Re: [cas-user] Cas Azure AD

07:06:30,841 INFO [org.apereo.cas.services.AbstractServicesManager] - Bests On Mon, Jul 3, 2023 at 10:59 PM Ray Bon mailto:r...@uvic.ca>> wrote: Jerome, Your test service is not being loaded. 05:22:45 INFO [o.a.c.s.AbstractServicesManager] - See https://apereo.github.io/cas/6.6.x/se

Re: [cas-user] Unauthorized URL conditional on enforced attributes?

Baron, There may be something in the fawnoos blog https://fawnoos.com/blog/ Ray On Mon, 2023-07-03 at 15:48 -1000, Baron Fujimoto wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. When using

Re: [cas-user] Cas Azure AD

Jerome, Your test service is not being loaded. 05:22:45 INFO [o.a.c.s.AbstractServicesManager] - See https://apereo.github.io/cas/6.6.x/services/JSON-Service-Management.html and https://apereo.github.io/cas/6.6.x/services/Service-Management.html Ray On Mon, 2023-07-03 at 06:17 -0700, Jerome

Re: [cas-user] OAuth and CAS Protocols

Jeremy, See https://www.oauth.com/oauth2-servers/access-tokens/ Ray On Thu, 2023-06-22 at 21:55 +, Wickham, Jeremy wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I am currently developing

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, I think that is OK. The default page is only to make sure cas is set up correctly. You can change the default https://apereo.github.io/cas/6.6.x/authentication/Configuring-SSO.html#default-service Set up an application to use cas for authentication and the cas sso session will persist.

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, Is the page you are refreshing the cas default login page or is it a page in your client application? Can you post the URL when you land on the cas login page after a refresh? Ray On Wed, 2023-06-21 at 19:34 +, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent

Re: [cas-user] CAS 6.6.8 - Authenticate using AD

Jérémie, 'Unknown user name or bad password.' Suggests that this is an issue on AD side. See https://fawnoos.com/2022/11/24/cas70x-azure-active-directory/ or this older one https://fawnoos.com/2017/11/22/cas-saml-integration-adfs/ Ray On Mon, 2023-06-19 at 00:41 -0700, Jérémie wrote: Notice:

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, Here is a handy blog, https://fawnoos.com/2022/07/22/cas66-ui-themes/ Ray On Fri, 2023-06-16 at 12:08 +, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive

Re: [cas-user] CAS 6.6.8 - Authenticate using AD

Jérémie, I did some testing and the ldaptive loggers are not nearly as useful as I thought they would be. This logger at debug or trace may provide a little more detail: It shows the error message in your email: 2023-06-16 09:12:59,430 INFO

Re: [cas-user] CAS 6.6.8 - Authenticate using AD

Jérémie, Here are some loggers for cas ldap: Make sure you can authenticate / find the user from another application (I do not know what tools are available for AD). Check your AD logs to see what it thinks the problem is. Ray On Thu, 2023-06-15 at 05:19 -0700, Jérémie wrote: Notice: This

Re: [cas-user] CAS 6.6, shib-cas-authn v4, entityId?

Baron, You could configure Shib to use SAML2 proxy with Cas as a SAML2 IdP. With the Shib Cas plugin, you are authenticating for Shib as a service, rather than the entity which is the destination (FooBar). Ray On Wed, 2023-06-14 at 09:44 -1000, Baron Fujimoto wrote: Notice: This message was

Re: [cas-user] About session expiration

Gökhan, Perhaps this attribute: cas.tgc.pin-to-session=true See Optional configuration at https://apereo.github.io/cas/6.5.x/authentication/Configuring-SSO.html#configuration Ray On Tue, 2023-06-13 at 12:41 -0700, 'Gökhan Öner (IT)' via CAS Community wrote: Notice: This message was sent from

Re: [cas-user] CAS 7.0.0 - Service unauthorized to use CAS

recognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS." Is there any part of the service registry that I've configured that would make it incompatible? Thanks! Dillon On Monday, June 12, 2023 at 12:14:04 PM UTC-4 Ray Bon wrot

