Re: [cas-user] Customizing CAS MFA with Google Authenticator to send TOTP via External API

Irfan, Check this blog, https://fawnoos.com/blog/ Also the developer section of the docs https://apereo.github.io/cas It sounds like you are trying to turn WhatsApp into an authenticator app. Instead of co-opting Google Authenticator, you may be able to build it parallel to GA. See https://ape

Re: [cas-user] CAS v7.2: fixing double SSO session?

A trigger to reauthn in app2 (or any other situation that generates a new TGT) should not logout of app1. It would be better to preserve the prior services rather than perform SLO? We added functionality to move service tickets from the old TGT to the new TGT in the case where MFA was optional

Re: [cas-user] CAS 7.1.0 as SAML Idp

ds On Wednesday, 25 September 2024 at 21:17:09 UTC+2 Ray Bon wrote: The serviceId should be the entityId from metadata, https://spring.io/security/saml-sp Unless you changed it. If you are trying to access unsolicited login, see https://apereo.github.io/cas/7.0.x/authentication/Configuring-SAML2

Re: [cas-user] CAS 7.1.0 as SAML Idp

The serviceId should be the entityId from metadata, https://spring.io/security/saml-sp Unless you changed it. If you are trying to access unsolicited login, see https://apereo.github.io/cas/7.0.x/authentication/Configuring-SAML2-Authentication.html#unsolicited-sso Ray On Wed, 2024-09-25 at 10

Re: [cas-user] CAS management 7

34,187 DEBUG [org.springframework.webflow.engine.Transition] - 2024-03-27 07:39:34,187 DEBUG [org.springframework.webflow.engine.ActionState] - ... Regards, Hartmut Ray Bon schrieb am Dienstag, 26. März 2024 um 19:40:57 UTC+1: Benjamin, The behaviour you describe happens when the service ticket can n

Re: [cas-user] Documentation generation for 6.6.x

Sébastien, There may be a gradle task, https://apereo.github.io/cas/developer/Build-Process.html#tasks Ray On Wed, 2024-09-18 at 07:13 -0700, Sébastien BEAUDLOT wrote: You don't often get email from sebastien.beaud...@univ-avignon.fr. Learn why this is important

Re: [cas-user] org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE

Perhaps this https://apereo.github.io/cas/7.0.x/ux/User-Interface-Customization-Localization.html#localization-1 cas.locale.cookie.name= Ray On Wed, 2024-09-11 at 10:30 -0700, Muniyasamy V wrote: You don't often get email from vrkmuniyasam...@gmail.com. Learn why this is important

Re: [cas-user] mfa-simple email and sms selection

Agus, My interpretation of the docs is that if you fill in both sms and email, the user will get to choose (or cas will send to both). Ray On Fri, 2024-09-06 at 06:26 -0700, Agus Santosa wrote: You don't often get email from agusant...@gmail.com. Learn why this is important

Re: [cas-user] CAS sessions for one user displaced by another user? (CAS 7)

Baron, I think there are two different issues happening - not sure if they are related. 1) IP address associated with log events (cas side) 2) application data disclosed to unauthorized user (service side) 1) Not sure why two log events for duo would happen so close together; Unless cas rechecke

Re: [cas-user] CAS audit logs also appended to Tomcat catalina.out?

Baron, Remove unwanted appenders from the audit stanza. See section on 'Additivity' https://logging.apache.org/log4j/2.x/manual/configuration.html Ray On Wed, 2024-09-04 at 16:52 -1000, Baron Fujimoto wrote: You don't often get email from ba...@hawaii.edu. Learn why this is important

Re: [cas-user] Issue with compiling CAS 7.x.x

scripts to only enabled MFA for a single dept. That was in version 6. If you use the CAS Initializr and add groovy scripting it adds that package Thanks Jeff On Sun, 25 Aug 2024 at 18:11, Ray Bon mailto:r...@uvic.ca>> wrote: Jeff, Where do you see cas-server-core-scripting being recomm

Re: [cas-user] OIDC Service Unauthorized

Juan, OIDC reaches cas at a different endpoint. I use cas/oidc/oidcAuthorize?scope=... Ray On Mon, 2024-08-26 at 18:57 -0700, Juan Fernando Rivera wrote: You don't often get email from eljuanfe...@gmail.com. Learn why this is important Hi, I'm havi

Re: [cas-user] Required assertionConsumerServiceUrl in SAML SP configuration?

