Re: [cas-user] CAS 6.6.8 - Authenticate using AD

2023-06-21 Thread Jason Everling
Try authenticated type instead, cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].bindDn=YOUR_BIND_DN, Can be upn format as well instead of full dn cas.authn.ldap[0].bindCredential=YOUR_BIND_PASSWORD On Wednesday, June 21, 2023 at 9:42:15 AM UTC-5 Ray Bon wrote: > Jérémie, > > 'Unknown u

[cas-user] Re: CAS Initializr has v6.6.6 instead of v6.6.5

2023-03-07 Thread Jason Everling
v6.6.6 is valid, it is a security release, https://apereo.github.io/2023/02/20/x509-vuln/ On Monday, March 6, 2023 at 11:13:04 PM UTC-6 jonan...@oru.edu wrote: > https://casinit.herokuapp.com/actuator/supportedVersions 6.6.6 > > https://github.com/apereo/cas/tags 6.6.5 > > Am I missing somethi

[cas-user] Re: Failed installing WS-Federation STS/IDP for CAS 6.4.6.1

2023-01-24 Thread Jason Everling
I was able to get it working on 6.6.x by adding a version override in build.gradle within the configurations.all section, dropping version to 2.4.1 eachDependency { DependencyResolveDetails details -> def requested = details.requested if (requested.group == "org.a

Re: [cas-user] Re: Older documentation is no longer available

2022-10-31 Thread Jason Everling
although its a bit sluggish, web archive has it, it's also on github source code under docs if you want to build it, this has 4.x up to 6.3 using the date I randomly chose, https://web.archive.org/web/20210616111636/https://apereo.github.io/cas/5.0.x/ From: cas-u

[cas-user] Re: Password Management

2022-03-30 Thread Jason Everling
You can use cas.authn.pm.ldap[0].searchFilter , just make sure you set others required, https://apereo.github.io/cas/6.5.x/password_management/Password-Management-LDAP.html , something like the below would work, msds-parentname is a constructed attribute in AD that holds the value of the curr

RE: [cas-user] JSON log file format

2020-08-26 Thread Jason Everling
We are using JSON format so that its more Filebeat friendly, did you also configure in your cas.properties? We didn’t have to change anything in the log4j xml besides enabling the audit file, the properties are below which comes from https://apereo.github.io/cas/6.2.x/configuration/Configuration-Pr

RE: [cas-user] Re: Try to install CAS with overlay method

2020-08-26 Thread Jason Everling
Are you sure, looks to me you have a typo in your ldap config, you have, dc=ou=people,example,dc=org, notice the dc= before ou= cas.authn.ldap[0].base-dn=dc=ou=people,exemple,dc=org But then you have cas.authn.ldap[0].dn-format=uid=%s,ou=people,dc=exemple,dc=org  From: qla3faSent: Wednesday, August

Re: [cas-user] Re: JDBC attribute SQL query

2020-07-10 Thread Jason Everling
you could also just use a few lines of javascript on your login page to first convert the username input to lowercase before posting, easier then messing with your db if it is used for some other applications From: cas-user@apereo.org on behalf of Kink Sent: F

Re: [cas-user] CAS 6 Attribute release not working

2020-06-15 Thread Jason Everling
the superset of attributes that may be released. The service registry json defines the attributes (subset) allowed to be released to the service? -Bryan On Mon, Jun 15, 2020 at 3:08 PM Jason Everling mailto:jason.everl...@gmail.com>> wrote: I didnt think CAS pulls attributes from ldap ba

Re: [cas-user] CAS 6 Attribute release not working

2020-06-15 Thread Jason Everling
I didnt think CAS pulls attributes from ldap based on the service definition? You have to add all attributes you expect to fetch from ldap, so in your config cas.authn.ldap[0].principalAttributeList=unid,cn,psrole,mail,uuemployee,uustudent,uuaffiliate,uudept,almail,sn,givenName Change it to cas.

Re: [cas-user] CAS Setup( gradle overlay method): Ubuntu 20.04 + CAS 6.2 + LDAP - Need proper instructions.

2020-05-17 Thread Jason Everling
probably don’t need to be a developer. A containerized app with > some external configuration is not unheard of :-) > > On May 17, 2020, at 6:45 PM, Jason Everling > wrote: > > It much easier, development wise, to use IntelliJ Idea to prepare and > deploy CAS,

Re: [cas-user] CAS Setup( gradle overlay method): Ubuntu 20.04 + CAS 6.2 + LDAP - Need proper instructions.