Re: [cas-user] CAS 7.0.0 - Service unauthorized to use CAS

Dillon, Your regex does not look right to me. Here is one of my test apps: ^https?://local\\.uvic\\.ca/~rbon/phpCAS/docs/examples/.* We are not escaping

Re: [cas-user] Failing to server parallel flows in SAML2

Miguel, This sounds like what Jérôme talked about in this thread https://groups.google.com/a/apereo.org/g/cas-user/c/fNZ82V32sio/m/RKhi5VQCAQAJ?utm_medium=email_source=footer Ray On Fri, 2023-06-09 at 05:03 -0700, Miguel Martínez De Espronceda Cámara wrote: Notice: This message was sent from

Re: [cas-user] JDBC attribute repository not working since 6.3.0-R3

Andrea, It is possible that property names have changed across versions. To get a file with all cas properties: ./gradlew exportConfigMetadata Then search that file for your property. eg: You have: cas.authn.attributeRepository.defaultAttributesToRelease In version 6.5 it is:

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, That version is VERY old. I suggest you use or upgrade to the latest version. See https://apereo.github.io/cas/developer/Maintenance-Policy.html It is possible that the properties you have do not work with that old version. You should be using the overlay instead of the main cas project

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, Ticket expiration is built in, nothing to include. When you say 'on that page for a few mins', what page are you talking about? Ray On Mon, 2023-06-05 at 13:21 +, 'Niral Kunadia' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, Perhaps I am misunderstanding what it is that you are doing. Post your cas.ticket.tgt.* config and the steps that you are performing. I just tested with 6.5.9 and can confirm that these settings work: cas.ticket.tgt.primary.max-time-to-live-in-seconds=301

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, You will see in the logs that cas will issue a different TGT for each login; this means two different session == two different users (even if same username:password). In the same browser, open a new tab and access / log in to a different service. You can create fake services in your

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, A refresh of the cas page may not be enough. You may have to get cas to issue a new ST [to a different application]. The service does not have to be real, just added to the service registry. Use this type of url to get cas to go through the login process and issue a ST.

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

Niral, TGT is for life of cas login session, not application session. I am not sure if cas can send logouts to services when TGT expires - that would create strange issues in the client applications. These settings will allow cas session length to increase beyond 30m only if user logs in to

Re: [cas-user] Potential new features

à 00:50, Ray Bon mailto:r...@uvic.ca>> a écrit : Feature 1: The second login should alert (or at least be configurable) the user that the first login will be terminated and should trigger the SLO process. The lost first TGT also happens with the DUO oauth2 process (not with the

Re: [cas-user] Re: MFA DUO for 6.6.7 errors

Andrey, For universal prompt, duo-application-key should be commented out (for traditional, it should have a value). Ray On Mon, 2023-05-29 at 03:42 -0700, Andrey Nikolaev wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links

Re: [cas-user] Potential new features

Feature 1: The second login should alert (or at least be configurable) the user that the first login will be terminated and should trigger the SLO process. The lost first TGT also happens with the DUO oauth2 process (not with the iframe implementation), thus orphaning the ST records created

Re: [cas-user] Cas and ldap connexion

=sAMAccountName={user} # cas.authn.ldap[0].principalAttributeList=cn,givenName,mail # Credential to connect to LDAP cas.authn.ldap[0].bindDn=cn=admin,dc=acsi,dc=cg cas.authn.ldap[0].bindCredential=@Debian453 Le vendredi 26 mai 2023 à 17:44:52 UTC+1, Ray Bon a écrit : Coeurcy, The ldap loggers from my

Re: [cas-user] Cas and ldap connexion

, it doesn't work! Le mardi 23 mai 2023 à 18:08:03 UTC+1, Ray Bon a écrit : azer, Can you connect to your ldap server from the computer running cas using command line or gui and the same connection parameters? Turn up logging for ldap. Ray P.S. here are some ldap related logs I have used