Petr, It is required in the service definition / saml metadata to prevent a malicious site from providing an ACS URL that does not match the entityId. Ray On Tue, 2024-08-27 at 06:16 -0700, Petr Bodnár wrote: You don't often get email from p.bod...@centrum.cz. Learn why this is important

Re: [cas-user] CAS 7 Upgrade and Password Reset Behavior

Miguel, Perhaps you could expire passwords for a subset of users each day/week to minimize the involvement of the help desk. Ray On Tue, 2024-08-13 at 12:10 +0200, 'Miguel Martínez De Espronceda Cámara' via CAS Community wrote: Hello all, We are in the process of upgrading from CAS 6 to CAS 7

Re: [cas-user] CAS Management 7.0.0.SNAPSHOT not working

Tom, Perhaps this will work https://apereo.github.io/cas/7.0.x/installation/Admin-Dashboard.html Ray On Sat, 2024-08-24 at 01:12 -0700, Tom Reijnders wrote: I cannot get CAS Management 7 to work, As mentioned by others, CAS authentication of CAS Manegement does not work, because the authentic

Re: [cas-user] Issue with compiling CAS 7.x.x

Jeff, Where do you see cas-server-core-scripting being recommended? There is no package by that name in versions 7, 6, nor 5. Ray On Mon, 2024-08-12 at 00:25 -0700, 'stonej' via CAS Community wrote: Hello All, Having to move to CAS 7 due to shibboleth idp only working on tomcat 10 now. Tried

Re: [cas-user] Rolling over IdP SAML 2.0 certs

Patryk, If you have a dev environment, you can check this. Maybe cat the old and new keys/certs into idp-signing.{key,crt} Ray On Mon, 2024-08-12 at 03:33 -0700, Patryk Sondej wrote: You don't often get email from bux.pat...@gmail.com. Learn why this is important

Re: [cas-user] Unable to create SAMLRequest during logout in delegated authentication with azure ad

Use a browser plugin like SAML Tracer to see what is being sent in the log out request. Also check when and which cookies are being created / sent. If the expired TGC is being used, that will create problems. Expired cookies should be removed by the browser. Does this behaviour happen in all br

Re: [cas-user] Hazelcast not working after upgrade from CAS 6.6 to CAS 7.0

with an app with a memory leak is throw more resources at it. That's not a fix, that's a bandaid and not a very good one at that. On Fri, Aug 2, 2024 at 12:47 PM Ray Bon mailto:r...@uvic.ca>> wrote: Erik, Increase tomcat memory; to 16 or more Gb. Ray On Thu, 2024-08-01 at 13:3

Re: [cas-user] Hazelcast not working after upgrade from CAS 6.6 to CAS 7.0

Erik, Increase tomcat memory; to 16 or more Gb. Ray On Thu, 2024-08-01 at 13:34 -0500, Erik Mallory wrote: You don't often get email from erik.mall...@gmail.com. Learn why this is important Same for 7.0.4 in production our test and dev environments

Re: [cas-user] SAML request could not be determined from the authentication request

Mohamed, This may be related to CORS, https://apereo.github.io/cas/7.0.x/services/Configuring-Service-Http-Security-Headers.html# Ray On Tue, 2024-07-30 at 05:48 -0700, Mohamed Amdouni wrote: Hello, We are encoutering this exception : "SAML request could not be determined from the authenticat

Re: [cas-user] Installing CAS 7 on Debian 12

Wouldsmina, What do you get for $ java -version You could set JAVA_HOME to point to your jdk21 install location. Ray On Tue, 2024-07-30 at 17:15 +0200, wouldsmina wrote: Hello, I am trying to install CAS 7.0 or 7.1 on Debian 12. I have installed Java 21 from the package provided here: https

Re: [cas-user] About decorating custom data on individual and every web flow

emmuz 2024 Perşembe tarihinde saat 02:30:01 UTC+3 itibarıyla Ray Bon şunları yazdı: Yusuf, Could you implement the logic in javascript and add it to the pages? Ray From: cas-...@apereo.org on behalf of Y G Sent: 24 July 2024 04:24 To: CAS Community Subject:

Re: [cas-user] Saml2

ble to send Saml request and receive SAML response to SP2(web browser app) to validated the assertion and open session for the user. Or is there way to do SSO login using CAS from iOS to safari On Wed, Jul 24, 2024 at 22:10 Ray Bon mailto:r...@uvic.ca>> wrote: Jesse, What authentication p

Re: [cas-user] Security concern allowing 127.0.0.1 (localhost) as allowed serviceID

jehan, A safer option would be to use a dev cas instance that is only accessible to subnets and VPN pools used only by the developers. As long as it's mostly stable (99% uptime), devs would be rarely inconvenienced. This assumes that you have a full dev infrastructure (LDAP, databases, etc). An

Re: [cas-user] gradlew command to generate cas.properties with all options...?

Matt, $ ./gradlew tasks # to see what gradlew can do $ ./gradlew exportConfigMetadata# creates config-metadata.properties Ray From: 'Matthew Gordon' via CAS Community Sent: 24 July 2024 13:00 To: CAS Community Subject: [cas-user] gradlew command to generate

Re: [cas-user] Saml2

Jesse, What authentication protocols are available for your iOS app? ServiceTicket is part of CAS protocol (different from cas service / IdP); SAML is another protocol. Cas service supports other protocols. Whatever protocol you want to use, you need a client / service provider / relying party

Re: [cas-user] About decorating custom data on individual and every web flow

Yusuf, Could you implement the logic in javascript and add it to the pages? Ray From: cas-user@apereo.org on behalf of Y G Sent: 24 July 2024 04:24 To: CAS Community Subject: [cas-user] About decorating custom data on individual and every web flow You don't

Re: [cas-user] Remove principal from audit logs

Jeremiah, You can add a filter to the Logger https://logging.apache.org/log4j/2.x/manual/filters.html Ray From: cas-user@apereo.org on behalf of Jeremiah Garmatter Sent: 22 July 2024 06:45 To: CAS Community Subject: [ca

Re: [cas-user] How to configure access to cas management using LDAP roles

= memberOf But don’t know what to do to avoid listing the users in adminusers.json Thanks Le mar. 16 juil. 2024 à 04:53, Ray Bon mailto:r...@uvic.ca>> a écrit : Mohamed, I have this in my management.properties file mgmt.authz-attributes[0] = description In LDAP I have description: ROL

Re: [cas-user] How to configure access to cas management using LDAP roles

Mohamed, I have this in my management.properties file mgmt.authz-attributes[0] = description In LDAP I have description: ROLE_ADMIN I believe the attribute value must be ROLE_ADMIN. You may be able to remap the value from your ldap group. Ray From: cas-user@aper

Re: [cas-user] Delegated Authentication SAML2 : Single EntityID

mina Le jeu. 11 juil. 2024 à 19:54, Ray Bon mailto:r...@uvic.ca>> a écrit : wouldsmina, Your cas SP must be known to any IdP you want to authenticate with. If your cas SP metadata is in eduGAIN, that would be enough; otherwise you will have to send it to each IdP you want to interact

Re: [cas-user] Delegated Authentication SAML2 : Single EntityID

eclared on other IdPs apart from the first). I'm going to continue testing, and if I find the right configuration, I'll put it here for information. Thanks for your advice. Wouldsmina. Le jeu. 11 juil. 2024 à 05:37, Ray Bon mailto:r...@uvic.ca>> a écrit : wouldsmina, Are you

Re: [cas-user] Delegated Authentication SAML2 : Single EntityID

://apereo.github.io/cas/7.0.x/integration/Delegate-Authentication-SAML-Discovery.html https://apereo.github.io/cas/7.0.x/integration/Delegate-Authentication-SAML.html Ray From: Michal Voců Sent: 10 July 2024 23:53 To: cas-user@apereo.org ; Ray Bon Subject: Re: [cas-user

Re: [cas-user] Delegated Authentication SAML2 : Single EntityID

aml-signing-cert-lmu.key files, but I don't think that's a problem. Thanks for the link, I had seen this documentation, but I don't understand what the json file of cas.authn.pac4j.core.discovery-selection.json.location should contain. Is there any documentation or an example ?

