Re: [cas-user] Re: Carriage returns in SAML2

In our case it was ' '. > We applied Dmitriy's trick and solved the issue. > *-Dorg.apache.xml.security.ignoreLineBreaks=true* > Thank you > > El lun, 21 oct 2024 a las 16:00, Jeremiah Garmatter () > escribió: > >> Thank you Dmitriy, >> >> That

[cas-user] Re: SAML IDP AUTHENTICATION

Papeace, If you haven't already, I'd recommend installing a web-browser plugin called "SAMLTracer". It'll decode SAML requests and responses which you can use to troubleshoot the authentication process. I'm not sure if this is an copy-paste issue or some sort of encoding problem, but your requi

Re: [cas-user] Re: Carriage returns in SAML2

as able to authenticate to both of my troublemaking Service Providers with this fix. On Saturday, October 19, 2024 at 3:35:45 AM UTC-4 Dmitriy Kopylenko wrote: > Add this JVM system property: > *-Dorg.apache.xml.security.ignoreLineBreaks=true* > > > > On Fri, Oct 18, 2024 at 15:

[cas-user] Re: Carriage returns in SAML2

m from appearing in the SAML2 response. See the screenshot of what I'm talking about: [image: saml2-newlines.png] On Friday, September 13, 2024 at 12:18:35 AM UTC-4 Jeremiah Garmatter wrote: > Hello, > > After an upgrade from CAS 6.6.3 to CAS 7.0.4.1 one of my service providers > ca

[cas-user] Carriage returns in SAML2

Hello, After an upgrade from CAS 6.6.3 to CAS 7.0.4.1 one of my service providers can no longer receive signed assertions sent from my CAS server without experiencing errors. We use the SAML2 module for this SP. After some back and forth with the SP they found that our signed SAML assertions c

[cas-user] Re: Duo MFA behavior on CAS 7

url?q=https://www.youtube.com/channel/UCvdGjbOWVUkVJZVm0l-px7g&source=gmail-html&ust=1674828335432000&usg=AOvVaw1nIUlB6-a3l6ENfFlK-WfL> *Jeremiah Garmatter* Linux Systems Administrator Office of Information Technology IT Building 107 419-772-1074 j-garmat...@onu.edu On Wed, Aug 21, 2024

Re: [cas-user] Hazelcast not working after upgrade from CAS 6.6 to CAS 7.0

Phil, Is port 5702 also open between your CAS servers? If you use the autoincrement option I believe the nodes take a different port. For instance, I have four servers in prod, autoincrement enabled, port 5701 set, so I need to open ports 5701-5704 between each server in my CAS cluster. If you

Re: [cas-user] Hazelcast not working after upgrade from CAS 6.6 to CAS 7.0

Agreed, Your configuration seems fine. Looks similar to mine. I have more options specified though: cas.ticket.registry.hazelcast.cluster.core.instance-name=login-dev cas.ticket.registry.hazelcast.cluster.network.members=ip1,ip2 cas.ticket.registry.hazelcast.cluster.network.port=5701 cas.ticket.r

Re: [cas-user] Remove principal from audit logs

gt; -- > *From:* cas-...@apereo.org on behalf of Jeremiah > Garmatter > *Sent:* 22 July 2024 06:45 > *To:* CAS Community > *Subject:* [cas-user] Remove principal from audit logs > > Is it possible to remove the user's principal from a

[cas-user] Remove principal from audit logs

Is it possible to remove the user's principal from audit logs in CAS 7? I resolve all relevant user attributes with the principal instead of using a separate LDAP connection. It seems like SAML2 authentications want to print every resolved attribute in the principal and it really clutters the l

[cas-user] Re: CAS 7 Embedded Tomcat with PEM certs

ion/Configuring-Servlet-Container-Embedded.html I can only imagine CAS passes some other value, possibly "changeit" by default into the server.ssl.key-password. Hopefully this helps others stuck on the same problem. On Thursday, July 11, 2024 at 10:55:16 AM UTC-4 Jeremiah Garmatter wrote:

[cas-user] Re: no audit log anymore on cas6.6 after rebuilt

Stephane, Sometimes my CAS instance loses audit logs during upgrades. I don't change the log4j2.xml file between upgrades but the new versions don't like my old configuration. What has worked for me is to download a fresh copy of log4j2.xml for your version of CAS. I get mine from the CAS overl

