Logout/7d17410fa6be183ec56c58bd1b51d3da6ff65719"/>
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
https://adsspwh.ingeniademolab.es:9251/samlLogin/7d17410fa6be183ec56c58bd1b51d3da6ff65719;
index="0"/>
Are you able to see where the error is?
Thanks!
Jorge
--
] https://github.com/apereo/cas/pull/5315
[2] https://github.com/apereo/cas/pull/5350
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territ
and the credential object.
I have no problem displaying such characters on the view screens. Also, I
observe the /login request from the network tab in the browser and the
characters in the payload section are going to the cas server correctly.
Is there any solution you can suggest? Thanks
--
Ray Bon
rvice.java:105)
at
org.wildfly.ext...@24.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:87)
... 8 more
Further investigation suggested excluding log4j, so
jboss-deployment-structure.xml became:
depending on IP per
defined service?
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esq
,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search for. Any
tips or suggestions that you could provide would be helpful.
I'm attaching the output of Task :run.
--
Ray Bon
Programmer Analyst
Development Services, Uni
t;CN=cas bind,CN=Users,DC=..." -W
samaccountname= -b "OU=Technology,OU=Staff,DC=..." -v
And I receive a valid result.
I'm not sure where the disconnect is, or what else I should search for. Any
tips or suggestions that you could provide would be helpful.
I'm attaching the outpu
you could provide would be helpful.
I'm attaching the output of Task :run.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university
OAP/ECP"/>
http://mycas.com/cas/login"/>
Organization
Name
Name
https://mysite.com
Some Guy
mailto:some...@mail.com
Other Guy
other...@mail.com
Another One
anot...@mail.com
Do you have any idea of what could be the prob
https://groups.google.com/a/apereo.org/d/msgid/cas-user/07382b33-b549-48fe-bdbe-1a6d345e71fen%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/07382b33-b549-48fe-bdbe-1a6d345e71fen%40apereo.org?utm_medium=email_source=footer>.
FreeMail powered by m
some calls.
But why does this casGenericSuccessView.html not execute when I have a TARGET
or SEVICE query param on the cas login url? I do see the webflow does execute.
On Tuesday, January 4, 2022 at 12:49:22 PM UTC-6 Ray Bon wrote:
Pablo,
There is an interrupt flow option that may work,
https
web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/07382b33-b549-48fe-bdbe-1a6d345e71fen%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/07382b33-b549-48fe-bdbe-1a6d345e71fen%40apereo.org?utm_medium=email_source=footer>.
Fre
from ActiveDirectory
use cas as idp shibboleth ( with cas-server-support-saml-idp), and resolv
attributes from ldap server
I can't find in the documentation where you can do this kind of thing .
Best regards,
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE
issue I would like to know how to configure Hazelcast (or another) to respond
to the ticket issue.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on
for the instanceName which name should we
choose? a name of a node where it must be different and we add it to the DNS if
this is the case on the name (InstanceName) is down my nodes will no longer be
accessible
Le vendredi 10 décembre 2021 à 16:42:34 UTC, Ray Bon a écrit :
Baba,
We use round robin
Peter,
You can use samltracer to see the saml being sent. You can verify the ACS.
If the ACS in the request does not match the metadata, the unauthorized service
error should always be thrown.
It should be logged at warn, I would think.
Ray
On Fri, 2022-01-07 at 05:17 -0800, Peter Barnes
it is looking for sp metadata
signing credentials.
-psv
On Thursday, January 6, 2022 at 1:02:30 PM UTC-6 Ray Bon wrote:
Pablo,
The signing credentials are yours, not the service. They are not read out of
metadata since it requires the key. You set the location with (your cert and
key are stored
See
https://apereo.github.io/cas/6.4.x/ticketing/Configuring-Ticket-Expiration-Policy.html
My local settings are (I keep the times short so testing is easier):
# TGT Expiration Policy
# some hazelcast weird shit sets ticket expiration to this value regardless of
any
# other ttl setting, set it
Pablo,
The signing credentials are yours, not the service. They are not read out of
metadata since it requires the key. You set the location with (your cert and
key are stored in same location as metadata):
cas.authn.saml-idp.metadata.file-system.location=
Cas will generate the metadata and
before, and can provide any pointers or
example service and overall OAUTH config?
Thank you,
Matt
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose tradi
a service. This has to be done after the TGT has been created. Is
there a view that covers target and non-target post TGT?