Re: [cas-user] The import org.springframework.security.cas cannot be resolved

overlay which now i think it is not possible and i need another Spring project for cas client to get work, am i wrong ? Am newbie btw. Thanks. On Wednesday, May 24, 2023 at 10:37:21 PM UTC Ray Bon wrote: Just checked my build. Those three spring packages are already included by cas. Are you setting

Re: [cas-user] The import org.springframework.security.cas cannot be resolved

. On Wednesday, May 24, 2023 at 9:11:24 PM UTC Ray Bon wrote: You should not need to import those spring-security packages. What are you trying to accomplish with those packages? Ray On Wed, 2023-05-24 at 04:42 -0700, fasr favk wrote: Notice: This message was sent from outside the University

Re: [cas-user] The import org.springframework.security.cas cannot be resolved

You should not need to import those spring-security packages. What are you trying to accomplish with those packages? Ray On Wed, 2023-05-24 at 04:42 -0700, fasr favk wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and

[cas-user] Re: Fwd: Data source configuration failing for audit and OIDC in 6.6.2

: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Ray, I have tried to rove OIDC configuration and just added only jpa audit with data source configuration. That too is failing. On Tue, May 16, 2023, 3:44 AM Ray Bon

[cas-user] Re: Fwd: Data source configuration failing for audit and OIDC in 6.6.2

for your revert...But all the properties are correct. It seems like there is jar issue. Both the audit and OIDC use the same jar, cas_server_ticket-jpa hibernate Without data source configuration, application is working as expected. On Tue, May 16, 2023, 2:36 AM Ray Bon mailto:r...@uvic.ca>>

[cas-user] Re: Fwd: Data source configuration failing for audit and OIDC in 6.6.2

Vikash, What do the debug logs say? Sometimes property names change with the versions. There may be messages in the startup logs. You can use this command to get a list of all properties: $ ./gradlew exportConfigMetadata See also this command: $ ./gradlew tasks Ray On Tue, 2023-05-16 at

[cas-user] Re: Implementation of CAS SSO

e new version of CAS 6.6.7 and LDAP with java-cas-client or pac4j in order to help me to realize this project please. Attached is a pdf with screenshots of the errors I got. I am looking forward to your help. Thank you in advance! Le mercredi 10 mai 2023 à 18:04:38 UTC+1, Ray Bon a écrit : aze

Re: [cas-user] Installation and configuration of CAS with jdk17, tomcat9, ldap and lam...

jeudi 4 mai 2023 à 20:37:00 UTC+1, Ray Bon a écrit : azer, Checkout these options (java centric): https://fawnoos.com/2021/02/13/cas63-bootiful-cas-client/ https://www.pac4j.org/docs/index.html (clients section) Ray On Thu, 2023-05-04 at 11:06 -0700, azer tyuiop wrote: Notice: This message was sent

Re: [cas-user] Re: Upgrade from CAS 5.3.16 to CAS 6.6.x issues

Dillon, Cas log level can be set in etc/cas/config/log4j2.xml. All logs, by default, will end up in catalina.out. Ray On Tue, 2023-05-09 at 09:22 -0700, Dillon Power wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and

Re: [cas-user] Upgrade from CAS 5.3.16 to CAS 6.6.x issues

. Is there a large difference going from 6.6.5 to 6.6.8 or 7.x? I'm assuming it's for better long-term support? Thanks, Dillon On Tuesday, May 9, 2023 at 12:02:36 PM UTC-4 Ray Bon wrote: Dillon, Cas will work 'out of the box'. Make sure you can perform a default login before adding features

Re: [cas-user] Upgrade from CAS 5.3.16 to CAS 6.6.x issues

Dillon, Cas will work 'out of the box'. Make sure you can perform a default login before adding features. Then add them one at a time. If you are doing an in place upgrade, that will be a little tricky since the overlay template is generated anew with the initializer so there is no git history

Re: [cas-user] Displaying random views

Pablo, You can view the ui components at https://github.com/apereo/cas/tree/master/support/cas-server-support-thymeleaf See also, https://fawnoos.com/2022/07/22/cas66-ui-themes/ for some hints. One of the drawbacks to any template system is that you have to run the application to see them.