[cas-user] Re: Security concern allowing 127.0.0.1 (localhost) as allowed serviceID

I'm not sure if this would be less secure than any other service at least from a brute force perspective. The user still has to log in to your CAS instance. If you want to prevent brute forcing, you should employ some sort of account lockout after so many failed attempts or the CAS authenticatio

[cas-user] Re: CAS 7 Embedded Tomcat with PEM certs

e if a bad key is used during decryption. Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. On Monday, June 24, 2024 at 3:22:30 PM UTC-4 Jeremiah Garmatter wrote: > I tracked down a few PEM SSL

[cas-user] Re: CAS 7 Embedded Tomcat with PEM certs

ithZero.run(PKCS12KeyStore.java:257) at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:361) ... 34 more On Monday, June 17, 2024 at 12:53:41 PM UTC-4 Jeremiah Garmatter wrote: > Has the APR functionality been removed or replaced on CAS 7's embedded > Tomcat server? >

[cas-user] Re: I am new to CAS and am confused on how to set it up

Kanari, If you're trying to create a CAS server, take a look at the following guides. They taught me how to set up CAS. David Curry's Guide (older, but still useful): https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html Paul Chauvet's Guide (more recent version of CAS):

[cas-user] CAS 7 Embedded Tomcat with PEM certs

Has the APR functionality been removed or replaced on CAS 7's embedded Tomcat server? I wanted to use PEM encoded SSL certificates instead of the Java keystore. When I use the APR configurations in cas.properties I receive errors that the properties failed to bind and they are no longer recogniz

Re: [cas-user] Re: Duo MFA behavior on CAS 7

t; After updating metadata ... > > Ray > > On Fri, 2024-01-05 at 12:40 -0800, Jeremiah Garmatter wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > Thanks for the r

[cas-user] Re: Duo MFA behavior on CAS 7

ntly expecting. Perhaps a similar approach may work for you? #cas.server.name=publicname.example.edu cas.server.name=nodename.example.edu:8443 Aloha, -baron On Fri, Jan 5, 2024 at 6:59 AM Jeremiah Garmatter wrote: Hello, I am trying out CAS 7 with the embedded Tomcat instance. I noticed a chan

[cas-user] Duo MFA behavior on CAS 7

Hello, I am trying out CAS 7 with the embedded Tomcat instance. I noticed a change in behavior that will impact my authentication flow and wanted to see if anyone else has come across it and found a work around. I run my CAS server over port 8443 but, for user convenience, I forward traffic fr

[cas-user] Re: Need help with configuration

Hello, I would recommend looking over the following guides as well, they helped me get started with CAS. For CAS 5 (pretty old so some of the names have changed but the ideas are the same): https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html For CAS 6: https://paulchau

[cas-user] Re: Request: CAS Letter of Support

Hi Patrick, Where should we send our completed letters? On Thursday, September 7, 2023 at 2:20:02 PM UTC-4 Patrick Masson wrote: > *(Cross-posting on CAS Announcements and CAS Community)* > > Dear CAS Community, > > *TL;DR:* Apereo is seeking grant funding to support the continued > developmen

[cas-user] Re: JAMF OIDC

Hi Matt, I am looking to configure Jamf Connect with my CAS instance. I currently have the OIDC portion working with CAS but the ROPG returns a CAS 500 internal server error related to an "InvalidTicketException: null" error. Did you run into anything like this when configuring CAS with JAMF Co

[cas-user] Re: CAS OIDC Resource Owner Password Grant

test, make sure you update the values I surrounded with <> and adjust or remove the scope parameter. You can then pass the received access_token in a post request to "https:///cas/oidc/profile" to retrieve the claims you allowed your app to access. On Tuesday, June 13, 2023 at 9:

[cas-user] CAS OIDC Resource Owner Password Grant

Hello, I am new to OIDC but I am tasked with integrating an OIDC application to my SSO. One requirement for this app is the "Resource Owner Password Credential" (ROPC) grant. I skimmed the OIDC documents on the wiki but did not find any mention of ROPC. My question is: Does the OIDC module fo