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən p
Baba,
The cas docs are
https://apereo.github.io/cas/6.4.x/ux/User-Interface-Customization.html
and here for a short tutorial,
https://fawnoos.com/2018/06/10/cas-userinterface-customizations/
Ray
From: cas-user@apereo.org on behalf of Baba Ndiaye
Sent:
Enrique,
This is a security shortcoming in the office 365 config. You do not want to
accept unsigned logout requests.
First try to fix office 365.
Ray
From: cas-user@apereo.org on behalf of Enrique Guerrero
Sent: December 17, 2021 02:02
To: CAS Community
trigger.GlobalMultifactorAuthenticationTrigger]
-
2021-12-17 00:42:17,832 DEBUG
[org.apereo.cas.authentication.mfa.trigger.GlobalMultifactorAuthenticationTrigger]
-
2021-12-17 00:42:17,832 TRACE
[org.apereo.cas.authentication.MultifactorAuthenticationUtils] -
2021-12-17 00:42:17,833 TRACE
[org.apereo.cas.authentication.Mult
cas.slo.disabled=true, but I'm still getting the same error.
I've been looking through the documentation for a setting to address this, but
I can't seem to find it. Any help would be appreciated.
Thanks,
Noelette
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019
of Victoria email
system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional ter
talled.
Is JDK 11 an exact requirement? Or are later versions of the JDK also
acceptable? I don't follow Java development too closely, but I did see that
JDK 17 is in general availability, so it just got me wondering.
Thanks,
Carl Waldbieser
ITS
Lafayette College
--
Ray Bon
Programmer A
end an email
to cas-user+unsubscr...@apereo.org<mailto:cas-user%2bunsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f67b8f4-81c0-51e8-7593-f8f2f8477ca4%40caveo.ca.
--
Ray Bon
Programmer Analyst
Development Services, Univ
(LifecycleBase.java:183)
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples
ack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with
Gradle 8.0.
You can use '--warning-mode all' to show th
.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose
hist
tive information.
I want to set up a high availability solution for my CAS servers and i want
some solutions for that i want to use DNS round Robin
*cluster (cas1.myorganisation.edu cas2.myorganisation.edu)
*DNS round robin
If you already implement it i need your help please.
--
Ray Bon
Programmer
.12.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771)
~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.
kicks in and works.
I'll look up how to increase logging in the CAS server.
Thank you,
Rod
On Thursday, 2 December 2021 at 09:59:46 UTC-8 Ray Bon wrote:
Rod,
Use your browser developer tools to see the TGC sent from and to cas. Verify
that there are no stale TGCs (there should only be one
aluationOrder" : 1
}
I'm thinking I'm missing something in cas.properties as I don't think I need to
put in the accessStrategy part, I was just seeing if it would work.
I do see that a TGC cookie is granted on the browser.
Thank you for any suggestions and help.
Rod
--
Ray Bon
Pro
view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWhv3%3DpHwFTziSHtyma3F--RZHD6JuLjWwp7m%2BUny3T5A%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWhv3%3DpHwFTziSHtyma3F--RZHD6JuLjWwp7m%2BUny3T5A%40mail.gmail
In the service definition you can use a regex.
Try something like http://127.0.0.1.*
Ray
On Tue, 2021-11-23 at 05:40 -0800, G Lalonde wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
As
emaker (iss...@gmail.com)
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esquimalt and WS
and for this
service or collectively for all SP MD file not fail when the certs are expired?
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional ter
if it's a
dumb idea Not my first or last.
Thanks!
Sean
--
Sean R. Baker
Uniformed Services University
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on
y" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
Current response from this request in attachment.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.
r /etc/cas/thekeystore but i never use it so i also have a good
certif (not autosigned) and i use it for my nginx (tomcat redirection) and my
moodle.
Le jeu. 4 nov. 2021 à 16:06, Ray Bon mailto:r...@uvic.ca>> a
écrit :
Baba,
Did you create a self signed certificate for your application?
/thekeystore but i never use it so i also have a good
certif (not autosigned) and i use it for my nginx (tomcat redirection) and my
moodle.
Le jeu. 4 nov. 2021 à 16:06, Ray Bon mailto:r...@uvic.ca>> a
écrit :
Baba,
Did you create a self signed certificate for your application?
