Re: [cas-user] CAS 6.2.X: TGC Cookie set twice

I have tested this with Firefox 84 and Chrome 87.0.4280.88 and in both cases no cookie is sent with the next request, thus failing to login the user. As far as I understand, the server is allowed to send multiple "Set-Cookie" headers with different values. The client (browser), however, is only

[cas-user] How to define surrogate required attributes in a service?

Hello, I'm trying to configure some required attributes for the primary user in an surrogate authentication process. My service-JSON-File looks like this (for local testing): { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://localhost:8443/test/.*";,

[cas-user] Re: How to define surrogate required attributes in a service?

Forgot to say: It's CAS Version 6.2.5. Marcel Fromkorth schrieb am Freitag, 8. Januar 2021 um 11:22:25 UTC+1: > > Hello, > > I'm trying to configure some required attributes for the primary user in > an surrogate authentication process. > > My service-JSON-File looks like this (for local testing

[cas-user] Authentication Policy with Multiple Directories

I have my Groovy authentication policy code being executed but I may be missing something. The script is only passed the authenticated principal from the authentication context in GroovyScriptAuthenticationPolicy.java cas-server-core-authentication-api/src/main/java/org/apereo/cas/authentication

[cas-user] invalid xml cas for apache/PHP

It appears that the body returned is not a valid SOAP-ENV XML document. Actually after inspecting the body, two XML SOAP-ENV documents (concatenated) are returned within the same response, which is unexpected and gets our SOAP parser lost. * This happens only with PHP/APACHE apps , all Java/JBOSS

[cas-user] CAS (6.2.6) using delegated authentication to Azure

Hi all, I'm trying to setup a new CAS 6.2.6 environment to eventually replace our 5.3.x environment. Unlike our current environment (where we do regular LDAP authentication against on-prem Active Directory) - I wanted to setup delegated authentication, pointed at Azure AD. I started by follow

Re: [cas-user] CAS 6.2.X: TGC Cookie set twice

Ulrich, Same versions of chrome and firefox on linux. When I use delegated auth to azure, I first pass through the cas log in page and it redirects to azure. Thus my browser has already 'seen' the empty TGC. Is this your flow, or do you go to azure first? Also, does your TGC have a suffix, '-1.2

Re: [cas-user] CAS (6.2.6) using delegated authentication to Azure

Paul, I, too, received that error message with SAML delegation. I did get OIDC working. It looks like the only build requirement is: implementation "org.apereo.cas:cas-server-support-pac4j-webflow:${casServerVersion}" Ray On Fri, 2021-01-08 at 15:58 +, Paul Chauvet wrote: Notice: T

Re: [cas-user] CAS 6.2.X: TGC Cookie set twice

Different workflow here. I access my application and it redirects to the CAS Login Page. On the CAS Login Page I can choose whether to log in directly (via CAS protocol) or externally (via Azure). To that end there is a button that will take me to the Azure login page. However, my browser will

Re: [cas-user] CAS 6.2.X: TGC Cookie set twice

Ulrich, According to, https://tools.ietf.org/html/rfc6265, in particular 4.2.2, the order of cookies in the header should not matter. Is it possible that the app server is setting/modifying the order? I am using tomcat 9. Ray On Fri, 2021-01-08 at 10:01 -0800, Ulrich Mayring wrote: Notice: This