Hi,
I am on CAS 6 and noticed the generated SLO request to my SAML client is
invalid as it uses "logoutRequest" instead of "SAMLRequest" request
parameter:
https://preview.vaadin.com/forum/auth/saml/slo?callback=jQuery36005257602387445194_1708340330512&logoutRequest=%3C%3Fxml+version%3D%221.0%2
orically, I believe CAS used to have a "login ticket" which was a
> nonce. It dropped it somewhere between 3.x and 5.x, I believe.
>
> Thanks,
> Carl Waldbieser
> ITS
> Lafayette College
>
>
> On Wed, Apr 21, 2021 at 5:24 AM Paul Roemer wrote:
>
>>
Hey guys,
we noticed that you can easily create your own login form with copied
execution ID on any domain you might want to use for phishing attacks. As
for the victim everything looks good (login is successful), detecting the
attack is hard.
Example form for the CAS demo server:
https://ca
.html#turning-off-single-logout
>> )
>>
>> reference:
>> https://apereo.github.io/cas/6.2.x/installation/Logout-Single-Signout.html#logout-and-single-logout-slo
>>
>> Paul Roemer , 24 Ağu 2020 Pzt, 11:26 tarihinde şunu
>> yazdı:
>>
>>> Hey guys,
>
Hey guys,
we noticed some new behavior with delegated SSO authentication. When I
login with my Google SSO account at our CAS and logout again, I am not only
logged out from CAS but also from my Google account. This also happens with
delegated GitHub SSO.
We are using CAS 6.2.1 but I am unsure
newest version of sprint boot ?!
>
> For your purpose use spring boot profil and multi app.properties.
>
>
>
>
>
>
>
>
>
>
>
> Le jeu. 25 juin 2020 à 17:04, Paul Roemer a écrit :
>
>> Hey guys,
>>
>> today we noticed that we are
> Paul,
>
> Is the value in properties 'secrect' a typo?
> What about case, SECRET != secret?
>
> Ray
>
> On Thu, 2020-06-25 at 08:04 -0700, Paul Roemer wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Plea
Hey guys,
today we noticed that we are not able to override properties set in some
application properties file by environment variables.
For example, we have some property 'secrect' that we configure with value
'unknown' in application-production.properties. Now, for the deployment we
want to
-paris1.fr
wrote:
> Hi,
>
> In case you can't use front-channel SLO,
> when you use cookie affinity,
> here is a solution that duplicates the back-channel SLO request to all
> the backends :
> https://github.com/EsupPortail/proxy-broadcast
>
> cu
>
>
> Paul Ro
Hey guys,
I just ran into the SLO + loadbalancer issue as some of our CAS clients are
clustered. Now, I wonder if it is possible to send the POST logout requests
to the services participating at the current SSO session from within the
browser/from client side instead of sending them from the C
Ok, thanks. You are right, the service will initiate the login flow but I
wanted to avoid the additional roundtrip!
>
> That is expected behaviour. If the default service requires log in, it
> will initiate its login flow.
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: http
Hey,
I would like to be able to sepcify a default service that CAS redirects to
after a successful authentication instead of showing the principal
attributes. In the docs there is a section about a default redirect URL one
can configure:
# Defines a default URL to which CAS may redirect if the
Let's see. I will go for option 2) and prototype an implementation to check
the UX.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because yo
Hey guys,
today I would like to discuss ideas on how to determine whether a SSO
session tied to the user’s browser is still valid and accepted by CAS? In
my scenario one of our services that also has public pages has to check if
a SSO session was created via some other service and authenticate
David, Ray,
I successfully added the flow updates David shared. Thanks again, David.
I do not see a reason to allow users to login with different credentials in
our case, too. Per user there should be only one SSO session, mainly to not
confuse them. If other credentials are needed, then anothe
Wow David, awesome!
Thanks a lot. That saves me a lot of time and headaches for sure. As you, I
also wonder why this is the default behavior of CAS. After reading your
linked thread I am even more worried as I wasn't aware of the logout
consequences (only one of the two SSO sessions is closed).
Hey Ray,
sure, the second tab does not know about the TGC but both share the same
session cookie. That is why CAS should be able to detect such cases and
could react in a configrable way, right?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List G
oes not have the CAS session cookie (TGC), so the form submits as a
> new login and the TGC is switched to the second log in. Subsequent tabs
> will use the second login
>
> Ray
>
> On Fri, 2020-02-21 at 02:37 -0800, Paul Roemer wrote:
>
> Hey guys,
>
> do you know
Hey guys,
do you know if it is possible to configure CAS to deny logging in if the
user was authenticated already.
To reproduce what I mean you just have to open the CAS login screen in 2
tabs and log in in tab 1 and afterwards log in in tab 2 with a different
user. CAS will not complain and o
Hi,
I will try to describe the exact problem in detail as it is hard to sum up
in the title.
We have a website and several other services that we are gonna protect with
CAS 5.3. The website uses Spring Security but we have to use a custom
access control due to it's Vaadin nature. It's a SPA so
Hey guys,
as I am on it already:
What is the best approach to use CAS in conjunction with a command line
tool to login to a secured service? I read through the documentation and
the first problem seems to be that I am not in a browser context. Am I
forced to talk to the CAS REST API? Or are th
Hey guys,
I would like to understand if CAS already provides a configuration based
approach to map the SSO provider specific attributes in the payload to CAS
attributes map sent to the CAS service so that the services do not have to
take care about it.
Cheers,
Paul
--
- Website: https://ap
22 matches
Mail list logo