If so, you
erlay:"
I'm not really sure what file that would be?
https://apereo.github.io/cas/6.1.x/installation/Configuring-Authentication-Throttling.html
Many thanks for any help,
Rod
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r..
d in my app-id.json i have this
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https?)://*",
"name" : "Moodle",
"id" : 1635948950,
"evaluationOrder" : 9
}
Le mer. 3 nov. 2021 à 16:46
uot;serviceId" : "^(https)://*",
"name" : "Moodle",
"id" : id
"evolutionOrder": 9
}
id=date+%s
But it's not work
Le mer. 3 nov. 2021 à 16:14, Ray Bon mailto:r...@uvic.ca>> a
écrit :
Baba,
That message means that the service sent to cas/login
casLoginView.html
and redirected to next step in the workflow.
Any suggestion for this?
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose tradi
tory.dir('jacocoHtml')
}
}
jacoco {
toolVersion = "0.8.7"
}
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the
i...@gmail.com>> a écrit :
Ray
i change my bindDn and log4j2 but i always have failure i want to the location
of cas authentication log
Le ven. 22 oct. 2021 à 20:42, Ray Bon mailto:r...@uvic.ca>> a
écrit :
Baba,
Change your binddn in your properties to admin and try cas again.
In log
aultTicketRegistryCleaner] - <[0] expired
tickets removed.>
[36m2021-10-23 16:37:13,902 DEBUG
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -
Many thanks
El viernes, 22 de octubre de 2021 a las 17:18:34 UTC+2, Ray Bon escribió:
Jordi,
If the log in screen is b
and sensitive information.
Hi Ray BON
when i use this command
ldapwhoami -x -w "passer" -D uid=baba,ou=people,dc=retel,dc=sn -H
ldap://192.168.1.6<http://192.168.1.6> it's OK
i use admin
Le ven. 22 oct. 2021 à 17:54, Ray Bon mailto:r...@uvic.ca>> a
écrit :
Baba,
Can
: 20211022133731.750520Z#00#000#00
modifiersName: cn=admin,dc=retel,dc=sn
thank for your help guys
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on
.
Hello Ray Bon,
this is the log:
[Logs.png]
If do you need more information, i could extract more logs.
Thanks.
El viernes, 22 de octubre de 2021 a las 9:57:52 UTC+2, Jordi escribió:
Hello
I did another test only with json register service, without LDAP
Authentication. The problem is when I
cases. I am not sure about why?
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the Songhees, Esq
ng
but, in Safari, the authentication dosen't work:
<https://i.stack.imgur.com/GDs4e.png>
https://i.stack.imgur.com/GDs4e.png
Any suggestions?
Many thanks in advance!
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r
d
changes from the remote repository
* org.apereo.cas.services.AbstractServicesManager [INFO] Loaded [2]
service(s) from [GitServiceRegistry].
Any hints would be appreciated, thanks in advance.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r..
(I use git
service registry)
* org.apereo.cas.services.GitServiceRegistry [DEBUG] Successfully pulled
changes from the remote repository
* org.apereo.cas.services.AbstractServicesManager [INFO] Loaded [2]
service(s) from [GitServiceRegistry].
Any hints would be appreciated, thanks i
enticate.
Someone can help me?
Thanks in advance.
v.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory
the university stands, and the So
rg/d/msgid/cas-user/EACB5792-9826-4679-AA1F-694422927A42%40gmail.com>
https://groups.google.com/a/apereo.org/d/msgid/cas-user/EACB5792-9826-4679-AA1F-694422927A42%40gmail.com
.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca&l
ge.mydomainglo...
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Thu Sep 30 08:51:09 CST 2021
CLIENT IP ADDRESS: 10.16.14.77
SERVER IP ADDRESS: 10.13.23.92
=========
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019
ease be cautious with links and sensitive information.
I'm trying to test my custom webflow, for a few of the actions I have a
principle. How do I mock the principle? I've reviewed cas code and see the use
of CoreAuthenticationTestUtil but for the life of me I cannot get the
dependency included i
of doing that. But is it code I'll now have to maintain
in my own repo and have jenkins also build. I guess no other choice.
-psv
On Monday, September 27, 2021 at 6:02:27 PM UTC-5 Ray Bon wrote:
Pablo,
Clone the cas repo, https://github.com/apereo/cas
Then search for that file
$ find . -name
for a few of the actions I have a
principle. How do I mock the principle? I've reviewed cas code and see the use
of CoreAuthenticationTestUtil but for the life of me I cannot get the
dependency included in my project.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | C
be cautious with links and sensitive information.
Hi all,
does anyone set up CAS as a provider for Firebase?
On the CAS site what protocol and which end points must be set to work?
On the Firebase site how is it configured?
Thank you in advance.
--
Ray Bon
Programmer Analyst
Development Services
olved
- The import org.mockito cannot be resolved
I create another dummy project and the packages download and dummy project
compiles and runs the test.