Re: [cas-user] Question about SurrogateRegisteredServiceAccessStrategies

University of Victoria email system. Please be cautious with links and sensitive information. On 5/4/23 3:31 PM, Ray Bon wrote: > 2. release surrogate id [test] and surrogate attributes to application > [groovy script] (i.e. as far as application is concerned, it only ever > knows

Re: [cas-user] Installation and configuration of CAS with jdk17, tomcat9, ldap and lam...

UTC+1, Ray Bon a écrit : azer, For the client side of your system, the choice will depend on which technology and architecture you are using. Here is a list from the cas docs, https://apereo.github.io/cas/6.6.x/integration/CAS-Clients.html I have used java and php clients. More recently, pac4j

Re: [cas-user] Question about SurrogateRegisteredServiceAccessStrategies

Matt, There are two steps in the surrogate process. 1. check attributes of primary [admin] to see if they can preform the surrogate operation (e.g. admin in accounting can only surrogate as an accounting employee, not marketing employee) 2. release surrogate id [test] and surrogate attributes

Re: [cas-user] Installation and configuration of CAS with jdk17, tomcat9, ldap and lam...

that authentication is unique through CAS. It would help me a lot if you try to help me with the specifications I provided on my CAS deployment. Thank you in advance! Le mardi 2 mai 2023 à 17:49:55 UTC+1, Ray Bon a écrit : azer, These might help: https://paulchauvet.github.io/deploying-cas

Re: [cas-user] Installation and configuration of CAS with jdk17, tomcat9, ldap and lam...

à 18:53:17 UTC+1, Ray Bon a écrit : azer, The default location is /etc/cas Do you have write access to this directory? You can also change the location in the gradle.properties; certDir=... Ray On Sat, 2023-04-29 at 08:43 -0700, azer tyuiop wrote: Notice: This message was sent from outside

Re: [cas-user] Installation and configuration of CAS with jdk17, tomcat9, ldap and lam...

went wrong: Execution failed for task ':createKeystore'. > Process 'command 'keytool'' finished with non-zero exit value 1 Le vendredi 28 avril 2023 à 17:11:43 UTC+1, Ray Bon a écrit : Coeurcy, And the problem is...? Ray On Fri, 2023-04-28 at 03:57 -0700, Coeurcy Mokoko wrote: Not

Re: [cas-user] Installation and configuration of CAS with jdk17, tomcat9, ldap and lam...

Coeurcy, And the problem is...? Ray On Fri, 2023-04-28 at 03:57 -0700, Coeurcy Mokoko wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I am working on the implementation of an SSO with

Re: [cas-user] Error "403 Forbidden" on "CAS management => Administration => Release Attributes" (CAS server 665 + CAS management 662)

tor access ANONYMOUS, for testing purposes Luis: cas.monitor.endpoints.endpoint.defaults.access=ANONYMOUS Luis: What makes me think that my "CAS management => Administration => Release Attributes" “403” problem might be a bug is: -all other CAS management features that I’ve

Re: [cas-user] Error "403 Forbidden" on "CAS management => Administration => Release Attributes" (CAS server 665 + CAS management 662)

Luís, Put cas management aside while you work with the actuators for cas. You can edit the json service definition by hand if needed. You say there is a problem with cas management release attributes but the url provided suggests you are accessing cas. Ray This is my local endpoint config:

Re: [cas-user] Throttling Authentication Attempts doesn't work

William, If the throttled user tries to log in after the page refresh, what happens? Ray On Wed, 2023-04-05 at 07:14 -0700, William Vincent (Wix31) wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive

Re: [cas-user] CAS 6.6.x - Override Spring Version

Chris, I have this in my build.gradle configurations.all { resolutionStrategy { cacheChangingModulesFor 0, "seconds" cacheDynamicVersionsFor 0, "seconds" preferProjectModules() def failIfConflict = project.hasProperty("failOnVersionConflict") &&