2020-05-17 Thread Jason Everling
It much easier, development wise, to use IntelliJ Idea to prepare and deploy CAS, you could also probably use Eclipse -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- Yo

Re: [cas-user] Re: Moving from Shib to CAS Shib IdP

2020-04-11 Thread Jason Everling
e > SAML1 so had to back track and move to the unicorn shib-cas plugin with CAS > 6.1.4. > > If you only need SAML2 then CAS Shib works fine, but for SAML1 as well, > you still need to use shibboleth. > > > On Thursday, April 9, 2020 at 8:26:19 PM UTC+1, Jason Everling wr

[cas-user] Moving from Shib to CAS Shib IdP

2020-04-09 Thread Jason Everling
Has anyone moved from standalone Shib to the built-in CAS Shib? I am looking to migrate ours, reduce complexity in our sso environment, we never really used Shib as a login source, CAS was always redirected to by Shib and I am curious on how you handled the new deployment. Did you just update D

[cas-user] update cas docs with attribute release for 2.0 protocol setting

2020-04-09 Thread Jason Everling
I never knew this was added to cas, I somehow stumbled upon it after looking over an updated default application.properties, it essentially adds the attribute release to the 2.0 protocol. I was still using a modded 2.0 view and the later started using the method described here, https://groups.g

[cas-user] Re: Changing LPPE Behavior

2020-02-25 Thread Jason Everling
I was able to use the cas rest password management feature to do what I needed, I created a simple api to translate what cas sends to what my app is expecting, so basically it sends the rest request to my script which in turn translates it and sends it to our password management app. -- - Webs

[cas-user] Changing LPPE Behavior

2020-02-24 Thread Jason Everling
Is there a way to change the ldap password policy, for example, what I would like to do, When Must Change Password or Password Expired detected, allow the login instead of blocking, grant service ticket/tgt , as if no errors occurred so that I can redirect the user to our password management ap

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-21 Thread Jason Everling
at 8:25 AM Robert Bond mailto:bo...@nsuok.edu>> wrote: iirc it can be the root ca or the client public cert. Are you using a public ca, and if so which one? To be safe you could just put the fullchain. On Thu, Feb 20, 2020 at 8:06 PM Jason Everling mailto:jason.everl...@gmail.com>> wr

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-20 Thread Jason Everling
ificates=file:/etc/cas/ldaps_cert.crt > > On Wed, Feb 19, 2020 at 7:34 PM Jason Everling > wrote: > >> Grab your LDAPS certificates, create a new JKS keystore type and add your >> certificates to it. The default java password is changeit so we will just >

Re: [cas-user] What happened to cas.authn.ldap[0].type=AUTHENTICATED in 6.1.x ?

2020-02-20 Thread Jason Everling
I fixed it, seems I had support-pm-jdbc in my pom, removed, cleaned, and deployed, works fine now. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this mes

Re: [cas-user] What happened to cas.authn.ldap[0].type=AUTHENTICATED in 6.1.x ?

2020-02-20 Thread Jason Everling
Yes, I am leaving at AD for type in passwordPolicy and running tests, AD is also required for cas.authn.pm.ldap.type. Although I can login now, when having to change password it errors with the below but I am not using sql in any cases, anywhere, for CAS 2020-02-20 09:15:30,513 ERROR [org.aper

Re: [cas-user] What happened to cas.authn.ldap[0].type=AUTHENTICATED in 6.1.x ?

2020-02-20 Thread Jason Everling
It doesn't start, error message below. Also, I just realized it works under the cas.authn.ldap[0].type BUT the one that causes it is cas.authn.ldap[0].passwordPolicy.type=AUTHENTICATED changing to cas.authn.ldap[0].passwordPolicy.type=AD CAS starts up just fine. When using AUTHENTICATED the e

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-19 Thread Jason Everling
Grab your LDAPS certificates, create a new JKS keystore type and add your certificates to it. The default java password is changeit so we will just use that as well. The AD ldap settings would be, cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name cas.authn.ldap[0].keystorePassword=chan

[cas-user] What happened to cas.authn.ldap[0].type=AUTHENTICATED in 6.1.x ?

2020-02-19 Thread Jason Everling
Looks like after a test upgrade from 6.0.x to 6.1.4 cas.authn.ldap[0].type=AUTHENTICATED no longer exists, it has to use cas.authn.ldap[0].type=AD but logins DO NOT work using the AD type, it never has. We have always had to use AUTHENTICATED but it looks like it was removed? Under https://ap