Re: [cas-user] Delegated Authentication SAML2 : Single EntityID

ards Le mer. 10 juil. 2024 à 00:37, Ray Bon mailto:r...@uvic.ca>> a écrit : Wouldsmina, Once your SP metadata is in the specified location, cas will not recreate it. Are you using a different entityId or key for each IdP? That is not necessary. Ray Fro

Re: [cas-user] Delegated Authentication SAML2 : Single EntityID

Wouldsmina, Once your SP metadata is in the specified location, cas will not recreate it. Are you using a different entityId or key for each IdP? That is not necessary. Ray From: cas-user@apereo.org on behalf of wouldsmina Sent: 09 July 2024 02:03 To: CAS Commu

Re: [cas-user] /cas/actuator endpoints lower priority?

I can confirm that /cas/actuator/health periodically returns HTTP 503 (server unavailable). The frequency of returns tends to increase over several hours. We have even observed high frequency of 503's at times when (presumably) authentications would be minimal (in the middle of the night). I am t

Re: [cas-user] CAS files not generating

Benjamin, You can create directories and files as necessary; then rebuild. Ray From: cas-user@apereo.org on behalf of Ben Sent: 02 July 2024 08:46 To: CAS Community Subject: [cas-user] CAS files not generating You don't often get email from zealot...@gmail.co

Re: [cas-user] apologies if this is a dup

There is often a note at the bottom of a feature page with troubleshooting information. https://apereo.github.io/cas/7.0.x/authentication/LDAP-Authentication.html#troubleshooting Ray From: cas-user@apereo.org on behalf of chromie ohess Sent: 24 June 2024 17:56

Re: [cas-user] Esup-otp with cas-overlay-template

The process is described here https://apereo.github.io/cas/7.0.x/mfa/Custom-MFA-Authentication.html This blog may have some examples https://fawnoos.com/blog/ Ray From: cas-user@apereo.org on behalf of Issaka Rabo Moutari Sent: 23 June 2024 02:15 To: cas-user@a

Re: [cas-user] I am new to CAS and am confused on how to set it up

Kanari, The cas version 3 most likely refers to the cas protocol and not the cas server. If the django plugin is not up to date, you can also use OIDC or SAML. Ray From: cas-user@apereo.org on behalf of Kanari Hirano Sent: 23 June 2024 21:09 To: CAS Community

Re: [cas-user] cas server support Google Authenticator

Rabo, See https://apereo.github.io/cas/7.0.x/mfa/GoogleAuthenticator-Authentication.html Ray From: cas-user@apereo.org on behalf of Issaka Rabo Moutari Sent: 24 June 2024 09:58 To: cas-user@apereo.org Subject: [cas-user] cas server support Google Authenticato

Re: [cas-user] Problem with exception in a groovy script in CAS v7.X

Mikaël, Under Password Policy tab on https://apereo.github.io/cas/7.0.x/installation/Password-Policy-Enforcement.html there are properties that do not show up in the 6.6.x docs. Perhaps some new attributes were introduced. Ray From: cas-user@apereo.org on beh

Re: [cas-user] 7.0.4 SAML and Duo Bypass

Al, I think the null pointer is on the bypass check rather than something about the list of attributes. It is possible that SAML IdP adds a slightly different flow; maybe it does not check for null. Can you use a groovy script? Ray From: cas-user@apereo.org on

Re: [cas-user] Suggestions for registry cleaner when CAS is deployed to AWS

Pablo, I have an application.yml file in src/main/resources with all properties. Some of them have variables for values: cas: authn: saml-idp: metadata: file-system: location: ${saml-idp.metadata.file-system.location} At the bottom of the file I have default values (

Re: [cas-user] CAS 7.0.4 cannot start ; ...actuate.autoconfigure.sbom.SbomEndpointAutoConfiguration caused by ClassNotFoundException

${project.'cas.version'}" // jehan Still don't know why I have the error : "org.springframework.boot.actuate.autoconfigure.sbom.SbomEndpointAutoConfiguration caused by ClassNotFoundException" [1] Any other advices ? thanks . On Tuesday, June 4, 2024 at 1:49:02 A

Re: [cas-user] CAS 7.0.4 cannot start ; ...actuate.autoconfigure.sbom.SbomEndpointAutoConfiguration caused by ClassNotFoundException

Jehan, If you are upgrading, make sure the appropriate changes are in [at least] gradle.properties and build.gradle. I have these in build.gradle: implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}") implementation platform(org.springframework.boot.