Re: [cas-user] Re: JWT as Service Ticket, not found in JPA DB

Pablo, Are you looking for this flow diagram, https://apereo.github.io/cas/6.6.x/installation/Configure-ServiceTicket-JWT.html#flow-diagram ? JWTs are validated on the service side, not in CAS. Ray On Fri, 2023-03-31 at 19:07 -0700, Pablo Vidaurri wrote: Notice: This message was sent from

Re: [cas-user] CAS 6.6.x - SAML (Shibboleth), Unable to Decrypt EncryptedData

Chris, It could be that the vendor is using an encryption certificate different from the one you are expecting. Ray On Thu, 2023-03-30 at 19:58 -0700, 'Chris Durham' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious

Re: [cas-user] CAS, Azure and expiring SAML cert - any issues?

Kevin, Here is an example of cert rollover, https://www.switch.ch/aai/guides/idp/certificate-rollover/ The expired certs will prevent log in if the applications are not broken. Ray On Thu, 2023-03-30 at 15:54 +, 'Kevin Sewell' via CAS Community wrote: Notice: This message was sent from

Re: [cas-user] Cas login page with no service

thomas, You can set this property to redirect when no service is provided (I was not able to find this property in the 6.x docs) cas.view.default-redirect-url Ray On Wed, 2023-03-29 at 07:07 -0700, thomas wrote: Notice: This message was sent from outside the University of Victoria email

Re: [cas-user] enable risk-based Authentication

You may be able to find some info on https://fawnoos.com/blog/ Ray On Tue, 2023-02-28 at 11:25 +0100, wouldsmina wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I go through public IPs, I

Re: [cas-user] Failed to parse address

3 o 18:33:49 UTC+1 Ray Bon napisał(a): And see the link that Dimitry provided in this convo, https://groups.google.com/a/apereo.org/g/cas-user/c/4cfgQCOhx14/m/Ko-LwxttBAAJ Ray On Thu, 2023-02-23 at 06:00 -0800, Arkady Keppert wrote: Notice: This message was sent from outside the University of Victo

Re: [cas-user] Failed to parse address

And see the link that Dimitry provided in this convo, https://groups.google.com/a/apereo.org/g/cas-user/c/4cfgQCOhx14/m/Ko-LwxttBAAJ Ray On Thu, 2023-02-23 at 06:00 -0800, Arkady Keppert wrote: Notice: This message was sent from outside the University of Victoria email system. Please be

Re: [cas-user] Failed to parse address

Arkady, Do you get the error with one ip (127.0.0.1)? Does an * work for the ip or do you need to use CIDR. You may need to use , instead of | See https://fawnoos.com/2022/02/20/cas65-actuator-endpoints/ https://fawnoos.com/2022/03/06/cas66-healthstatus-springboot/ Ray On Thu, 2023-02-23 at

Re: [cas-user] Google OAuth MFA activation flow does not work as expected

Iago, If you are using Cas 5, upgrade, then check if the problem still happens. Ray On Mon, 2023-02-20 at 03:04 -0800, 'Iago Alonso Alonso' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive

Re: [cas-user] Testing with a CAS server locally

Sameer, Cas should preserve the url, port, path, and parameters from the client. If not, you could use something like nginx as a proxy in front of your client application and cas. Ray On Sat, 2023-02-18 at 22:40 -0800, Sameer Thajudin wrote: Notice: This message was sent from outside the

Re: [cas-user] Security question about CasRegisteredService wildcards

Joshua, We use relatively specific regexes for our services (and use order to place more general regexes later in the list). The advantage being service specific configuration (including metadata; like contact person, description, etc.). The cost being more services to manage. Cas will read

Re: [cas-user] cas-management unable to log in

Vincent, In cas management 6.5 we use this to identify the property: mgmt.authz-attributes[0] = [attribute name with value ROLE_ADMIN] If you are releasing the attribute, you will not need the files. Ray On Wed, 2023-02-08 at 09:02 -0800, Vincent Delhommmeau wrote: Notice: This message was

Re: [cas-user] Could not autowire.

