Re: [cas-user] Problem with CAS 6.2.6

Same issue : https://groups.google.com/a/apereo.org/g/cas-user/c/2CVCGqJOhgE/m/OlV7o8UoAgAJ Any idea ? Le mardi 2 février 2021 à 14:33:21 UTC+1, Florent Vallée a écrit : > Hello, > > I installed a CAS server in version 6.2.7. No worries for the connection and > the connection to the differen

[cas-user] logout redirect not working

Hi All, Using cas 6.2.6 I have both version of parameter set to true to be sure: cas.logout.follow-service-redirects=true cas.logout.followServiceRedirects=true Even like this when I logout the browser keep the logout page and redirect never happens : https://cas_host/logout?service=https%3A%2

Re: [cas-user] Re: Specifying TLS protocols and ciphers?

AFAIK, our CAS 5.0.x instances are using external Tomcat. We've always set the protocols and ciphers in its own config. Everything that connects to us (e.g. SSL Labs server tests) suggests we are using this external Tomcat. Yet we still get the logs provided previously, and I don't think we've done

Re: [EXTERNAL SENDER] Re: [cas-user] CAS 5.0.x newer ldaptive?

It's hard for me to remember where I first came across the "Always use UnboundID" rule to ldaptive. Don't remember if it was CAS, Shibboleth, or my own direct use of ldaptive. Under v1 docs, there is a very prominent note about Java 9 http://www.ldaptive.org/v1/ Provider info: http://www.ldapti

[cas-user] Diffie-Hellman parameter's size

I'm running a CAS 6 server with embedded Jetty and ssl checkers tell me that my DH parameter's size is only 1024. I haven't found any way to change it to 2048. my server.ssl configuration group looks like : protocol: TLS enabled-protocol: TLSv1.2 TLSv1.3 ciphers: TLS_ECDHE_ECDSA_WITH_AES

Re: [cas-user] Re: Specifying TLS protocols and ciphers?

The logs you see above from FileTrustStoreSslSocketFactory have nothing to do with Tomcat whether external or internal, or the connection exposed over http. And if you have not anything explicit to enable or disable the internal tomcat, then you get it by default. So you end up with a CAS applicat

[cas-user] Re: Memcache exception after restart cas 6.3.1 & 6.4.0-RC1

Could you reproduce this with a unit test? On Thursday, February 4, 2021 at 8:00:07 PM UTC+4 John Bond wrote: > > Hello all, > > We are currently using memcached to store store tickets using the > following configuration > > ``` > cas.ticket.registry.memcached.servers=localhost:11213 > cas.tick

[cas-user] Re: CAS 6.2.7 & 6.3.0 - global mfa - it's on all the time

On Tuesday, February 2, 2021 at 11:34:28 PM UTC+4 Andrew Marker wrote: > Hey, > > I'm moving from 5.3.x to 6.2.7 and I'm stymied in my progress by something > I hope is obvious. Since it is happening in both 6.2.7 and 6.3.0, I'm > hoping it is just miss configuration on my part and I'm hopin

Re: [cas-user] Re: Specifying TLS protocols and ciphers?

I guess I'm back to my original question then of is there a way to disable deprecated protocols and ciphers for this (org.apereo.cas.authentication.FileTrustStoreSslSocketFactory) for general consistency. Or is this something we should not bother with ( and why not)? Our 5.0.x builds are still usi

[cas-user] Using SCIM to modify/remove users from an SP account store

I have received a request from one of our SPs to use CAS to modify and/or remove users from their account store upon separation from the university. >From the limited CAS SCIM documentation on GitHub, I'm not sure what capa

Re: [cas-user] Using SCIM to modify/remove users from an SP account store

Dustin, >From the docs, it sounds like CAS SCIM is only for provisioning users (with >REST or groovy script). You would have to have a different system for managing >users after that. Does your university have some identity management software (i.e. midpoint or grouper)? Ray On Fri, 2021-02-

[cas-user] Re: logout redirect not working

You should only need the first property to enable service redirects on logout. One thing I can think of that would prevent the redirect is if the URL provided to the service parameter does not match an authorized service in your environment. Make sure that whatever you're passing to the service

[cas-user] CAS flow configuration

Hi everyone My scenario ideal is the next: - The user try the page with CAS security - CAS uses spnego por autehtication - If there is an error of authentication, try by LDAP with user/password But Now, I get the next: - The user try the page with CAS security - CAS uses

Re: [cas-user] Using SCIM to modify/remove users from an SP account store

On 5 feb 2021 20:20:13 CET, Ray Bon wrote: >Dustin, > >From the docs, it sounds like CAS SCIM is only for provisioning users >(with REST or groovy script). You would have to have a different system >for managing users after that. > >Does your university have some identity management software (i.e.

[cas-user] Re: CAS flow configuration

On Friday, February 5, 2021 at 11:30:49 PM UTC+4 Luis Antonio Garcia wrote: > My scenario ideal is the next: > >- The user try the page with CAS security >- CAS uses spnego por autehtication >- If there is an error of authentication, try by LDAP with >user/password > > But Now,

Re: [cas-user] Using SCIM to modify/remove users from an SP account store

Thank you, Ray & Francesco. Based on your replies, I surmise that CAS is not the right tool for this. We do use an IDM to sync Google Workspace accounts to AD; I'll reach out and see if the same can be done for other applications. On Friday, February 5, 2021 at 11:36:09 AM UTC-8 Francesco Chi

[cas-user] RE: logout redirect not working

Thanks Dustin I was excepting cas to do a simple redirect without looking if the service was valid or not. I was missing a / at the end of the service parameter. Stéphane Delcourt Informaticien – Gestionnaire système - Développeur T : +32 (0)2 6504180 From: Dustin J Luck Sent: Friday, 5 Februa

RE: [cas-user] Re: CAS flow configuration

Hi. I try it, but I get the next:- windows forma basic authenticationIf ok, cas web form, same credenciales.Is there a way for to get only web form?Thanks in advanceEnviado desde mi Galaxy Mensaje original De: Misagh Moayyed Fecha: 5/2/21 21:03 (GMT+01:00) Para: CAS Community