It looks like you have a mix of different formats for property names.
Can you share your current properties?
You have some older names mixed with some current names.
For example, after reviewing your original message, the ‘base DN’ property
should be ‘cas.authn.ldap[0].base-dn’ and not ‘cas.auth
Eric,
What does the access log look like on the servlet container?
For example, Tomcat should have a localhost_access_.log file that records
all of the requests.
I've seen this when ticket validation fails and I've had luck spotting the
issue in the past by reviewing the incoming requests.
Tha
Hi All,
Good timing – I think I just ran into this issue this morning running a Groovy
authentication policy but most of our services are CAS.
I’m going to keep an eye on it and will let you know what I find.
CAS 6.3.0 on Java 11
Thanks,
Tom
From: cas-user@apereo.org On Behalf Of William Jojo
K,
I don’t know the exact answer but here’s some feedback based on my experiences:
What you need to figure out is what JDK you can run 3.5.2 on and then from
there you can determine the latest version of the Tomcat container that might
work.
I’ve seen 3.5.2 on Java 8 with Tomcat 7.
Since it wi
I would recommend digging through your logs – I’m guessing that the value
you’re seeing there (cyiXVXfM2gcgUD6d1kBfoa21HiUlt6vfDwdn) is being pulled as a
principal attribute.
I had a similar problem where the application kept trying to use one of the
password attributes that was being returned
Keith,
My guess would be that your attribute mapping that is coming through CAS
doesn’t match the same format that ADFS was using.
I would review the SAML assertion contents and the attribute encoding.
If that is the problem you can either change the attribute encoding format in
CAS or you can
Jeremie,
The output that it is referring to there is in the cas.log file and would not
be visible to users.
Thanks,
Tom
From: cas-user@apereo.org On Behalf Of Jérémie Pilette
Sent: Monday, January 25, 2021 8:08 AM
To: CAS Community
Cc: Fernando Gómez ; Jérémie Pilette
Subject: [EXT] [cas-us
Joe,
I don’t know if you removed it for security purposes but the error says that
the application timed out trying to connect to the database and your settings
are empty.
It looks like your database URL (and other details) may be missing.
Either way, double check your cas.ticket.registry.jpa.url
cy script to throw a Prevented Exception on
certain conditions.
It mostly works but it isn’t perfect and it seems like the authentication
policy is the root issue so I’d like to create a new one either through a
Groovy script or Java, if necessary.
Thanks,
Tom
From: 'Tom O'Neill' via CA
Hi Colin,
Did you ever get past this issue?
I have a different issue but I am also troubleshooting the authentication
manager/password policies and I’d be curious to know where you ended up.
I am attempting to get the authentication manager to stop processing handlers
if one returns an exception
policy.
I added the following dependency and I see the log entries:
cas-server-support-generic
I’m going to see if I can use this approach to accomplish my goal.
Still open to suggestions.
Thanks,
Tom
From: 'Tom O'Neill' via CAS Community
Sent: Tuesday, January 5, 2021 12:08
LDAP after authentication
fails on the first.
Thanks,
Tom
From: 'Tom O'Neill' via CAS Community
Sent: Friday, January 1, 2021 3:51 PM
To: cas-user@apereo.org
Subject: [EXT] [cas-user] Authentication Policy with Multiple Directories
CAUTION: This email originated from outside o
Hi All,
I am working on a CAS 6.3 deployment where we need to configure multiple
directories for authentication using LDAP.
I have both LDAP sources configured and working with LPPE enabled but I need to
change the authentication behavior slightly.
If the user is found in the first directory a
Stewart,
I would recommend double checking the contents of the assertion that is
captured through the SAML tracer.
You’ll want to verify that you’re providing the correct attributes as well:
Name ID Immutable ID (objectGUID)
IDPEmail UPN
You’ll also wan
Jennifer,
I’m not sure there’s anywhere you can screenshot but the modules you’ve built
CAS with should show the versions for everything.
Thanks,
Tom
From: cas-user@apereo.org On Behalf Of Jennifer LaVoie
Sent: Tuesday, July 16, 2019 10:49 AM
To: CAS Community
Subject: [EXT] [cas-user] which
Yan,
Sounds like you’re on the right track and CAS can probably continue to meet
your SSO needs.
What version of CAS are you on now? With the right modules and configuration, a
CAS server could support Open ID and SAML 2.0, in addition to CAS.
Tom
From: cas-user@apereo.org On Behalf Of Yan Z
16 matches
Mail list logo