Thomas, What is it that you are trying to do? The capability may already exist. If the problem is related to test classes, you may have to import packages. For example, I have: testCompileOnly "org.apereo.cas:cas-server-core-webflow-api" testImplementation

Re: [cas-user] Enabling OIDC in cas 6.6.2

Vikash, Is your property Cas.authn.oidc.core.issuer, or is the 'C' a typo? It should be cas.authn.oidc.core.issuer. If the property key is correct, it may be that cas is testing the issuer url and failing because of the self signed certificate on localhost. Have you added the certificate to the

Re: [cas-user] Duo Universal Referrals Question

Jeremiah, I see a series of 302s from duo to service with a stop at cas in between. The flow you describe is correct. I guess since the last 200 before the service was a duo api site, that is what is in the referer header key. Ray On Tue, 2023-01-17 at 07:58 -0800, Jeremiah Garmatter wrote:

Re: [cas-user] webauthn device registration, endpoint security

Luis, See, https://paulchauvet.github.io/deploying-cas/ and for version 5, https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html Ray On Fri, 2023-01-13 at 18:10 -0500, Luis Sarmiento Heredia wrote: Notice: This message was sent from outside the University of Victoria

Re: [cas-user] MFA REST trigger without service?

Tomi, If MFA is optional, then it can not be enforced, so the bypass makes sense. MFA would/should be triggered when the user visits a service (you can add MFA required to the service definition or set it globally, etc.). You can set a default service that is redirected to after login,

Re: [cas-user] SAML IdP keys and metadata problems

Richard, Cas only generates the metadata and keys if it can not find them. You can always swap in your metadata and keys to whatever location cas thinks is correct. Not sure about the exception. Perhaps it is missing something related to git; path, write permissions, initialized repo, etc.

Re: [cas-user] Potential Feature: QR Code as a Login "Badge"

Luis, I suggest you use the latest release (6.6.x or 7.RCx). Here are some guides that should get you started: https://fawnoos.com/2022/08/06/cas66-gettingstarted-overlay/ https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html I seem to have lost the bookmark for another

Re: [cas-user] Apereo CAS Deployer Survey: 2022 Edition

I am being asked to sign in! Ray On Mon, 2022-12-05 at 11:23 +0400, Misagh wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Final Reminder - The survey will most likely close in a few weeks

Re: [cas-user] ervice registration only allows set of IP addresses?

I have to concur; I knew where to look. Ray On Thu, 2022-12-01 at 14:16 -1000, Baron Fujimoto wrote: I guess my meta question is, how would I have found it if I didn't know it was there? The doc's search feature doesn't turn up anything that looks useful with search terms like "IP address".

Re: [cas-user] Why is ovewriting configs not supported in all kind of configs?

Ria This sounds more like a spring config issue than a cas one. This logger may provide some details: Ray On Thu, 2022-12-01 at 07:10 -0800, Freedom K wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive

Re: [cas-user] LDAP config: stuck with DefaultAuthenticationManager

, thanks a lot I configured this property to a folder, however it does not fix the issue Thanks, Stephane Le mardi 29 novembre 2022 à 19:03:30 UTC+1, Ray Bon a écrit : Stef, cas.authn.ldap[0].trust-store should be a path (or is that a typo?). Ray On Tue, 2022-11-29 at 08:42 -0800, ITT Arisse

Re: [cas-user] Upgrading Tomcat?