Re: [cas-user] Recommendations on mfa-gauth registration and removal strategies

Yusuf, Is this what you are looking for, https://apereo.github.io/cas/7.0.x/registration/Account-Management-Overview.html#multifactor-registered-devices Ray On Fri, 2024-05-24 at 02:15 -0700, Y G wrote: You don't often get email from yusuf.gun...@gmail.com. Learn why this is important

Re: [cas-user] I am unable to connect with my MYsql Database and Application Not Authorized

Vijayawada, Issue 2: Usually 500s will have some logged failure reason (e.g. unable to connect to db). Turn up the logging level if necessary. Issue 1: The service parameter sent to cas must match the serviceId (which can be a regular expression). Yours is very specific; moodle is probably send

Re: [cas-user] CAS 7.0.4 Can't get cas-management (7.0.0-SNAPSHOT) to authenticate to CAS

I have been able to determine that the problem results from cas-management not knowing how to handle the callback [from cas]. In cas-management 6.5, if one directly access the callback endpoint, https://local.uvic.ca/cas-management/callback the log shows the CALLBACK code/filter being activated:

Re: [cas-user] CAS 7.0.4 Can't get cas-management (7.0.0-SNAPSHOT) to authenticate to CAS

Tom, I am experiencing the same problem (too many redirects). I will be comparing the behaviour of cas-management 6.5 to 7-snapshot today. Ray On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote: You don't often get email from ajjreijnd...@gmail.com. Learn why this is important

Re: [cas-user] cas 7.1.0 disable slf4j and active groovy for auditing .Is it work ?

'customHttpRequestHeader' is only an example; you would have to define it as part of the groovy script (or add it to the headers somewhere else). Ray On Tue, 2024-05-14 at 04:57 -0700, artur mis wrote: You don't often get email from artvr@gmail.com. Learn why this is important

Re: [cas-user] One-to-many User mapping question in Delegated AuthN

Yan, I see two problems with letting user select the correct username: 1. user needs to know which username belongs to which application (sounds like a help desk nightmare) 2. a username may match a real user, e.g., jsmith might exist in both applications, allowing johnsmith to log in as both js

Re: [cas-user] CAS 7.04 trying to login on cas-management

Tom, Does your service definition for cas-management include an MFA reference? Ray On Wed, 2024-05-08 at 13:10 -0700, Tom Reijnders wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I've setup CAS

Re: [cas-user] multiple mfa simple instances?

Marcin, If you have multiple providers, cas can display a menu, https://apereo.github.io/cas/7.0.x/mfa/Multifactor-Authentication-ProviderSelection.html Are you making your own mobile authenticator app or do you want to use one not in the list of supported MFA endpoints, https://apereo.github.

Re: [cas-user] CAS 7.0.3 Office365 Integration and attributes problem

Łukasz, Increase your logging level. Some of the output should list the attributes and values for the user logging in; just to make sure those attributes are being resolved. Ray On Tue, 2024-05-07 at 23:14 -0700, Łukasz Woźniak wrote: Notice: This message was sent from outside the University o

Re: [cas-user] Enforce MFA without authentication (active SSO session)

want MFA be triggered on EVERY request to /authorize. I might be completely lost too, would be happy to receive some insight on this if someone is aware :) Many thanks! Tom On Wednesday 8 May 2024 at 03:39:51 UTC+3 Ray Bon wrote: Tom, Could it be that the groovy script is returning null or

Re: [cas-user] Enforce MFA without authentication (active SSO session)

Tom, Could it be that the groovy script is returning null or a value that cas does not understand? Ray On Tue, 2024-05-07 at 06:49 -0700, tjan...@gmail.com wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive inf

Re: [cas-user] Re: CAS7 bean creation override question

Yan, Configuration classes are driven by spring. Perhaps this class runs before the debugger can connect to the [starting] app. For your Configuration class to be called, it needs to be added to src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

Re: [cas-user] SAML2 Delegated Authentication problem (org.xml.sax.SAXParseException: Premature end of file.)

Are you missing service-provider-metadata-path? Ray On Wed, 2024-05-01 at 20:20 +0200, wouldsmina wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I want to use SAML2 Delegated Authenticat

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

ibute merging? On Tuesday, April 16, 2024 at 8:55:32 p.m. UTC-2:30 Ray Bon wrote: I have been able to confirm that the presence of the surrogate log in feature can create the observed problem. implementation "org.apereo.cas:cas-server-support-surrogate-webflow" The non merging of att

Re: [cas-user] CAS Client side (user) session timeout - regd

text only) Any relevant cas.properties for this? Thanks in advance! On Saturday, April 13, 2024 at 12:10:30 AM UTC+5:30 Ray Bon wrote: Amulya, Are you talking about logging out of an application or about cas? For an application, that would be in the application configuration. For cas, see https

Re: [cas-user] Bean Creation Exception on CAS 6.6.x migration from 6.5.x when using CAS events components

Dhanunjaya, It is possible that some of the properties have changed name. Check the docs and / or ./gradlew exportConfigMetadata Which will list deprecated properties and their replacement. Ray On Thu, 2024-04-18 at 00:16 -0700, Dhanunjaya Y wrote: Notice: This message was sent from outside th

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

at 1:48:06 a.m. UTC-2:30 Ray Bon wrote: Mike, What logger did you enable to see this? Ray On Fri, 2024-04-12 at 11:36 -0700, Mike S wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Thanks for yo

Re: [cas-user] cas7, how do I load thymeleaf files in Intellij?

log output. > Run with --scan to get full insights. > Get more help at https://help.gradle.org. BUILD FAILED in 3m 9s 10 actionable tasks: 9 executed, 1 up-to-date On Saturday, April 13, 2024 at 12:18:06 AM UTC-4 Ray Bon wrote: Yan, The overlay project is a shell that makes deployment simple becau

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

n Friday, April 12, 2024 at 12:24:47 p.m. UTC-2:30 Ray Bon wrote: Mike, I can confirm this behaviour. DefaultPrincipalElectionStrategy was changed between 6.5 and 7.0. The change was in 5bcef20 about 5 months ago. The old behaviour was to select the first principle in a list; new behaviour d

Re: [cas-user] cas7, how do I load thymeleaf files in Intellij?

Yan, The overlay project is a shell that makes deployment simple because it _does not_ include all of the files from cas. When you build the overlay, it pulls in the cas war file, replacing any files you may want to override with ones from your overlay src folder. If you want to make changes to

Re: [cas-user] CAS Client side (user) session timeout - regd

Amulya, Are you talking about logging out of an application or about cas? For an application, that would be in the application configuration. For cas, see https://apereo.github.io/cas/6.6.x/ticketing/Configuring-Ticket-Expiration-Policy.html Ray On Fri, 2024-04-12 at 04:00 -0700, Amulya Sri P

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

Mike, I can confirm this behaviour. DefaultPrincipalElectionStrategy was changed between 6.5 and 7.0. The change was in 5bcef20 about 5 months ago. The old behaviour was to select the first principle in a list; new behaviour defaults to last. Even setting this property, cas.person-directory.pr

Re: [cas-user] Throttling Authentication Attempts doesn't work

rval=PT60S cas.authn.throttle.failure.throttle-window-seconds=PT5M but when i have deux failed attempts it's banned. I need 5 attempts Le jeudi 6 avril 2023 à 11:59:11 UTC, William Vincent a écrit : Hi It works, user can login if using wrong password William Le mer. 5 avr. 2023 à 23:56, Ray Bon a

Re: [cas-user] SAML2 protocol in CAS6.4.6.6

X' ¿Any idea about this? ¿Is a good solution? Thanks, - Xavier - El dia divendres, 22 de març del 2024 a les 16:03:39 UTC+1, Ray Bon va escriure: Xavier, The property names may have changed (your version is old). Maybe search this blog, https://fawnoos.com/blog/ Ray On Fri, 2024-03-22 at

Re: [cas-user] CAS management 7

mars 2024 à 19:40:57 UTC+1, Ray Bon a écrit : Benjamin, The behaviour you describe happens when the service ticket can not be validated. cas management submits the ST to cas through a back channel over https. If there is nothing in cas audit log about validation / failed validation (which wou

Re: [cas-user] CAS management 7

Benjamin, The behaviour you describe happens when the service ticket can not be validated. cas management submits the ST to cas through a back channel over https. If there is nothing in cas audit log about validation / failed validation (which would give a reason for failure), it could be a certi

Re: [cas-user] how to handle idle timeout in App?

