[cas-user] Re: JDBC attribute repository sql search by principal

Hi Tos... I'm just now getting back into looking into this problem. Thank you for posting some clues that helped me get it working. #add cn. cn is returned by LDAP that I want to search db with, add it the to the list of attributeList cas.authn.ldap[1].principalAttributeList:

Re: [cas-user] Delegated authentication attribute resolution

Aaron, Do you also have an attribute list for the authn definition? like: cas.authn.ldap[0].principalAttributeList=cn,sn,... If so, your attributes may be coming from attribute list instead of attribute-repository. Check you repository settings (and maybe comment out attribute list). Cas can

Re: [cas-user] Delegated authentication attribute resolution

Yes, the attribute repository is cas.authn.attribute-repository.jdbc[0] It works fine with my cas.authn.ldap[0] and cas.authn.jdbc.search[0] authentication services, but seems to get skipped when I use the cas.authn.pac4j.oidc[0].azure authentication service. The attributes I get back are the

Re: [cas-user] Delegated authentication attribute resolution

Thank you for looking. Yes, the attributes are defined under cas.authn.attribute-repository.jdbc[0]... and as long as I use one of the two non-delegated authentication methods (jdbc or ldap) the properties come through fine. If I use the Azure AD authentication method, though, the only

[cas-user] CAS 6.6.x - Getting org.hibernate.TransactionException: Unable to commit against JDBC Connection

Hi We have recently upgraded to CAS 6.6.10 and occasionally noticing 'org.hibernate.TransactionException: Unable to commit against JDBC Connection' during REST API JWT creation (URL: /v1/tickets/tgtId:xxx). On checking the code, seems like this is recent change in

Re: [cas-user] Delegated authentication attribute resolution

Aaron, Do you have the attribute repository defined with: cas.authn.attribute-repository. ... properties? Ray On Wed, 2023-08-30 at 13:04 -0700, Aaron Chantrill wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and

Re: [cas-user] CAS 6.6.11 : help needed for cas-server-support-gauth-couchdb debugging

Hi, Thanks for this answer, I was indeed able to fix this part of the problem with it. Regards Le 25-Aug-2023 20:56:21 +0200, jbanner6...@gmail.com a crit: Looks like from your config, you don't have a static value set for gauth encryption, each restart without consistent values would

Re: [cas-user] CAS 6.6.11 : help needed for cas-server-support-gauth-couchdb debugging

Hi, Thank you very much for this very valuable answer ! I totally forgot to make those keys persistent, after seeing them during the startups and not even being able to notice they were different each time ... And I also purposely ignored 'publishToMavenLocal' in my command line, as I

[cas-user] Re: CAS Groovy Vulnerability (was CAS Security Releases)

Hi, AFAIK you are only vulnerable if you use "inline groovy" scripts (as can be seen in https://apereo.github.io/cas/6.6.x/integration/Attribute-Release-Policy-InlineGroovy.html ) So AFAIK groovy scripts in their own xxx.groovy file are not vulnerable (non vulnerable examples: