[cas-user] CAS 6.5.5 Hazelcast discovery documentation issue

Hi, Just noticed that the property cas.ticket.registry.hazelcast.cluster.discovery.enabled is missing in documentation. (or I'm not able to find it) I guess it's because there's no global discovery page in documentation but new users are not going to find correct information to setup discovery.

[cas-user] Force external IDP based on user attribute

Hello All, I'm using cas 6.5 and I would like solve this scenario: User can login by ldap password OR with external IDP. But, if the user authenticate with ldap AND attribute resolution shows me he's en employee for example, I would like to force him through external IDP. And I would like to

[cas-user] Re: CAS 6.5.2 JPA Google OTP broken

Hi Gregory, Have you find something to stop the error ? Le jeudi 7 avril 2022 à 19:21:05 UTC+2, Gregory G a écrit : > Hello, > > I have this error with this : > > cas.authn.mfa.gauth.jpa.driver-class=org.mariadb.jdbc.Driver > cas.authn.mfa.gauth.jpa.url=jdbc:mariadb://xxx >

[cas-user] Environment variable substitution

Hello, Im running CAS 6.3 on openshift and I try to move all my sensitive attributes like password in a secret. I put every sensitive attribute in a secret and load them as environment variables. I have an issue with list as cas does not recognize them So for example my env variable is :

[cas-user] Re: CAS 6.3.5 bug with SubjectConfirmationNotOnOrAfter ?

3491b00d93880ee2aeee8919 > > Thanks. > Olivier. > > > On Thursday, July 8, 2021 at 12:37:53 PM UTC-4 Stéphane Delcourt wrote: > >> Hi All, >> >> I've just noticed in 6.3.5 the notonorafter timestamp in the saml subject >> confirmation is always set to the au

[cas-user] CAS 6.3.5 bug with SubjectConfirmationNotOnOrAfter ?

Hi All, I've just noticed in 6.3.5 the notonorafter timestamp in the saml subject confirmation is always set to the authentication date. So the saml envelope is valid only on the first login but then sso is not working for saml few seconds after login. I've enabled the notbefore to show the

[cas-user] logout redirect not working

Hi All, Using cas 6.2.6 I have both version of parameter set to true to be sure: cas.logout.follow-service-redirects=true cas.logout.followServiceRedirects=true Even like this when I logout the browser keep the logout page and redirect never happens :

[cas-user] unable to use OIDC if I remove contextpath

Hi, I try to remove contextpath in my cas deployment config would like to have https://servername/login instead of https://servername/cas/login But it looks like doing this broke oidc configuration I do not understand why but cas generate http 500 when I log in with a service requesting oidc

Re: [cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

ll,"openid":null,"profile":null,"name":null,"email":null,"first_name":null,"last_name":null}}* > > _type=code > _uri=https%3A%2F%2Fxwikl.x%2Fxxx%2Foidc%2Fauthenticator% > 2Fcallback > _id=XXX > > > In *

[cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

I think you have to list the scopes available in the service definition like described here: https://apereo.github.io/cas/development/installation/OIDC-Authentication.html#scope-based-claims Le jeudi 25 juin 2020 à 13:04:33 UTC+2, Jakub Fridrich a écrit : > info: CAS 6.2.0-RC5 builded from

[cas-user] cas 4.2 multiple virtual host

Hi everyone, We are using cas 4.2 actually in our environment. The hostname config is classic and look like this - app1.example.com (protected by cas) - app2.example.com (protected by cas) - sso.example.com I would like to be able to do something like this: For app1, login page