Yan, Single logout is messy business. Cas has a session that is independent from an application session. Cas session may be longer or shorter than an application, it may have different settings and conditions for how its length is determined. Application participation in single log out can be s

Re: [cas-user] AUP and Ldap storage error

Cas will try each ldap target in sequence. Is ldap[0] the same for aup and authn? Try setting ldap (and cas) log level to debug or trace? Ray On Sun, 2024-03-24 at 01:48 -0700, Mm Mm wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious wi

Re: [cas-user] Disabling escaping of special characters such as '#' in MS Active Directory usernames

Bogdan, Perhaps you can use the ldap filter search-filter=#{user} You can have multiple ldap configs and they are processed in order. Ray On Fri, 2024-03-22 at 11:04 -0700, Bogdan Badz wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious

Re: [cas-user] SAML2 protocol in CAS6.4.6.6

Xavier, The property names may have changed (your version is old). Maybe search this blog, https://fawnoos.com/blog/ Ray On Fri, 2024-03-22 at 06:02 -0700, Xavier Rodríguez wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links a

Re: [cas-user] CAS 7.0.x: How to prevent cas.war from containing Oracle driver?

ement but nothing so far has worked. Any suggestions for what to include in my build.gradle config to exclude the ojdbc war from the final war file WEB-INF/lib directory? Any suggestions are appreciated. Thanks, Ed O. On Tuesday, February 27, 2024 at 10:57:39 AM UTC-8 Ray Bon wrote: Ed,

Re: [cas-user] Cas configuration properties source locator

empty memory database for cas management... Best Regards. Le mer. 6 mars 2024 à 03:46, Ray Bon mailto:r...@uvic.ca>> a écrit : Mohamed, I was having similar problems with v6.5. Maybe try version 7.0 Ray On Tue, 2024-03-05 at 10:53 +0100, Mohamed Amdouni wrote: Notice: This message was sen

Re: [cas-user] Cas configuration properties source locator

Mohamed, I was having similar problems with v6.5. Maybe try version 7.0 Ray On Tue, 2024-03-05 at 10:53 +0100, Mohamed Amdouni wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I’m using c

Re: [cas-user] Sending queries to multiple databases

We use ldap and it does process each entry until it finds a successful match. Set cas log level to debug and you should see db queries being made. Ray On Wed, 2024-02-28 at 21:09 -0800, 폴폴 wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautio

Re: [cas-user] I would like claims defined for service not for all serviced registred in CAS OIDC .Can i do it in json service file?

artur, Perhaps 'user-defined scopes' under https://apereo.github.io/cas/7.0.x/authentication/OIDC-Authentication-Claims-Mapping.html#mapping-claims-per-service Ray On Thu, 2024-02-29 at 08:39 -0800, artur mis wrote: Notice: This message was sent from outside the University of Victoria email s

Re: [cas-user] Deleteged Azure AD, duplicate pk in postgres_jpa_ticket_entity

Pablo, Is that deleted or delegated? Is it possible that azure ad metadata is missing or not in the location that cas thinks it is? Ray On Mon, 2024-02-26 at 13:44 -0800, Pablo Vidaurri wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautiou

Re: [cas-user] CAS v7.0.0 Performance issue.

that needs to be done in that case. On Friday 23 February 2024 at 19:44:24 UTC+5:30 Ray Bon wrote: Shavi, Could this be related to the storage mechanism you use for services? Are you able to try a different back end? Ray On Fri, 2024-02-23 at 00:09 -0800, Shavi Teotia wrote: Notice: This

Re: [cas-user] CAS 7.0.x: How to prevent cas.war from containing Oracle driver?

Ed, Are you including the oracle jdbc jar in JBOSS? My understanding is that the application server creates a jndi object independent of the application being deployed (i.e. it does not look to the application for drivers). Ray On Mon, 2024-02-26 at 15:22 -0800, Ed O. wrote: Notice: This messa

Re: [cas-user] Re: Multiple SAML Federated SP

RLs in the same (wildcard) service definition, so you could effectively say "for an unknown SP, first try InCommon, then eduGAIN, then ..." or whatever. On Wednesday, February 21, 2024 at 9:54:52 AM UTC-5 Ray Bon wrote: What Kostas said! Perhaps what is needed is a feature to generat

Re: [cas-user] CAS v7.0.0 Performance issue.

