I am trying to add my own custom authentication handler that accesses the
database and I have this in my main configuration class:
@Bean
public DatabaseAuthenticationProvider getAuthenticationProvider() {
return new
DatabaseAuthenticationProvider("databaseAuthenticationProvider",
Hi Manfredo,
I have the custom theme loaded no problem without oauth, is just that when
I do it with oauth, setting the theme seems like a difficult task.
-Andy
On Wednesday, 28 February 2018 11:55:23 UTC+8, Manfredo Hopp wrote:
>
> open browser developper tool to see if itheme gets loaded
>
>
open browser developper tool to see if itheme gets loaded
El miércoles, 28 de febrero de 2018, Man H
escribió:
> Cant you just build a simple webapp with index.html
>
> El miércoles, 28 de febrero de 2018, Andy Ng escribió:
>
>> Thanks Manfedo,
>>
>> Do you mean that I should:
>> - Redirect us
Cant you just build a simple webapp with index.html
El miércoles, 28 de febrero de 2018, Andy Ng escribió:
> Thanks Manfedo,
>
> Do you mean that I should:
> - Redirect user to login using Non Oauth Service first (with theme)
> - Then redirect user to login using Oauth Service for actual Oauth l
Thanks Manfedo,
Do you mean that I should:
- Redirect user to login using Non Oauth Service first (with theme)
- Then redirect user to login using Oauth Service for actual Oauth login
Am I correct?
I would prefer not to do the above, since that mean the service provider
need to change their cod
Try to.load that theme on a regular service, that is non oauth
El miércoles, 28 de febrero de 2018, Andy Ng escribió:
> Hi all,
>
> I am using CAS 5.2.x, and using OAuth for one service provider. The
> provider now would like to have a custom theme.
>
> I thought I can just do this:
>
> {
> "@
See
https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-PrincipalId.html
El martes, 27 de febrero de 2018, Toby Archer
escribió:
> I had previously asked a near identical question here:
> https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/3xOdHIgj9x8
>
> That ended with
Hi all,
I am using CAS 5.2.x, and using OAuth for one service provider. The
provider now would like to have a custom theme.
I thought I can just do this:
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "OAuthApp",
"clientSecret": "xx",
I'm using CAS 4.2 with Hazelcast, but I'm unable to verify that CAS is
writting to Hazelcast. Can you point me to how I would determine the data
that CAS is writing to the cache?
Here is the hazelcast part of my properties file:
hz.mapname=tickets
hz.cluster.logging.type=slf4j
hz.cluster.membe
You can restrict the users able to authenticate with CAS if you have to,
I'm just saying that it may not be only way. Your reality is different than
mine.
As for the attributes: they are passed to the application, or in CAS
terminology, the service. principalAttributeList contains the attribute
They will be with the authenticated user in the client application. Accessed
something like principal.getAttributes.
Ray
On Tue, 2018-02-27 at 13:11 -0800, Kevin Liu wrote:
And somewhat stemming from the other conversation, what get's passed is via the
principalAttributeList? Where does the att
add
org.apereo.cas
cas-server-core-authentication
2018-02-27 16:59 GMT-03:00 Michael MacEachran :
> I am trying to write my own AuthenticationHandler. I have this dependency
> in my POM:
>
>
> org.apereo.cas
> cas-server-support
Kevin,
We have multiple ldap definitions, varying only on OU. The userFilter is also
set to search everything below the OU. CAS will search each one in sequence
until it finds a match.
cas.authn.ldap[0].ldapUrl=ldaps://ldapdev.uvic.ca:636
cas.authn.ldap[0].connectTimeout=3000
cas.authn.ldap[0].
And somewhat stemming from the other conversation, what get's passed is via
the principalAttributeList? Where does the attributes get passed to?
On Tuesday, February 27, 2018 at 3:10:38 PM UTC-6, Kevin Liu wrote:
>
> I see, so in other words, I should not have CAS search through LDAP
> looking f
I see, so in other words, I should not have CAS search through LDAP looking
for a user and checking to see if they're a member of a group. Rather, that
should get passed to application using cas.
Thanks!
On Tuesday, February 27, 2018 at 3:04:17 PM UTC-6, Marc Dufour wrote:
>
> Atlassian has a n
Atlassian has a nice paper on how to write LDAP
filters:
https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
and should help you if you want to restrict the users able to authenticate
with CAS.
The way I see this, CAS should authenticate the user (wide open to
I had previously asked a near identical question here:
https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/3xOdHIgj9x8
That ended with an unknown and I left it with the belief that if it is
possible to do what I want in CAS 3.5.2, it would probably be more trouble
than it's worth sinc
I have but it doesn't fully display what is being returned by LDAP.