Re: [cas-user] Cas login page with no service

Thomas, You could also set the cas.successful-login.display-attributes=false within your cas-theme-default.properties file. You'd need to rebuild the overlay with gradle and re-deploy the app but this option does exactly what you want. On Wednesday, March 29, 2023 at 12:17:48 PM UTC-4 Ray Bon w

[cas-user] CAS with Duo - TLS Deprecation

Duo will end support for TLS1.0 and 1.1 after June 30th, 2023. Once Duo ends support they say that connection requests using TLS1.0 or 1.1 will not receive a response, resulting in blocked authentication. Here is a Duo article with some info: https://help.duo.com/s/article/7546?language=en_US Do

[cas-user] Duo Universal Referrals Question

Hello, I have a service that checks the referer and origin HTTP headers against a whitelist to determine what servers it can communicate with safely. After implementing the Duo Universal Prompt on our test server, this service threw an error. Adding our Duo API host to the whitelist allowed us

[cas-user] Re: DUO Universal Breaks Interrupt Webflow

:18 PM UTC-4 Jeremiah Garmatter wrote: > Hello, > > I have an issue with the Groovy-based interrupt and DUO Universal prompt. > > The interrupt works fine on CAS 6.3.4 on Tomcat 9.0.46 with the regular > DUO integration. I log in, authenticate with DUO, see the interrupt and can

[cas-user] Re: Busted Apereo Link

The link has now been corrected. Apereo support got back with me about it yesterday. On Tuesday, January 4, 2022 at 2:21:51 PM UTC-5 Jeremiah Garmatter wrote: > I sent this to in...@apereo.org as well, but just so others are aware... > > There is a broken link on this webpa

[cas-user] Busted Apereo Link

I sent this to i...@apereo.org as well, but just so others are aware... There is a broken link on this webpage: https://www.apereo.org/projects/cas The text says, "CAS Documentation" and directs to this URL: https://apereo.github.io/cas/4.2.x/index.html It looks like whoever maintains the github

[cas-user] Re: CAS 6.3 got InvalidTicketException when I stay on login page more than 5 minutes

I have that set to 30 as well, but when I wait for 35 minutes I can still log in. One time I left it open for hours and was able to log in still. Using Chrome browser v94.0.4606.81 On Tuesday, October 19, 2021 at 4:40:36 AM UTC-4 He Vincent wrote: > I think I may find the RCA, it is due to the

[cas-user] Re: CAS 6.3 got InvalidTicketException when I stay on login page more than 5 minutes

I had this issue with SAML as well. The issue appeared when I used the embedded web server, after deploying externally to apache tomcat, I no longer have this problem. CAS 6.3.4, Tomcat 9.0.46 On Thursday, October 14, 2021 at 11:28:18 PM UTC-4 He Vincent wrote: > CAS Protocol has no such issue.

[cas-user] DUO Universal Breaks Interrupt Webflow

Hello, I have an issue with the Groovy-based interrupt and DUO Universal prompt. The interrupt works fine on CAS 6.3.4 on Tomcat 9.0.46 with the regular DUO integration. I log in, authenticate with DUO, see the interrupt and can continue to my service without issues. The problem comes out whe

[cas-user] Re: access to service registry

Andrea, The CAS Management webapp is merely an interface into the CAS webapp's service registry. You'll need access to the machine running the CAS webapp. I'd suggest checking the cas.properties file (typically /etc/cas/config/cas.properties on Linux machines) and look for a property that star

Re: [cas-user] Re: Error - Can't Determine SAML Request

t; validates the ST twice. Of course the second validation fails and cas > throws the 500. This may be what you are experiencing. > > Try turning up debugging on your cas server(s). > > Ray > > On Tue, 2021-06-15 at 13:57 -0700, Jeremiah Garmatter wrote: > > Notice: Thi

[cas-user] Re: Error - Can't Determine SAML Request

;m guessing that service is no longer needed? I can not reproduce this error, but I see a few hundred of them logged a day, which worries me. Does anyone have insight into this issue? On Thursday, June 3, 2021 at 11:39:29 AM UTC-4 Jeremiah Garmatter wrote: > I should've specified that