Shavi, Could this be related to the storage mechanism you use for services? Are you able to try a different back end? Ray On Fri, 2024-02-23 at 00:09 -0800, Shavi Teotia wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and

Re: [cas-user] Take user back to Login page after MFA login error

Yan, The doExecute method gets the RequestContext https://docs.spring.io/spring-webflow/docs/current/api/org/springframework/webflow/execution/RequestContext.html, which has a number of maps. At least one of them should have an object(s) that represents the successful login (hopefully it will b

Re: [cas-user] Re: Multiple SAML Federated SP

What Kostas said! Perhaps what is needed is a feature to generate service definitions (in memory) for each [SP] entry in federated metadata (during parsing of metadata). With filters, allow and deny lists could be created, attributes to release set, and other conditions (like MFA) could be adde

Re: [cas-user] CAS Initializr and Versions

You can update your instance by copying in differences from https://github.com/apereo/cas-overlay-template Ray On Tue, 2024-02-20 at 07:18 -0800, atilling wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive infor

Re: [cas-user] Error CAS 7.0.1

[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2024-02-20 09:41:34,325 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - Le 14/02/2024 à 17:36, Ray Bon a écrit : Those are not errors. CoreTicketUtils Either your registry does not support encryption or you have not

Re: [cas-user] ABAC Service Access Strategy not working as expected?

Baron, Without looking at the code, this may be treated as an 'or'. That is, user does not have allow [ false ] but also does not have reject [ ! false ]. You may be able to use a groovy condition (described on the same page) or a custom solution, https://apereo.github.io/cas/7.0.x/services/Ser

Re: [cas-user] Error CAS 7.0.1

Those are not errors. CoreTicketUtils Either your registry does not support encryption or you have not provided the properties. This is what my log line looks like: cas | 2024-02-14 16:16:53,778 DEBUG [ org.aper.cas.util.CoreTicketUtils] - [main] BaseStringCipherExecutor I also see this messag

Re: [cas-user] Alway Error 404 after compilation deployment

message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, I can't find casAppender.java. In CAS7, where can I find this class? Thank you, Jérémie Le vendredi 9 février 2024 à 18:32:25 UTC+1, Ray Bon a écrit : Jérémi

Re: [cas-user] Alway Error 404 after compilation deployment

. 2024 à 17:09, Ray Bon mailto:r...@uvic.ca>> a écrit : Jérémie, 'CasAppender' is defined in the log4j2.xml So it looks like cas is able to find the file, but not able to process it; hence, no log output. CasAppender is an indirection for the defined appender(s) above it:

Re: [cas-user] Re: why is redirecting to cas.example.org:8443 instead of using cas.server.name host

ouni mailto:me.amdo...@gmail.com>> a écrit : You mean 6.4? The only version available in https://getcas.apereo.org/ui when choosing cas management is 6.4 Will try the cas.server.scope Thanks Le mer. 7 févr. 2024 à 19:09, Ray Bon mailto:r...@uvic.ca>> a écrit : Mohamed, In my ca

Re: [cas-user] Alway Error 404 after compilation deployment

[2024-02-09 09:47:41] [info] Le déploiement de l'archive de l'application web [/var/lib/tomcat10/webapps/cas.war] s'est terminé en [8 955] ms ``` About localhost_access_log.2024-02-09.txt ``` 192.168.1.xx - - [09/Feb/2024:08:32:35 +0100] "GET /DevMgmt/DiscoveryTree.xml HTTP/1.1" 404

Re: [cas-user] Alway Error 404 after compilation deployment

rom Oracle instead of openjdk-21-jdk, it should works. Is that possible that the problems comes from the cas.properties files ? I think my file is good Thank you, Jérémie Le mercredi 7 février 2024 à 03:51:39 UTC+1, Ray Bon a écrit : Jérémie, Are there any files in TOMCAT_HOME/logs ? (Cou

Re: [cas-user] Re: why is redirecting to cas.example.org:8443 instead of using cas.server.name host

Mohamed, In my cas-management 6.5, I have this in management.properties which I place in /etc/cas/config cas.server.name=https://${cas.server.scope} cas.server.prefix=${cas.server.name}/cas logging.config: file:/etc/cas/config/log4j2-management.xml mgmt.server-name=${cas.server.name} where cas

  1   2   3   4   5   6   7   8   9   10   >