How can I constrain to multiple OU? Also maybe I might be going at this the
wrong way. I need CAS to use LDAP to authenticate with a specific group in
LDAP. How do I constrain to just that and look for users?
On Tuesday, Februa
Thanks everyone for the help. I've got attributes showing up now. It seems
that it was entirely the protocol issue. It took me a little but I managed
to delve into the library I was using and figure out how to get CAS 3.0
working on it.
Thanks for the tip Mike. I will keep that in mind for fut
sn is an attribute in the AD schema used to store the last name of the user.
I did a quick search in Google and found this info that could help
you:
http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: htt
Kevin,
Have you tried to add more logs? I added this in my log config file to help
debug my LDAP problems:
As for the OU membership, maybe you could add that to the user filter.
Le mardi 27 février 2018 11:11:12 UTC-5, Kevin Liu a écrit :
>
> Hello All,
>
> Is there a way to see
I am trying to write my own AuthenticationHandler. I have this dependency
in my POM:
org.apereo.cas
cas-server-support-jdbc
${cas.version}
But I am getting an error when building. I get a cannot find symbol for
symbol: class ServicesMa
Hello,
I am running CAS 5.2.2.
I have successfully configured CAS to use pac4j for delegated
authentication. Specifically CAS/pac4j is configured as a SAML SP.
When I browse to a CAS client I am redirected to the CAS server login page.
I can then click a button to kick off the SAML flow and a
Gotcha! Still a little confused about the principal attributes. Could you give
a brief summary of how it works? What is a sn? And how the parsing works?
Thanks
Sent from my iPhone
> On Feb 27, 2018, at 11:57 AM, Marc Dufour wrote:
>
> I only need these attributes, so I limit the size of what i
I only need these attributes, so I limit the size of what it returned.
As for the bindDN, it is a regular Domain user, not an admin. It should
only need read access to Active Directory.
Le mardi 27 février 2018 10:52:52 UTC-5, Kevin Liu a écrit :
>
> Marc, what is the sn,givenName,memberOf,cn?
Does anyone know how to reference the login page password in
cas.properties? I know for username, you use %s but what about the password?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://g
Romain,
I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge.
If you want your session to end when browser is closed, leave out
cas.tgc.rememberMeMaxAge.
Ray
On Tue, 2018-02-27 at 00:09 -0800, vallee.romain wrote:
Hello,
i try to setup jasig TGC for this use case :
When i check rememberMe
Hello All,
Is there a way to see the response that CAS gets back from LDAP? Also is
there a tutorial anywhere for specific LDAP queries from CAS? For example,
if I need to check to see if a member is part of a specific OU?
Thanks,
Kevin
--
- Website: https://apereo.github.io/cas
- Gitter Chat
I don't believe so. You certainly don't have to do anything special to
include it.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Tue, Fe
David,
Do I need pacj4 for the service registry?
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David
Curry
Marc, what is the sn,givenName,memberOf,cn? Rather what is the
principalAttributeList?
For your bindDN and bindCredentials, are you using an authenticating admin
account or the user who's trying to get in?
On Tuesday, February 27, 2018 at 7:54:08 AM UTC-6, Marc Dufour wrote:
>
>
> Kevin, here ar
As for tgc properties leave them unchanged.
Pd: closing browser does not end cas session.
El martes, 27 de febrero de 2018, Man H escribió:
> Put only those properties.
> To end your cas session you have to logout redirect to login page from
> your application otherwise you will get that beh
followed your instructions but i get this error.
Error: cannot validate CAS ticket:
ST-1-1PZyX9vP72grJtHEexSdwjVUEMo-CNFCC-CAS-Server
On Monday, February 26, 2018 at 9:29:05 PM UTC+2, David Curry wrote:
>
> I think we've been through most of these at one time or another, but to
> assemble the
Put only those properties.
To end your cas session you have to logout redirect to login page from
your application otherwise you will get that behaviour.
El martes, 27 de febrero de 2018, vallee.romain
escribió:
> Thank you for your answer .
>
> Now i got this
>
> cas.tgc.maxAge=-1
> # cas.tgc.
I would check to make sure you have an absolute path for your service
directory.
Also, can confirm that : or = does not matter. Works for me either ways.
On Tuesday, February 27, 2018 at 8:51:11 AM UTC-6, David Curry wrote:
>
> Well, without digging into the code to see exactly who's logging wha
Thank you for your answer .