[cas-user] Re: Null InvalidCookieException

UTC-4 Jeremiah Garmatter wrote: > After upgrading to CAS 6.3.2 with embedded tomcat server in a HA > deployment with a mongodb shared ticket registry, I see hundreds of > warnings a day about invalid cookie exceptions: > > WARN [org.apereo.cas.web.support.gen.CookieRetrieving

[cas-user] Re: User Name in Cas Login Screen

Hi Shavim, I didn't use 5.2.4 so the names may be different. I've never used keycloak either, but maybe there is a way to change what value is released there instead of a CAS workaround. A CAS workaround is to change the casGenericSuccessView.html file. You'll need to obtain the default casGen

[cas-user] Null InvalidCookieException

After upgrading to CAS 6.3.2 with embedded tomcat server in a HA deployment with a mongodb shared ticket registry, I see hundreds of warnings a day about invalid cookie exceptions: WARN [org.apereo.cas.web.support.gen.CookieRetrievingCookieGenerator] - org.apereo.cas.web.support.InvalidCookieE

[cas-user] Re: Error - Can't Determine SAML Request

OutAlready=false, format=XML, attributes={entityId=[]})]; Continuing processing...> On that last line, I've removed the entries and replaced them with . The proper values are shown in actuality. On Wednesday, June 2, 2021 at 10:04:02 AM UTC-4 Jeremiah Garmatter wrote: > Hello, > > I

[cas-user] Error - Can't Determine SAML Request

Hello, I recently upgraded from CAS 6.2.1 to 6.3.2. I am using the embedded Tomcat server with this version. Occasionally, when users try to sign on to specific Service Providers I see this error : ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]]

[cas-user] Re: CAS 6.3.2 Standalone JVM Memory

GB. I assume the embedded tomcat application keeps 1 GB for itself? On Wednesday, May 19, 2021 at 2:58:54 PM UTC-4 Jeremiah Garmatter wrote: > Hello, > > I am running CAS 6.3.2 with embedded tomcat using the following command: > /usr/bin/java -Xmx2G -jar /opt/production/cas.war > >

[cas-user] CAS 6.3.2 Standalone JVM Memory

Hello, I am running CAS 6.3.2 with embedded tomcat using the following command: /usr/bin/java -Xmx2G -jar /opt/production/cas.war I have 8GB of RAM, I'd like to run CAS with a maximum of 2GB of memory (hence -Xmx2G) however, everytime CAS starts, it states that: JVM Maximum Memory: 1 GB Any id

Re: [cas-user] Failed Login Attempts

y Bon wrote: > > Jeremiah, > > There is also throttling based on usename and IP address, > https://apereo.github.io/cas/6.3.x/installation/Configuring-Authentication-Throttling.html. > > I have not used this, just rate throttling. > > Ray > > > On Mon, 2021-0

[cas-user] Failed Login Attempts

Hello, I'm looking for a feature of CAS 6.3 that will allow me to lock or limit users after a few failed login attempts. I have tried the failure throttling module but find it confus

[cas-user] Re: passing static values that are not in AD???

Keith, I believe we have the same SP, I used the "Stub" attribute repository to release a set of static attributes. Here's the CAS document for 5.3's Stub Repo: https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#stub Relevant section in my cas.properties looks somethi

Re: [cas-user] CAS Statistics

h, >> >> You can get that data from the audit log. You will of course have to >> collate it yourself. >> >> Ray >> >> On Thu, 2021-02-25 at 11:31 -0800, Jeremiah Garmatter wrote: >> >> Notice: This message was sent from outside the University of V

Re: [cas-user] CAS Statistics

elf. > > Ray > > On Thu, 2021-02-25 at 11:31 -0800, Jeremiah Garmatter wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello, > > I am looking for a way

[cas-user] CAS Statistics

Hello, I am looking for a way to view login statistics. Does CAS 6.2.X have a way to view how many people are logged into a specific application at a time, or rather, what services are hit to initiate the login session? I've checked the actuators and haven't found what I'm looking for yet. I t

[cas-user] 6.2.1 Max Logins

Hello, I wish to prevent users from signing in after X amount of logins. I saw there is a property for login attempts: # ${configurationKey}.login-failures=5 within the password policy

