On Clicking logout which calls the cas/logout link :
WHO: casuser
WHAT:
TGT-1-*CPmWzMzi-I-client
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Tue May 15 15:45:17 IST 2018
CLIENT IP ADDRESS: 192.168.111.12
SERVER IP ADDRESS
Does the tomcat service have proper read rights to the json files and/or the
/etc/cas/services/ directories?
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Jann
Malenkoff
Sent: May-14-18 9:39 PM
To: CAS Community
Subject: Re: [cas-user] Service Registry -- Getting the 1st A
Lionel and Jann,
Did you ever have the JSON service registry working? If not, I recommend
that you take all the JPA stuff out of pom.xml and cas.properties and get
that working correctly first, so that you're only trying to debug one thing
at a time. Once you have the JSON service registry working
Hello Everyone
I am trying to get CAS to work with AD. I am getting the following error
and authentication fails. I already have the OS bound to AD for OS login,
so I know there is not firewall issue or anything. I am wondering if I
have the right libraries and jar files? I did update my po
If you're using ldap.type=AD, you should not be using a bind credential.
If you want to use a bind credential, you should use
ldap.type=AUTHENTICATED.
See
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1
for more info on ldap.type.
--Dave
-
I did a workaround by making a change to handledAuthenticationExceptions
and the @PostConstruct init() method.
//@Autowired
//@Qualifier("handledAuthenticationExceptions")
private Set> handledAuthenticationExceptions;
@PostConstruct
public void init() {
this.handledAut
If you are still interested I've faced the same problem and managed to
solve it.
Here is the code responsible for registering OAuth service to CAS.
@PostConstruct
public void initializeServletApplicationContext() {
final String oAuthCallbackUrl = casProperties.getServer().getPrefix() +
BAS
I updated my pom.xml last week to install LDAP, but I didn't redeploy the
war file...so I did that today, but now I can't reach
https://cas3.xxx.xxx/cas/login
I can still see my self signed cert though, so I didn't wipe out my
server.xml file...
If i go to here
https://cas3.xxx.xxx:8443/ I d
Looks like the CAS webapp isn't starting. catalina.out should tell you what
happened?
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Tue,
Hi Everyone,
Could someone help me to get this ERROR fixed.
Below is the entry from my json file
Filename: serviceRegistry-1524464822.json
[
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps|http)://.*",
"name" : "HTTPS/IMAPS wildcard",
"id" : 201709051116
If you're using the JSON service registry, services are supposed to be
defined one service per file, with all the files stored in a directory. And
there is a naming convention for the files:
JSON fileName = serviceName + "-" + serviceNumericId + ".json"
See
https://apereo.github.io/cas/development
Has anyone here had success in getting the InCommon Federation setup to use
the Shibboleth side of CAS 5.2.X? If so are you having to add each entity
individually, or were you able to use a single entry to get the entire
scope? We are looking at migrating our instance out of ADFS, and into CAS
Neha,
I have not used the .NET client. There may be more configuration that can be
done.
One possibility is certificate validity. For .NET client to connect to CAS
during ticket validation, CAS needs to verify client certificate.
Are you using self signed certificates? If so, they need to be add
Thanks Dave...I had to format my ldap stuff in the cas.properties
differently
It now looks like this
cas.authn.ldap[0].order:0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].ldapUrl: ldaps://xxx.c
This is a guess, but your dnFormat doesn't look very AD-ish to me. I note
that you have an "ou=Users" in the commented-out bindDn; shouldn't you have
that in dnFormat as well?
If you can, bring up one of the AD tools (under Windows) and look yourself
up, and copy the DN string exactly.
--Dave
-
ok...I will try that :)
I want to send you a pizza once I get this working LOL
On Tuesday, May 15, 2018 at 1:49:42 PM UTC-4, David Curry wrote:
>
> This is a guess, but your dnFormat doesn't look very AD-ish to me. I note
> that you have an "ou=Users" in the commented-out bindDn; shouldn't you h
Ramakrishna,
If the TGT is destroyed, then that SSO session is also destroyed even if the
TGC is not (why TGC is not removed is odd).
If you are still logged in to the client application, your client may not be
part of single log out (SLO). It is up to the client to manage its own session.
When
Hi Everyone
It was my malformed cas.properties entries for LDAP
Working now.
Thank you all for your help
Jen
On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>
> Looks like the CAS webapp isn't starting. catalina.out should tell you
> what happened?
>
> --
>
> DAVID A. CURRY,
I want to be able to hit the admin page from any host...is there a way to
do that in the /etc/cas/config/cas.properties file? I tried leaving the
entry blank, but no luck
my subnet is 10.28.51 so I at least need that so all my sys admins can log
in.
thanks
Jen
--
- Website: https://apereo.g
You need to set cas.adminPagesSecurity.ip to a regular expression that
matches the IPs you want to let in.
To allow all of 10.28.51 in, you'd have something like this:
cas.adminPagesSecurity.ip: ^10\\.28\\.51\\.[0-9]{1,3}$
I have something like this:
cas.adminPagesSecurity.ip:
^19
Thanks again
what type of pizza do you eat?
On Tue, May 15, 2018 at 4:02 PM, David Curry
wrote:
> You need to set cas.adminPagesSecurity.ip to a regular expression that
> matches the IPs you want to let in.
>
> To allow all of 10.28.51 in, you'd have something like this:
>
> cas.adminPagesSecu
Hi David:
You Sir --- are a gentleman and a scholar.
Very much appreciated from both of us.
Working exactly as you have outlined.
Please accept out utmost gratitude.
On Tuesday, May 15, 2018 at 5:15:55 AM UTC-7, David Curry wrote:
>
> Lionel and Jann,
>
> Did you ever have the JSON service re
How do I set up user attributes for SAML 2.0?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "
The same way you do for CAS services, pretty much. Just list what you want
to return. If you need the uri naming, you can use the "return mapped
attributes" feature; there's an example of that in my doc. Although that
may or may not be necessary depending on the SP.
CAS 5.3 has some improved funct
Hi Jen,
One more thing to note, next time you might want to double check your debug
log before posting.
I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636",
so I think you recognized that uri to be confidential.
But I can clearly see the actual ldap server in your debug
Ha.. thanks Andy :)
On Tue, May 15, 2018, 21:28 Andy Ng wrote:
> Hi Jen,
>
> One more thing to note, next time you might want to double check your
> debug log before posting.
>
> I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636",
> so I think you recognized that uri to b
26 matches
Mail list logo