Now i got this
cas.tgc.maxAge=-1
# cas.tgc.domain=
cas.tgc.name=TGC
#cas.tgc.secure=false
#cas.tgc.rememberMeMaxAge=135
cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4
cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZV
Well, without digging into the code to see exactly who's logging what, this
looks like the important line:
2018-02-27 09:38:14,507 INFO [org.apereo.cas.services.AbstractServicesManager]
-
Which I interpret to mean that it looked in /etc/cas/services and didn't
find anything it wanted.
So... is
Thank you for your answer .
Now i got this
cas.tgc.maxAge=-1
# cas.tgc.domain=
cas.tgc.name=TGC
#cas.tgc.secure=false
#cas.tgc.rememberMeMaxAge=135
cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4
cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_sYIgRHZZV
David,
Is this what you are looking for?
This is with the cas.properties entry of –
“cas.serviceRegistry.json.location=file:/etc/cas/services”
If I change json back to config, I can log into the management portal but
still do not see the services I put in there.
[root@devcas5 logs]# cat
Thank you for your answer.
only this ?
Do I have to comment on the rest of the code?
Le mardi 27 février 2018 13:29:34 UTC+1, Manfredo Hopp a écrit :
>
> Try this
>
> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
> cas.ticket.tgt.rememberMe.enabled=true
> cas.ticket.tgt.rememberMe.timeToKillInSecon
Hi,
OK. It happens during the access token call where I should trade the code
for an access token returned as a JSON body which is what currently fails.
To be able to do the test, I need your secret. If you're willing to send it
to me, please do that privately -> lel...@gmail.com
Thanks.
Best re
Ok , I guess I got mixed up with the $(cas.server) variable stuff in
cas.properties.
So I set everything to the fqdn.
Now I get this url
https://devcas5.philasd.org/cas/status/dashboard?ticket=ST-3-hQduCqZgLwM3Scuh8r4Ry-5ctNo-devcas5
Now I get access denied ..
Here is admuser.proper
David,
To answer the URL question.
It was coming from a variable setting in management.properties.
I took out all the variables for FQDN.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301
If you use "config" then the property is being ignored because it doesn't
do anything, and you are likely getting the wildcard service registry entry
in the classpath.
If you use "json" then you are most likely correctly getting your
/etc/cas/services directory, and assuming you didn't copy the wi
Kevin, here are the properties that are working for me.
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=AD
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://servername:3269
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].baseDn=dc=DOMAIN
That might be a clue to a formatting problem, then. Like maybe an extra
colon or a missing colon? Or something else mis-formatted?
Because colons should work just fine.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 1
Guys,
When I changed config to json , I get Application Not Authorized to use CAS.
I am not sure if that s good thing or not.
If I change json back to config, the portal will open.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of P
David,
Re: cas.properties
I tried using the colon on every single line and I got all kinds of errors.
Mainly ssl errors ..
When I put the equals back in , it worked.
I am NOT saying you’re wrong nanny nanny poo poo …
I just saw a bunch of things break without the equals.
==
You can use colons or equals signs, it doesn't matter. And whitespace
between the property name and the property value is ignored (but whitespace
at the end of the line is not).
https://docs.oracle.com/cd/E23095_01/Platform.93/ATGProgGuide/html/s0204propertiesfileformat01.html
Personally I like c
Thanks guys, I have the json service resitry dependency in both cas and
cas-management pom.xml.
One thing that might be tripping me up here is when to use an “=” or is it a
“:’
For example I have them mixed.
i.e.
cas.serviceRegistry.json.location:file:/etc/cas/services
or is it
I like it too, something like Keycloak's realm concept
2018-02-27 8:30 GMT-03:00 Jeffrey Ramsay :
> I like the multitenancy idea as well.
>
> On Mon, Feb 26, 2018 at 11:05 PM, Man H wrote:
>
>> If nobody else considered your kind offer I suppose cas multitenancy
>> wins!!
>>
>>
>> El lunes, 26 d
Try this
cas.ticket.tgt.maxTimeToLiveInSeconds=25200
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=2592000
To test these set lower values.
Also dont use secure=false
El martes, 27 de febrero de 2018, vallee.romain
escribió:
> Hello,
>
> i try to setup jas
I like the multitenancy idea as well.
On Mon, Feb 26, 2018 at 11:05 PM, Man H wrote:
> If nobody else considered your kind offer I suppose cas multitenancy wins!!
>
>
> El lunes, 26 de febrero de 2018, Cheltenham, Chris <
> ccheltenham-...@philasd.org> escribió:
>
>> Hello Michael,
>>
>>
>>
>>
>
Hello,
i try to setup jasig TGC for this use case :
When i check rememberMe : 1 months without need to enter login.password
When i don't check rememberme : 7 hours unless i close the brother . If i
close the brother, i would like to have login/password prompte at next
login.
I think remember
54 matches
Mail list logo