Re: [cas-user] Temporary Account

cas.authn.ldap sections (and attribute lookup, if necessary). They are > searched in order, so it should not impact your regular lookups. > > Ray > > On Wed, 2020-12-16 at 05:40 -0800, Jeremiah Garmatter wrote: > > Notice: This message was sent from outside the University of

[cas-user] Temporary Account

Hello, I am running CAS 6.2.1 with attributes fed from an LDAP directory. A vendor has requested a temporary account to test with while they set up a new service. I was wondering if there was a way to make a temporary account within CAS instead of creating one in LDAP? My LDAP servers feed int

Re: [cas-user] Ticket Granting Ticket Expiration Policy

ion/Configuration-Properties.html#tgt-expiration-policy > > Ray > > On Mon, 2020-12-07 at 11:31 -0800, Jeremiah Garmatter wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > Hel

[cas-user] Ticket Granting Ticket Expiration Policy

Hello, I am running CAS 6.2 with MongoDB as my ticket registry. Can someone tell me the default time for a TGT to expire? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --

Re: [cas-user] Re: Deployment SAML Certificate Changes

T required, but it's easier to manage. > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 <(646)%20909-4728> • david...@newschool

[cas-user] Re: Deployment SAML Certificate Changes

Wednesday, September 9, 2020 at 11:02:20 AM UTC-4 Jeremiah Garmatter wrote: > > Hello, > > I am getting close to deployment of my CAS 6.2.1 instance. I would like > some advice on updating the idp-encryption{.crt,.key}, idp-metadata, and > the idp-signing{.crt,.key} for my product

[cas-user] Deployment SAML Certificate Changes

Hello, I am getting close to deployment of my CAS 6.2.1 instance. I would like some advice on updating the idp-encryption{.crt,.key}, idp-metadata, and the idp-signing{.crt,.key} for my production servers. I have two servers (we'll call them server-1.onu.edu and server-2.onu.edu) that I would

Re: [cas-user] Google SSO

values, > which doesn't have onu.edu in it. I don't remember what the generic > values are. When we upgraded CAS, I logged in to click that button to swap > prod over. > > On Mon, 2020-09-07 at 13:05 -0700, Jeremiah Garmatter wrote: > > Richard, > > I'd lik

Re: [cas-user] Google SSO

and Location="https://www.google.com/a/onu.edu/acs"; Does that all seem correct? I'd really like to verify as this is one of the most used services on campus. On Monday, August 17, 2020 at 2:17:54 PM UTC-4 Jeremiah Garmatter wrote: > You were right on the first guess,

Re: [cas-user] Memcached for HA CAS 6.2

Maybe I need to configure something on the memcached package before I try connecting to their instances with spymemcached. Can anyone confirm that the memcached package for CentOS 7 works for CAS out-of-box? On Friday, September 4, 2020 at 9:14:32 AM UTC-4 Jeremiah Garmatter wrote: > Tha

Re: [cas-user] Memcached for HA CAS 6.2

before when I telnet into each server's memcached instance. On Friday, September 4, 2020 at 9:01:51 AM UTC-4 ste wrote: > Hi, > > Try to use comma separator in > cas.ticket.registry.memcached.memcached.servers property. > > Jérôme. > > Le ven. 4 sept. 2020 à 14:24, J

[cas-user] Memcached for HA CAS 6.2

Hello, I have made it through the CAS installation, configuration and customization process for CAS 6.2. The final thing that I must do is configure a ticket registry shared between two CentOS 7 servers. I was planning on using memcached because my predecessor used it on the old CAS 3.5.2 inst

Re: [cas-user] Re: How have you implemented password policies and management?

hat. I am wondering if anyone has had luck implementing some sort of password warning system into CAS though? -Jeremiah Garmatter, Systems Administrator -Ohio Northern University, Class of 2020 -Work: 419-772-1074 Cell: 419-672-8685 -j-garmat...@onu.edu On Sat, Aug 29, 2020 at 11:01 AM Poddar, A

[cas-user] How have you implemented password policies and management?

Hello, I am looking for some general information on password policies and management. I am wondering how others have implemented LDAP password expiration warnings on their CAS installments (hoping for advice on CAS 6.2, but any advice is good). Do you use your LDAP provider's password policy?