Is there something excluding these packages in CAS?
-psv
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | C
cas.authn.pm.reset.expirationMinutes=60 but
the TST* ticket expires in 5 minutes.
Logs in DEBUG level does show "Link is only active for the next [60] minute(s)"
on generating the password reset URL.
Is there another relevant config setting I should become aware of ?
--
Ray Bon
Baba,
For a getting started guide, https://paulchauvet.github.io/deploying-cas/
You add dependencies to build.gradle in the cas-overlay-template project,
https://github.com/apereo/cas-overlay-template.
Ray
On Mon, 2021-09-13 at 05:47 -0700, Baba Ndiaye wrote:
Notice: This message was sent
in internet? i'm thinging about run seconod
container to do this work .
piątek, 3 września 2021 o 21:19:01 UTC+2 Ray Bon napisał(a):
Artur,
You can map the specific attribute name to a generic name and use the generic
name in mail.attribute-name
cas.authn.ldap[0].principal
>
ldaps://ldap2.example.edu<http://ldap2.example.edu>
ldap.bindCredential=Password
can i use two different password for this ldpa1 and ldap2 in config ?
i.e?
ldap.bindCredential=Password1 Password <- is it ok ?
--
Ray Bon
Programmer Analyst
Development Services, University Syst
familiar with this?
On Thu, 26 Aug 2021 at 22:53, Ray Bon mailto:r...@uvic.ca>> wrote:
Nikolas,
Do you want to use cas as an authentication source for wordpress,
https://wordpress.org/plugins/tags/cas/?
Or do you want to access wordpress from another application that is already
usi
must confim that it is true. The
messages are inside jar i think.
czwartek, 26 sierpnia 2021 o 21:31:07 UTC+2 Ray Bon napisał(a):
Artur,
Would this help
https://apereo.github.io/cas/6.3.x/ux/User-Interface-Customization-Localization.html?
Ray
On Thu, 2021-08-19 at 02:44 -0700, artur miś wrote
Vikash,
The TGC only represents the session on the cas server. I do not think there is
anything useful in it even if you could decrypt it.
What are you trying to accomplish?
Ray
On Sat, 2021-08-14 at 01:08 +0530, Vikash Chandra Ansh wrote:
Notice: This message was sent from outside the
Nikolas,
Do you want to use cas as an authentication source for wordpress,
https://wordpress.org/plugins/tags/cas/?
Or do you want to access wordpress from another application that is already
using cas,
https://apereo.github.io/cas/6.3.x/installation/Configuring-Proxy-Authentication.html?
Or
Pablo,
This looks like java (rather than cas/tomcat) complaining. If you use self
signed certs to identify your websites (shib and cas), you will need to add
them to the java keystore (in the java directory). thekeystore in /etc/cas is
for cas operation.
Ray
On Sat, 2021-08-21 at 08:34
Artur,
Would this help
https://apereo.github.io/cas/6.3.x/ux/User-Interface-Customization-Localization.html?
Ray
On Thu, 2021-08-19 at 02:44 -0700, artur miś wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive
homePastalAddress = dev
logger.info<http://logger.info>("Evaluating multifactor authn bypass rules
for {}", principal)
if ( principal.attributes["homePostalAddress"].contains("dev") ) {
logger.info<http://logger.info>("homePostalAddress is dev, by
2021 a las 18:20:08 UTC-5, Ray Bon escribió:
Fernando,
I use commands from ssl shopper,
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
Cas does not use CA issued certificates, the container does.
What is the problem you are trying to solve (if tomcat already
Fernando,
I use commands from ssl shopper,
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
Cas does not use CA issued certificates, the container does.
What is the problem you are trying to solve (if tomcat already has the
certificates, or are these self
Ken,
Try this logger to see what cas is collecting as attributes:
Ray
On Tue, 2021-08-03 at 12:57 -0700, 'Ken Hopkins' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive
Vincent,
I am using cas 6.3 and I see no reference to embedded tomcat.
Use the most recent version of cas and see what you get.
Ray
On Fri, 2021-07-30 at 01:46 -0700, He Vincent wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with
fixing that, I managed to
get SSO working with elasticsearch.
However, upon logging out from elasticsearch, I got another error message
saying "Error: Logout request is not signed but should be."
Is this because of misconfiguration on SP or Idp side?
Ray Bon mailto:r...@uvic.ca>> 於
Chris,
When you get a missing dependency, search your local copy of cas for that
class. Once you have the path, you can include that package in build.gradle.
e.g.
compileOnly
"org.apereo.cas:cas-server-support-token-core-api:${casServerVersion}"
compileOnly
Liu Yong,
You manage your user store separate from cas.