Michael, The 6.5 (6.5.9) of the overlay includes your desired tomcat version. Updating from SNAPSHOT to 9 'should not' cause problems. But check start up logs to see if any config properties changed name. When I do upgrades, I compare the target project to my current project and manually (sigh)

Re: [cas-user] LDAP config: stuck with DefaultAuthenticationManager

Stef, cas.authn.ldap[0].trust-store should be a path (or is that a typo?). Ray On Tue, 2022-11-29 at 08:42 -0800, ITT Arisse wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi all, it seems I

Re: [cas-user] CAS Client help

Michael, The ST gets sent to the API endpoint. The cas client that is in that application will know how to handle it. Ray On Mon, 2022-11-28 at 20:20 +, Michael Remijan wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links

Re: [cas-user] Authentication Policies Configuration (Handlers chaining)

Guillaume, Perhaps, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy-All.html more generally, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Components.html#authentication-sequence This blog may also provide some hints,

Re: [cas-user] ervice registration only allows set of IP addresses?

Baron, https://apereo.github.io/cas/6.6.x/services/Service-Access-Strategy-Http.html Ray On Wed, 2022-11-23 at 15:57 -1000, Baron Fujimoto wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I'm

Re: [cas-user] CAS Client help

Michael, Can you use a pre-shared key between the app and the API (and not involve cas)? Ray On Wed, 2022-11-23 at 18:18 +, Michael Remijan wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Re: [cas-user] CAS Client help

Michael, If a user is logged in to the main app, you can use proxy protocol, https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol.html#proxy-web-flow-diagram Client docs have examples, https://apereo.github.io/cas/6.6.x/integration/CAS-Clients.html (I have used php, java, and pac4j as

Re: [cas-user] Deprecated LDAP settings in 6.6.2

[2022-11-17 16:01:49] [info] #011at org.ldaptive.LdapURLActivatorService.testInactiveUrls(LdapURLActivatorService.java:107) ~[ldaptive-2.1.1.jar:?] Le mercredi 16 novembre 2022 à 21:34:28 UTC+1, Ray Bon a écrit : I do not see it in the properties manifest. ./gradlew exportConfigMetadata will outpu

Re: [cas-user] Deprecated LDAP settings in 6.6.2

ption? Le mercredi 16 novembre 2022 à 18:47:00 UTC+1, Ray Bon a écrit : What is the error message when that property is commented out? Ray On Wed, 2022-11-16 at 08:39 -0800, BenDDD wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious

Re: [cas-user] Deprecated LDAP settings in 6.6.2

What is the error message when that property is commented out? Ray On Wed, 2022-11-16 at 08:39 -0800, BenDDD wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi everyone, Our CAS service is

Re: [cas-user] Change the default "Log In Successful" page

Freedom, cas.view.defaultRedirectUrl= I am not sure where in the docs that property exists. If no service is supplied to cas, then defaultRedirectUrl becomes the destination. Upgrading may solve your lost service problem, as well as many others. Ray On Tue, 2022-11-15 at 05:10 -0800, Freedom

Re: [cas-user] Re: cas-management error creating service

redi 9 novembre 2022 à 22:03:06 UTC+1, lanf detroy a écrit : I changed the permissions but it didn't change anything. Is there anything else to do? Le lundi 7 novembre 2022 à 19:09:52 UTC+1, Ray Bon a écrit : lanf, You can change the group for the services directory and give it write permission

Re: [cas-user] increasing ST time-to-kill

Dave, The timeout (defaut 10s https://apereo.github.io/cas/6.6.x/ticketing/Configuring-Ticket-Expiration-Policy.html#service-ticket-policies) is a trade off between user experience and security. Ray On Tue, 2022-11-08 at 12:32 -0800, Dave Steiner wrote: Notice: This message was sent from

Re: [cas-user] Re: cas-management error creating service

wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I changed the permissions but it didn't change anything. Is there anything else to do? Le lundi 7 novembre 2022 à 19:09:52 UTC+1, Ray Bon a écrit

Re: [cas-user] Re: Expiration policy using Hazelcast Ticket Registry (CAS 6.2)

Dave, We experienced a similar issue. Hazelcast attempts to add tickets from the other servers but the timeouts differ. We use one config with 4 cas servers. Opted to take the hit and brought all 4 down. Outage was only a few minutes. I do like the idea of editing the hazelcast ips. Ray On

