Hi Cristina,
I tried to define the property in JAVA_OPTS, but still it could not pick up
the cas.properties file from the location.
I see the below from the catalina.out log file.
May 07, 2018 11:15:14 PM org.apache.catalina.startup.VersionLoggerListener
log
INFO: Command line argument:
Hi Neha,
Would like to know in which documentation do you know about the parameter
TARGET in "https://idiv-dev1:8443/cas/login?TARGET=
*http%3a%2f%2flocalhost%3a60397%2f*", I didn't see this parameter in the
official documentation.
Maybe it is something related to ASP.NET?
Anyway, the usual
Do you have the dashboard endpoints enabled? Can you go to the "services"
endpoint, which dumps the service registry, and see if there's something
else in there?
Alternatively, I think if you turn on debug mode logging, it will tell you
what services are loaded.
I'm thinking you might be getting
Hello everyone,
I'm the developer who has been working on implementing the SAML
authentication referenced by the OP, and the provided responses seem to
align with what I've come across while researching the issue, so I wanted
to try and provide a little more information in the hopes that it'll
For the service definition, you should only have one, which is a
SamlRegisteredService. You do not need (or want) a RegexRegisteredService
for a SAML service.
And as Matthew said, you should also set
cas.authn.samlIdp.entityId: ${cas.server.prefix}/idp
cas.authn.samlIdp.scope:
What does the SP expect the entityID to be?
I have not experimented with anything other than setting the entityId to
${cas.server.prefix}/idp and I don't know whether the CAS server will
have issues with responding to https://cas.example.org/idp since CAS itself
is at
If I don't set this property does it affect the vendor integration I'm
attempting to do?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message
I would expect your entityID to be https://cas.example.org/cas/idp but it
depends on what you've set it to in cas.properties under
cas.authn.samlIdp.entityId
On Monday, May 7, 2018 at 10:39:28 AM UTC-6, John D Giotta wrote:
>
> I noticed that my /cas/idp/metadata endpoint returns the following
I noticed that my /cas/idp/metadata endpoint returns the following
http://www.w3.org/2000/09/xmldsig#; xmlns:shibmd=
"urn:mace:shibboleth:metadata:1.0" xmlns:xml=
"http://www.w3.org/XML/1998/namespace; xmlns:mdui=
"urn:oasis:names:tc:SAML:metadata:ui" entityID="https://cas.example.org/idp;
>
What I meant was that Matthew asked about my JSON using the @class
org.apereo.cas.support.saml.services.SamlRegisteredService
Then asked if I registered the IdP endpoint. From the tutorial he pointed
me towards, I can't tell if I'm creating both a SamlRegisteredService and a
Well, I used the one file per service model with them all in the
/etc/cas/services directory. But I believe you can keep them all in one big
JSON file if you want.
David A. Curry, CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York,
Are there 2 service JSON files I'm supposed to create?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Just a thought, do you still have the "HTTP|IMAP" wildcard service in
there? And does it have a lower evaluation order than your service-specific
entry?
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212
Have you also added the service definition for the IdP endpoint?
If you haven't already, you may want to walk through the steps for adding
SAML support in this guide:
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_saml_update-the-service-registry.html
On Monday, May 7,
Has anyone experimented with, or had success with, enforcing multifactor
authentication based on a user's returned attribute, or based on the
location from which they are logging in? I'm experimenting with this now,
and wondered whether anyone else had already crossed this bridge.
We are
Yes, it is.
{
"@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "https://vendor-site.com/Pages/Auth/Login.aspx;,
"name": "SAML Authentication Request",
"id": 1003,
"evaluationOrder": 1,
"metadataLocation":
What do you have in your json for "@class"? Is it
"org.apereo.cas.support.saml.services.SamlRegisteredService"?
On Monday, May 7, 2018 at 9:19:58 AM UTC-6, John D Giotta wrote:
>
> I'm not too familiar with SAML 2.0 and I need to set up our existing CAS
> (currently using CAS protocol).
>
>
I'm not too familiar with SAML 2.0 and I need to set up our existing CAS
(currently using CAS protocol).
I've followed documentation, but unfortunately I'm unable to get the
application to authorize.
The error I get in logs is:
CAS has found a match for service
>
Iker,
It looks like the logout message was sent. Was it received and processed by the
client?
It could be that the ST was removed earlier or that the ticket was expired and
the response from the cache was interpreted by CAS as 'Unable to remove...'.
Ray
On Mon, 2018-05-07 at 04:24 -0700, Iker
A bit confused as to why you need the IdP (CAS Server) and the SP
(mod_auth_cas) on every system. You don't need mod_auth_cas to run the
CAS Server. There is mod_proxy_balancer in HTTPD which can do load
balancing to multiple backends.
On 05/07/2018 09:13 AM, Ramakrishna G wrote:
Hello
I am
Hello
I am running a load balancer(NGINX) which redirects the request to
Mod_Auth_Cas(Apache) and its corresponding CAS Server(Tomcat).
Drawback of current approach what I am using is
-> One tomcat for one apache which I want to remove. Also I need to remove
multiple node connection.
Is
Dear All,
I am trying to integrate CAS with ASP.NET application.
Everything is working fine but CAS is not able to redirect to the
destination service and showing its own logged in page.
Final URL is: - https://idiv-dev1:8443/cas/login?TARGET=
*http%3a%2f%2flocalhost%3a60397%2f*
where in
Hi,
This upgrade will be available in pac4j 3.0.0(-RC2). See:
https://github.com/pac4j/pac4j/commit/cfb5113300de914b6a6e5a109a87a9d1da576472
Thanks.
Best regards,
Jérôme
On Mon, May 7, 2018 at 9:55 AM, Neha Gupta wrote:
> Dear CAS Community,
>
> ORCID have updated the
Hello!
We have a problem and I hope someone can help us.
I let you the error log, basically we can not perform the Single Logout.
The problem we have comes when we delete the ST ticket, it shows, Unable to
remove ticket [ST-...]
However, it is capable of erasing the TGT ticket.
I do not know
Dear CAS Community,
ORCID have updated the API version to 2 and as such problem is coming while
authenticating with Orcid credentials. I am attaching a trace for the same.
Request you to please look into the same.
Error shown in the CAS trace: -
http://www.orcid.org/ns/orcid;>
1.2
API
25 matches
Mail list logo