Ray
On Mon, 2021-07-26 at 18:42 -0700, Liu Yong wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I'm a beginner at CAS, so this question
certificate in Idp
metadata?
Ray Bon 在 2021年6月16日 星期三上午5:08:46 [UTC+8] 的信中寫道:
Does your IdP metadata have certificate(s)?
Ray
On Tuesday, June 15, 2021 at 1:35:43 PM UTC-7 jaso...@princeton.edu wrote:
I think we are making progress, now we are getting this error message
Unable to locate signing
Your error is about signing credentials for the IdP.
Cas should create metadata and certificates. Perhaps cas is unable to write
into the default directory, /etc/cas
If this is a just a POC, you could turn off signing. See service config here,
Sidhant,
You may be able to get some direction by searching for webflow at this blog,
https://fawnoos.com/blog/
Ray
On Thu, 2021-07-22 at 09:57 -0700, Sidhant Chetan Setia wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links
Artur,
For multiple entries you can create and array:
cas.authn.pm.ldap[0].type
cas.authn.pm.ldap[0].ldap-url
cas.authn.pm.ldap[0].bind-credential
cas.authn.pm.ldap[1].type
cas.authn.pm.ldap[1].ldap-url
cas.authn.pm.ldap[1].bind-credential
Ray
On Thu, 2021-07-22 at 02:55 -0700, artur miś
Artur,
I think excludedAuthenticationHandlers is only for the authentication flow and
not a policy for service access.
Take a look at,
https://apereo.github.io/cas/6.3.x/services/Configuring-Service-Access-Strategy.html
for service access policy.
Ray
On Wed, 2021-07-21 at 03:41 -0700, artur
Anusuya,
Try these loggers to see if cas is changing the attribute or if that is what is
returned to cas from the attribute source.
Anusuya,
Hazelcast instance-name would be the same for all hosts in the cluster, say
'casProd'. I do not think that is related to your issue.
What does your service define as a unique identifier (you use email as the
lookup)?
You can set the username attribute,
Jeremy,
I see this in cas 6.3.4 as well.
Ray
On Mon, 2021-07-19 at 15:19 +, Wickham, Jeremy wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I am looking to go to production with v6.2.8 very
check. But still no XML cas
response itself. We're not using an included servlet container, but an external
Tomcat where we deploy the cas.war file.
On Wed, Jul 14, 2021 at 9:11 AM Ray Bon mailto:r...@uvic.ca>>
wrote:
Baron,
You may be able to get some data from t
the University of Victoria email
system. Please be cautious with links and sensitive information.
All,
Thanks to Ray Bon for reminding me that TARGET was SAML 1.1 related.
I checked my build.gradle and sure enough I had the saml.core commented
out. I rebuilt and redeployed now cas will not start
Baron,
You may be able to get some data from these loggers:
Ray
On Wed, 2021-07-14 at 08:02 -1000, Baron Fujimoto wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and
Erik,
TARGET is used with SAML 1.1 protocol.
https://apereo.github.io/cas/6.3.x/protocol/SAML-Protocol.html
Ray
On Wed, 2021-07-14 at 17:13 +, 'Mallory, Erik' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious
ntegrate with
third party Identity & Service Providers by means of standards like SAML.
Remove our IdP is not an option.
May be what I need is exactly the opposite, forgetting the result of the first
SAML SSO Delegation, it would act as if the Trusted Integration is the first
Integration act.
Bu
Jon,
You could get all attributes from your IdP and third party IdP on first login.
Once cas has established a session (TGC) it no longer attempts to create new
user attributes.
Two cas servers would mean no sso.
Can you remove your IdP and let cas to its work?
Ray
On Thu, 2021-07-08 at
I will agree with Robert. The space is being sent to cas.
Use samltracer (or built in chrome dev tools) to see the request.
Ray
On Mon, 2021-07-05 at 13:01 +, King, Robert wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with
Andy,
Here is a similar project, https://fawnoos.com/2021/02/28/cas64-cas-initializr/
Ray
On Sat, 2021-07-03 at 07:30 -0700, Andy Ng wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi all,
I
Baron,
The order of the loggers does not matter, just specificity. You might want to
include additivity so nothing bubbles up to more general loggers.
You will have to keep an eye on your log output to track sensitive details.
Perhaps a test user with a distinctive password that
401 - 500 of 1288 matches
Mail list logo
