: mmoay...@unicon.net Subject: Re: [cas-user] Re: /p3/serviceVal

Re: [cas-user] Re: /p3/serviceValidate returning "Ticket...not recognized"

Misagh, Is there a way to tell CAS not to encrypt the ticket granting cookie so I can use it against the serviceValidate endpoint? Regards, William Crowell On Tuesday, May 3, 2016 at 1:04:18 PM UTC-4, Misagh Moayyed wrote: > > What you should be doing is: > > > > 1. Login, get a ticket

[cas-user] Filtering users depending on the context

Hello, In order to avoid installation of multiple instances of a CAS using same authentification backend (LDAP), i need to split different user contextes (for each entity). Is it possible to filter ldap entries with url parameter, eg : /cas/entity1/login, /cas/entity2/login (instead of /cas/