Re: [cas-user] Re: cas-management error creating service

-juli.jar -Dcatalina.base=/var/lib/tomcat9 -Dcatalina.home=/usr/share/tomcat9 -Djava.io.tmpdir=/tmp org.apache.catalina.startup.Bootstrap start Le vendredi 28 octobre 2022 à 20:15:35 UTC+2, Ray Bon a écrit : lanf, If you are on linux you can use this command to see access and ownership

Re: [cas-user] CAS SSL - How to send SSL Certificate Chain?

ntirely is wrong. I don't see any errors during page access either. On Thursday, November 3, 2022 at 12:59:58 PM UTC-4 Ray Bon wrote: Michael, I assume you are running embedded tomcat and the process running tomcat has read access to the .jks. What certificate is being sent when you browse to cas/

Re: [cas-user] CAS SSL - How to send SSL Certificate Chain?

Michael, I assume you are running embedded tomcat and the process running tomcat has read access to the .jks. What certificate is being sent when you browse to cas/login? Are there any log errors on tomcat startup or page access? Ray On Wed, 2022-11-02 at 12:44 -0700, Michael Santangelo wrote:

Re: [cas-user] Re: cas-management error creating service

parameter to put? Le jeudi 27 octobre 2022 à 18:37:46 UTC+2, Ray Bon a écrit : lanf, Check that the process that is running cas management has write access to the directory in the config. Ray On Thu, 2022-10-27 at 07:42 -0700, lanf detroy wrote: Notice: This message was sent from outside

Re: [cas-user] Re: cas-management error creating service

lanf, Check that the process that is running cas management has write access to the directory in the config. Ray On Thu, 2022-10-27 at 07:42 -0700, lanf detroy wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and

Re: [cas-user] debug cas wildfly deployment

Pablo, Perhaps there is some additional configuration that needs to be added (to cas or to the remote container), such as; enableRemoteDebugging. See https://apereo.github.io/cas/6.5.x/developer/Build-Process.html#remote-debugging Ray On Mon, 2022-10-24 at 11:58 -0700, Pablo Vidaurri wrote:

Re: [cas-user] Unique sessions?

Miguel, You can set ssoEnabled=false in cas service definition to force authn to the service, https://apereo.github.io/cas/6.5.x/services/Configuring-Service-Access-Strategy.html If you are talking about the behaviour of the sessions managed by the service (which it sounds like you are), that

Re: [cas-user] First time deployment of CAS Initializr

Nathi, If this is a fresh install, use the latest version, 6.6. For a step by step process, see some user created guides: version 5 https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html version 6 https://paulchauvet.github.io/deploying-cas/ version 6.6

Re: [cas-user] Custom Authentication Handler

Marco, Add to build.gradle: compileOnly "org.apereo.cas:cas-server-core-authentication-api Ray On Thu, 2022-10-20 at 08:18 -0700, Marco Pagnanelli wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive

Re: [cas-user] Re: Older documentation is no longer available

Please consider that Cas is a critical part of your security infrastructure. As such, it should be updated regularly to stay within supported versions. If a vulnerability is discovered (i.e., log4j2), only supported versions will be patched. Deploying a patch is much simpler than upgrading,

Re: [cas-user] mod_auth_cas v1.2 curl_easy_perform fails

CJ, Java will silently drop requests with an invalid cert. Should CASCertificatePath point to the OnDemand host cert? You could try running the curl command from the command line. Ray On Fri, 2022-10-14 at 08:41 -0700, CJ Keist wrote: Notice: This message was sent from outside the University

Re: [cas-user] how to customize a filter used in CAS?

Yan, Copy RegisteredServiceResponseHeadersEnforcementFilter into your project and modify it. The build will replace the cas version with yours. You may need to add some compile dependencies to build.gradle. Ray On Mon, 2022-10-17 at 07:19 -0700, Yan Zhou wrote: Notice: This message was sent

<    1   2   3   4   5   6   7   8   9   10   >