Re: [cas-user] TGT expiration problem

2016-11-21 Thread Ray Bon
Vincent, Try this logger to make sure ehcache is getting the correct timers: Ray On 2016-11-21 14:19, HURTEVENT VINCENT wrote: > Hello Ray, > > EhCache has these settings to suit TGT lifetime : > > ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket > ehcache.cache.s

Re: [cas-user] TGT expiration problem

2016-11-21 Thread HURTEVENT VINCENT
Hello Ray, EhCache has these settings to suit TGT lifetime : ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket ehcache.cache.st.timeIdle=0 ehcache.cache.st.timeAlive=300 ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket ehcache.cache.tgt.timeIdle=0 ehcache.cache.tgt.timeAliv

RE: [cas-user] CASAuthNHeader to return user

2016-11-21 Thread Neil Sabol
Hello Pouria, All, To build on David's response, you should be able to echo out the HTTP Headers on the server side with whatever language you are using. For example, in PHP see http://php.net/manual/en/function.getallheaders.php (Example #1) - just create a test page in your DocumentRoot, plac

Re: [cas-user] CASAuthNHeader to return user

2016-11-21 Thread pouria Mahmoudi
Excellent. Thanks That was it. On Monday, November 21, 2016 at 1:41:30 PM UTC-8, dhawes wrote: > > On 21 November 2016 at 16:13, pouria Mahmoudi > wrote: > ... > > Description: If enabled, this will store the user returned by CAS in an > HTTP > > header > > accessible to your web applicatio

[cas-user] Securing CAS 5.0 Management Webapp

2016-11-21 Thread Richard Frovarp
I'm having difficulty understanding how to configure the security layer for the CAS management webapp, if I don't want to use a static list. If I provide cas.mgmt.authzAttributes=memberOf, then it would seem that I should set cas.mgmt.adminRoles to the group. In theory this might seem like it

Re: [cas-user] CASAuthNHeader to return user

2016-11-21 Thread David Hawes
On 21 November 2016 at 16:13, pouria Mahmoudi wrote: ... > Description: If enabled, this will store the user returned by CAS in an HTTP > header > accessible to your web applications. ... > but it doesn't look like I have an http header. At least by doing Inspect > Element on my browser I cannot s

[cas-user] CASAuthNHeader to return user

2016-11-21 Thread pouria Mahmoudi
Hi Everyone, In the documentation, there is a part said: Directive: CASAuthNHeader Default: None Description: If enabled, this will store the user returned by CAS in an HTTP header accessible to your web applications. And this is the CAS configuration: *LoadModule auth_cas_module /usr/lib64/ap

Re: [cas-user] TGT expiration problem

2016-11-21 Thread Ray Bon
Vincent, Ehcache has its own expiration policy. Look at timeToLive, timeToIdle for bean class org.springframework.cache.ehcache.EhCacheFactoryBean. Ray On 2016-11-21 10:49, HURTEVENT VINCENT wrote: > Hello, > > We are using CAS Server 4.2.6 for few weeks now but we’re facing a > problem with the

[cas-user] TGT expiration problem

2016-11-21 Thread HURTEVENT VINCENT
Hello, We are using CAS Server 4.2.6 for few weeks now but we’re facing a problem with the SSO lifetime. The ticket registry used is EhCache and the RememberMe feature is enabled, you can find the settings in this gist :

[cas-user] Re: Custom Authentication Handler in version 5.0.0

2016-11-21 Thread Raghavendra Chary B
I had to implement custom Authentication handler where user creds are stored in Cassandra db. Followed below steps, not sure whether this is recommneded approach or not: 1. Created package org.apereo.cas..adaptors.cassandra 2. CassandraAuthenticationHandler > public class CassandraAuthenticatio

[cas-user] RE: CAS 5 not reading cas.properties file

2016-11-21 Thread Maxwell, Gary
The issue was resolved. I was modifying cas.properties within the overlay project and then compiling the project. Actually you need to copy the updated cas.properties into a new “etc/cas/config/” folder. That is located in the root of the drive where Tomcat is located. From: Maxwell, Gary Sen

[cas-user] Re: Trouble getting LdapAuthenticationHandler Configured.

2016-11-21 Thread Daniel
Thank you Elendrys. I added: org.apereo.cas cas-server-support-jdbc ${cas.version} to pom.xml and everything is working now. In our setup we rely on the search to find the DN of a user and then perform a direct simple bind on that DN w

Re: [cas-user] CAS-5.1.0-SNAP MFA Bypass configuration property is confusing

2016-11-21 Thread 'Philippe MARASSE' via CAS Community
Done : https://github.com/apereo/cas/issues/2138 Let's switch to cas-dev. Regards. Le 18/11/2016 à 16:31, Misagh Moayyed a écrit : > > That’s an excellent find. I suspect bypass rules don’t account for > non-interactive AuthN somehow. If you can change your config to bypass > MFA based on the Ld

[cas-user] How to configure SSL protocol for a CAS Client version 3.4.11

2016-11-21 Thread Guru Prashanth Thanakodi
Hi All The below page has a sslConfigFile parameter. Can this be used to mention the SSL protocol for CAS client as TLS v1.1. If so can you provide the format of the file and way to provide the location of file in web.xml https://github.com/apereo/java-cas-client/blob/master/README.md The param

[cas-user] CAS Management Webapp v5 + LDAP Authorization

2016-11-21 Thread Ludovic Senecaux
Hy, I would like to configure the new mgmt webapp (v5) authorization through LDAP like in CAS v4.2.x. I have a LDAP group (groupOfNames) with many members (member attribute). In CAS 4.x, this was possible through ldaptive:AuthorizationGenerator. In CAS 5.x, I didn't find any doc to configure auth