Re: [cas-user] CAS 6.2 Password Policy

nding something, but only on the day the password expires. I'll check out what's happening on LDAPs side when I get some time later. -Jeremiah Garmatter, Systems Administrator -Ohio Northern University, Class of 2020 -Work: 419-772-1074 Cell: 419-672-8685 -j-garmat...@onu.edu On Thu, Aug 20, 2

Re: [cas-user] CAS 6.2 Password Policy

sword-policy-settings > > > > *From:* Jeremiah Garmatter > *Sent:* Wednesday, August 19, 2020 12:27 PM > *To:* CAS Community > *Cc:* King, Robert > *Subject:* Re: [cas-user] CAS 6.2 Password Policy > > > > Alright, I was able to track down a little more in

Re: [cas-user] CAS 6.2 Password Policy

terruption screen to notify users as they login. > > > > > > *From:* cas-...@apereo.org *On Behalf Of *Jeremiah > Garmatter > *Sent:* Wednesday, August 5, 2020 10:30 AM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] CAS 6.2 Password Policy > > > >

[cas-user] Re: View Password on Mobile

button. On mobile, a "held click" typically has some advanced behavior, such as a right click on windows. I'm guessing the button only sees the initial click and it isn't held long enough for the password to change. On Monday, August 17, 2020 at 3:24:04 PM UTC-4 Jeremiah Garma

[cas-user] View Password on Mobile

Hello, I am running CAS 6.2.1 with SpringBoot 2.2.8 on tomcat 8.5.56 and java openjdk 11.0.7 . I noticed when viewing the https://XX/cas/login page on a mobile device, the "show password" button highlights slightly when I press it, but it does not show the password. I was using an Iphone S

Re: [cas-user] Google SSO

thout typos, I was able to successfully logout from both CAS and Google mail. -Jeremiah Garmatter, Systems Administrator -Ohio Northern University, Class of 2020 -Work: 419-772-1074 Cell: 419-672-8685 -j-garmat...@onu.edu On Mon, Aug 17, 2020 at 11:52 AM Richard Frovarp wrote: > I haven'

Re: [cas-user] Google SSO

l with the logout URL field on Google? On Friday, August 14, 2020 at 12:10:39 PM UTC-4 Jeremiah Garmatter wrote: > Sweet, thanks for all this Richard, you've saved me a lot of headache. > > -Jeremiah Garmatter, Systems Administrator > -Ohio Northern University, Class of 2020 >

[cas-user] Re: CAS Release/Security Announcements

Dustin, I would check https://apereo.github.io/ This is Apereo's blog, they last updated July 24th of this year discussing a vulnerability. On Friday, August 14, 2020 at 2:55:17 PM UTC-4 Dustin J Luck wrote: > Where is the proper place to get notifications for new CAS releases and > security

Re: [cas-user] Google SSO

Sweet, thanks for all this Richard, you've saved me a lot of headache. -Jeremiah Garmatter, Systems Administrator -Ohio Northern University, Class of 2020 -Work: 419-772-1074 Cell: 419-672-8685 -j-garmat...@onu.edu On Fri, Aug 14, 2020 at 12:06 PM Richard Frovarp wrote: > I thin

Re: [cas-user] Google SSO

Ah, I see now. I should have mentioned that, in our case, the username is being sent to google as well, just through that attribute. When you set up google's single sign on, did google's side inform you of the namespace they are expecting usernames to come in as? -Jeremiah Garmatte

Re: [cas-user] Google SSO

test domain: > https://www.google.com/a/gsuitetest.ndsu.edu/acs > > Nameid Format: Leave at 1.1 unspecified > > You don't need a cert. You need to upload your SAML certificate to Google > so that it can verify the response. > > You will need to edit the generated metada

[cas-user] Re: CAS 5.1 and SAML2 parsing error

Scott, To me, it sounds like the *org.apereo.cas.support.saml.services.SamlRegisteredService *class is not defined. If you're using the Maven or Gradle overlay template, did you include the dependency for cas-server-support-saml-idp? Here is the CAS documentation for more info on 5.1.x saml 2

