Re: [cas-user] samlValidate failing due to NullPointerException

2018-09-06 Thread Curtis Ruck
I can validate these changes address the issue in my environment, though I believe we should be modifying cas itself to allow for this also. On Saturday, July 28, 2018 at 11:39:37 PM UTC-4, dhawes wrote: > > Likely: > > https://github.com/apereo/mod_auth_cas/issues/148 > > On Fri, Jul 27, 2018 at

[cas-user] Re: CAS 5.3.x Introduces Breaking Change for RequestID in cas-server-support-saml

2018-09-06 Thread Curtis Ruck
or at least have a boolean that can be flipped to disable this. On Sunday, September 2, 2018 at 9:29:23 PM UTC-4, Josh G wrote: > > Its worth mentioning this issue is related to the following from July: > > > https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/RequestId|sort:date/cas-

Re: [cas-user] CAS5.3.3 Service Registry is always empty?

2018-09-06 Thread Jon Hawkesworth
Hmm, is your customized cas.properties even getting loaded? Worth checking is where you are running cas from. If you are developing say on D: drive it might be looking for the cas.properties in D:\etc\cas\config. To debug, I recommend upping the log level to debug in your log4j2.xml for the core

Re: [cas-user] CAS5.3.3 Service Registry is always empty?

2018-09-06 Thread Yan Zhou
Yes, I do have the dependency. I also removed cas.serviceRegistry.initFromJson from cas.properties, so that it default to false. I am still not loading any service definition. How can I debug this in CAS? Yan On Thursday, September 6, 2018 at 2:19:51 PM UTC-4, David Curry wrote: > > Do

Re: [cas-user] CAS5.3.3 Service Registry is always empty?

2018-09-06 Thread David Curry
Do you have this in pom.xml: org.apereo.cas cas-server-support-json-service-registry ${cas.version} (you should)? -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x472

[cas-user] CAS5.3.3 Service Registry is always empty?

2018-09-06 Thread Yan Zhou
Hello, This is my external cas.properties, ## windows cas.serviceRegistry.json.location=file:///C:/mydir/cas/services cas.serviceRegistry.initFromJson=true Here is my QuestLocal-1001.json under c:/mydir/cas/services, But I am not loading any service definition. See below for logs.

Re: [cas-user] Re: disabling MFA, MFA failure modes

2018-09-06 Thread Andrew Marker
Thanks Travis. On Thu, Sep 6, 2018, 11:34 AM Travis Schmidt wrote: > This PR (https://github.com/apereo/cas/pull/3493 > ) was merged into 5.3.x branch, > and I think has been ported into some 5.2.x versions to try and address > some of these issues. > >

Re: [cas-user] CAS SSO User logged in as another user

2018-09-06 Thread Ray Bon
Juan, The session id is managed by tomcat. If this happened once, then it could be chalked up to coincidence. But that does not sound like the case. You might try tomcat forums. In the mean time you could try changing jsessionid to something else (jsessionidcas) to avoid potential conflicts with

Re: [cas-user] Re: disabling MFA, MFA failure modes

2018-09-06 Thread Travis Schmidt
This PR (https://github.com/apereo/cas/pull/3493 ) was merged into 5.3.x branch, and I think has been ported into some 5.2.x versions to try and address some of these issues. On Thu, Sep 6, 2018 at 9:20 AM Andrew Marker wrote: > I like the idea of a conf

[cas-user] Indexed Salesforce Properties

2018-09-06 Thread Siddharth Bhattacharjee
Hello, I am trying to setup CAS as the Identity provider across multiple salesforce sandboxes. If we can place metadata from the individual sandboxes in the SAML directory, can we have these properties indexed in any way? I'm thinking on these lines. # SAML 2.0 integration with Salesforce ca

[cas-user] Indexed Salesforce properties

2018-09-06 Thread Siddharth Bhattacharjee
Hello, I am trying to setup CAS as the Identity provider across multiple salesforce sandboxes. If we can place metadata from the individual sandboxes in the SAML directory, can we have these properties indexed in any way? I'm thinking on these lines. # SAML 2.0 integration with Salesforce ca

Re: [cas-user] MS Edge/IE issues with SAML2 + Duo

2018-09-06 Thread Andrew Marker
Hi Dave, I've implemented the patch on our pre-prod systems. The constituent testing and my own confirms that this does indeed resolve the issue: * For users of: IE/Edge * That need to use CAS to authenticate * For services that sign their SAML auth requests * Where the service requires MFA or

[cas-user] Re: disabling MFA, MFA failure modes

2018-09-06 Thread Andrew Marker
I like the idea of a configurable timeout for mfa globally or mfa provider-service level. The other ideas related to being able to disable it quickly or set discreet failure modes for populations and at the service level (which i think we can do already?) are really nice features/value adds.

[cas-user] Re: CAS login page is no longer password manager friendly

2018-09-06 Thread Andrew Marker
Hi all, When the IOS password safe inserts values into the username/password fields it doesn't trigger the onChange JavaScript code that is intended to re-enable the submit button. https://github.com/apereo/cas/blob/5.2.x/webapp/resources/static/js/cas.js#L137 We've overridden the theme for ou

[cas-user] CAS Java Client - Realms

2018-09-06 Thread Bryan Wooten
Hi all, We are trying to CASify Grouper 2.4 (just released) per this: https://spaces.at.internet2.edu/display/Grouper/Implementing+CAS+Authentication+for+Grouper And reading this: https://github.com/apereo/java-cas-client *Tomcat 6/7/8 Integration* The client supports container-based C

[cas-user] CAS and ScriptEnginePersonAttribute

2018-09-06 Thread 'Jesko Schneider' via CAS Community
Hallo, we do have CAS running against kerberos and ldap (fallback) from Microsoft. Now our team is requesting the groups of each user via CAS-3-Protocol. Most of the LDAP-user-entries have no UNIX-Extention. The problem is, that the groups for those users are nested in roles and the primary group