RE: [EXT] Re: [cas-user] CAS 6.6.8 - Authenticate using AD

It looks like you have a mix of different formats for property names. Can you share your current properties? You have some older names mixed with some current names. For example, after reviewing your original message, the ‘base DN’ property should be ‘cas.authn.ldap[0].base-dn’ and not ‘cas.auth

RE: [EXT] [cas-user] CAS 6.3.4 SAML Error.

Eric, What does the access log look like on the servlet container? For example, Tomcat should have a localhost_access_.log file that records all of the requests. I've seen this when ticket validation fails and I've had luck spotting the issue in the past by reviewing the incoming requests. Tha

RE: [EXT] [cas-user] Re: CAS 6.1.6 inotify instances skyrocketing with Groovy files in SAML service.

Hi All, Good timing – I think I just ran into this issue this morning running a Groovy authentication policy but most of our services are CAS. I’m going to keep an eye on it and will let you know what I find. CAS 6.3.0 on Java 11 Thanks, Tom From: cas-user@apereo.org On Behalf Of William Jojo

RE: [EXT] [cas-user] Tomcat versions for CAS 3.5.2

K, I don’t know the exact answer but here’s some feedback based on my experiences: What you need to figure out is what JDK you can run 3.5.2 on and then from there you can determine the latest version of the Tomcat container that might work. I’ve seen 3.5.2 on Java 8 with Tomcat 7. Since it wi

RE: [EXT] [cas-user] Attribute Repository issue!

I would recommend digging through your logs – I’m guessing that the value you’re seeing there (cyiXVXfM2gcgUD6d1kBfoa21HiUlt6vfDwdn) is being pulled as a principal attribute. I had a similar problem where the application kept trying to use one of the password attributes that was being returned

[cas-user] Freshdesk SAML with CAS

Keith, My guess would be that your attribute mapping that is coming through CAS doesn’t match the same format that ADFS was using. I would review the SAML assertion contents and the attribute encoding. If that is the problem you can either change the attribute encoding format in CAS or you can

[cas-user] Re: CAS v 6.2.x - Remove Banner version

Jeremie, The output that it is referring to there is in the cas.log file and would not be visible to users. Thanks, Tom From: cas-user@apereo.org On Behalf Of Jérémie Pilette Sent: Monday, January 25, 2021 8:08 AM To: CAS Community Cc: Fernando Gómez ; Jérémie Pilette Subject: [EXT] [cas-us

[cas-user] Jpa Connection pool settings

Joe, I don’t know if you removed it for security purposes but the error says that the application timed out trying to connect to the database and your settings are empty. It looks like your database URL (and other details) may be missing. Either way, double check your cas.ticket.registry.jpa.url

[cas-user] Authentication Policy with Multiple Directories

cy script to throw a Prevented Exception on certain conditions. It mostly works but it isn’t perfect and it seems like the authentication policy is the root issue so I’d like to create a new one either through a Groovy script or Java, if necessary. Thanks, Tom From: 'Tom O'Neill' via CA

Re: [cas-user] Strict Authentication Source Policy with newer Authentication Policy approach - CAS 6.2.3 - still.

Hi Colin, Did you ever get past this issue? I have a different issue but I am also troubleshooting the authentication manager/password policies and I’d be curious to know where you ended up. I am attempting to get the authentication manager to stop processing handlers if one returns an exception

[cas-user] Authentication Policy with Multiple Directories

policy. I added the following dependency and I see the log entries: cas-server-support-generic I’m going to see if I can use this approach to accomplish my goal. Still open to suggestions. Thanks, Tom From: 'Tom O'Neill' via CAS Community Sent: Tuesday, January 5, 2021 12:08

RE: [EXT] [cas-user] Authentication Policy with Multiple Directories

LDAP after authentication fails on the first. Thanks, Tom From: 'Tom O'Neill' via CAS Community Sent: Friday, January 1, 2021 3:51 PM To: cas-user@apereo.org Subject: [EXT] [cas-user] Authentication Policy with Multiple Directories CAUTION: This email originated from outside o

[cas-user] Authentication Policy with Multiple Directories

Hi All, I am working on a CAS 6.3 deployment where we need to configure multiple directories for authentication using LDAP. I have both LDAP sources configured and working with LPPE enabled but I need to change the authentication behavior slightly. If the user is found in the first directory a

RE: [EXT] Re: [cas-user] trouble getting saml idp to work with O365

Stewart, I would recommend double checking the contents of the assertion that is captured through the SAML tracer. You’ll want to verify that you’re providing the correct attributes as well: Name ID Immutable ID (objectGUID) IDPEmail UPN You’ll also wan

RE: [EXT] [cas-user] which version of SAML do I have

Jennifer, I’m not sure there’s anywhere you can screenshot but the modules you’ve built CAS with should show the versions for everything. Thanks, Tom From: cas-user@apereo.org On Behalf Of Jennifer LaVoie Sent: Tuesday, July 16, 2019 10:49 AM To: CAS Community Subject: [EXT] [cas-user] which

RE: [cas-user] CAS is Federated SSO?

Yan, Sounds like you’re on the right track and CAS can probably continue to meet your SSO needs. What version of CAS are you on now? With the right modules and configuration, a CAS server could support Open ID and SAML 2.0, in addition to CAS. Tom From: cas-user@apereo.org On Behalf Of Yan Z