[cas-user] Re: CAS Web UI Changes

sday, August 6, 2020 at 10:40:54 AM UTC-4 Jeremiah Garmatter wrote: > Interestingly, on firefox the favicon.ico is used on the site but on > chrome the default cas favicon is used. > > Another note: I decided to try the header.html fragment to change the > logo. I took out t

[cas-user] Re: CAS Web UI Changes

hrome or firefox. On Wednesday, August 5, 2020 at 4:14:49 PM UTC-4 Jeremiah Garmatter wrote: > Hello all, > > I've been working on an upgrade to CAS 6.2 and I am ready for some UI > changes. > > I created a src/main/resources directory, with a static/css and > stati

[cas-user] CAS Web UI Changes

Hello all, I've been working on an upgrade to CAS 6.2 and I am ready for some UI changes. I created a src/main/resources directory, with a static/css and static/images directory within it. I copied the messages.properties file as well as cas.css and successfully modified them as I wished. N

Re: [cas-user] CAS 6.2 Password Policy

Robert, You are saying that password policy is defined within openldap itself and not within CAS? I'd prefer not to change any ldap configuration if that can be avoided. Is there no way to change the attribute checked for password expiration within CAS properties? -Jeremiah Garmatter, Sy

[cas-user] CAS 6.2 Password Policy

Hello, I am having trouble understanding the password policy documentation for CAS 6.2.x. I use openldap as the ldap source. I would like to set up a policy that warns users of a password change at 60 days, 30 days, and forces a password change at 2 days. This policy was enforced on a server ru

[cas-user] Google SSO

Hello, I've recently upgraded my CAS server from 5.3.14 to 6.2.1 and had a question about Google Apps integration. On the older system, there was a gradle dependency for google apps SAML: implementation "org.apereo.cas:cas-server-support-saml-googleapps:${project.'cas.version'}" I get a depr

Re: [cas-user] Re: Spring-web

atching the cas-manager version. > > Mickaël > > Le jeu. 30 juil. 2020 à 15:27, Jeremiah Garmatter a > écrit : > >> Follow-up: >> >> I've placed the absolute ordering tag within the ROOT application's >> web.xml file and I was able to get past

Re: [cas-user] Re: Spring-web

t; there are a lot of duplicates, this will become tedious. > I was not able to get 5.x cas-management installed. Working on 6.x now. > > Ray > > On Thu, 2020-07-30 at 07:32 -0700, Jeremiah Garmatter wrote: > > Notice: This message was sent from outside the University of Victori

Re: [cas-user] Re: Spring-web

application to run. On Thursday, July 30, 2020 at 10:32:54 AM UTC-4 Jeremiah Garmatter wrote: > Ray, > > It looks like Maven is grabbing all of them, after cleaning the target > directory within the cas-management-webapp-5.3 directory, I run "./mvnw > package" and all of th

Re: [cas-user] Re: Spring-web

:12 AM UTC-4 Ray Bon wrote: > Jeremiah, > > How are these multiple libraries getting in to the lib directory? > You could just delete the duplicates, or wipe and rebuild. > > Ray > > On Thu, 2020-07-30 at 06:27 -0700, Jeremiah Garmatter wrote: > > Notice: This messa

[cas-user] Re: Spring-web

eceive the same error as posted yesterday with or without the tag inside ROOT/WEB-INF/web.xml. I even tried making a web.xml for the cas-management server in a misunderstood attempt at a solution. Has anyone seen this before? On Wednesday, July 29, 2020 at 4:15:01 PM UTC-4 Jeremiah Garma

[cas-user] Spring-web

Hello, Recently, I've built a new(er) version of CAS for my university's SSO. I am utilizing CAS maven overlay to build CAS 5.3 deployed through tomcat. I recently decided to add the management webapp (v5.3) and after adding it to tomcat's webapps directory, I received this error: 29-Jul-2020

[cas-user] Re: CAS-management-webapp spring boot/beans version compatibility with mongo/json service registry

Duncan, I know this thread is over a year old, but I have been tasked with upgrading a (very old) CAS deployment to 5.3 and have run into the same issue. "Caused by: java.lang.IllegalArgumentException: More than one fragment with the name [spring_web] was found. This is not legal with relative