It looks like you have a mix of different formats for property names.
Can you share your current properties?
You have some older names mixed with some current names.
For example, after reviewing your original message, the ‘base DN’ property
should be ‘cas.authn.ldap[0].base-dn’ and not
Eric,
What does the access log look like on the servlet container?
For example, Tomcat should have a localhost_access_.log file that records
all of the requests.
I've seen this when ticket validation fails and I've had luck spotting the
issue in the past by reviewing the incoming requests.
Hi All,
Good timing – I think I just ran into this issue this morning running a Groovy
authentication policy but most of our services are CAS.
I’m going to keep an eye on it and will let you know what I find.
CAS 6.3.0 on Java 11
Thanks,
Tom
From: cas-user@apereo.org On Behalf Of William
K,
I don’t know the exact answer but here’s some feedback based on my experiences:
What you need to figure out is what JDK you can run 3.5.2 on and then from
there you can determine the latest version of the Tomcat container that might
work.
I’ve seen 3.5.2 on Java 8 with Tomcat 7.
Since it
I would recommend digging through your logs – I’m guessing that the value
you’re seeing there (cyiXVXfM2gcgUD6d1kBfoa21HiUlt6vfDwdn) is being pulled as a
principal attribute.
I had a similar problem where the application kept trying to use one of the
password attributes that was being returned
Keith,
My guess would be that your attribute mapping that is coming through CAS
doesn’t match the same format that ADFS was using.
I would review the SAML assertion contents and the attribute encoding.
If that is the problem you can either change the attribute encoding format in
CAS or you can
Jeremie,
The output that it is referring to there is in the cas.log file and would not
be visible to users.
Thanks,
Tom
From: cas-user@apereo.org On Behalf Of Jérémie Pilette
Sent: Monday, January 25, 2021 8:08 AM
To: CAS Community
Cc: Fernando Gómez ; Jérémie Pilette
Subject: [EXT]
Joe,
I don’t know if you removed it for security purposes but the error says that
the application timed out trying to connect to the database and your settings
are empty.
It looks like your database URL (and other details) may be missing.
Either way, double check your
licy script to throw a Prevented Exception on
certain conditions.
It mostly works but it isn’t perfect and it seems like the authentication
policy is the root issue so I’d like to create a new one either through a
Groovy script or Java, if necessary.
Thanks,
Tom
From: 'Tom O'Neill' via CAS Community
Se
Hi Colin,
Did you ever get past this issue?
I have a different issue but I am also troubleshooting the authentication
manager/password policies and I’d be curious to know where you ended up.
I am attempting to get the authentication manager to stop processing handlers
if one returns an
policy.
I added the following dependency and I see the log entries:
cas-server-support-generic
I’m going to see if I can use this approach to accomplish my goal.
Still open to suggestions.
Thanks,
Tom
From: 'Tom O'Neill' via CAS Community
Sent: Tuesday, January 5, 2021 12:08 PM
To: cas-user
LDAP after authentication
fails on the first.
Thanks,
Tom
From: 'Tom O'Neill' via CAS Community
Sent: Friday, January 1, 2021 3:51 PM
To: cas-user@apereo.org
Subject: [EXT] [cas-user] Authentication Policy with Multiple Directories
CAUTION: This email originated from outside of SIG. Exercise
Hi All,
I am working on a CAS 6.3 deployment where we need to configure multiple
directories for authentication using LDAP.
I have both LDAP sources configured and working with LPPE enabled but I need to
change the authentication behavior slightly.
If the user is found in the first directory
Stewart,
I would recommend double checking the contents of the assertion that is
captured through the SAML tracer.
You’ll want to verify that you’re providing the correct attributes as well:
Name ID Immutable ID (objectGUID)
IDPEmail UPN
You’ll also
Jennifer,
I’m not sure there’s anywhere you can screenshot but the modules you’ve built
CAS with should show the versions for everything.
Thanks,
Tom
From: cas-user@apereo.org On Behalf Of Jennifer LaVoie
Sent: Tuesday, July 16, 2019 10:49 AM
To: CAS Community
Subject: [EXT] [cas-user]
Yan,
Sounds like you’re on the right track and CAS can probably continue to meet
your SSO needs.
What version of CAS are you on now? With the right modules and configuration, a
CAS server could support Open ID and SAML 2.0, in addition to CAS.
Tom
From: cas-user@apereo.org On Behalf Of Yan
property is still computed in the
DelegationAuthenticationClientAction, but the redirection is applied on the
HTML page.
Thanks.
Best regards,
Jérôme
Le jeu. 24 janv. 2019 à 23:25, Tom O'Neill
mailto:one...@sigcorp.com>> a écrit :
Hi All,
I did some additional testing and thought I’d p
and
only delegate if the user isn’t already authenticated.
Thanks,
Tom
From: cas-user@apereo.org On Behalf Of Tom O'Neill
Sent: Thursday, January 24, 2019 2:41 PM
To: cas-user@apereo.org
Subject: [cas-user] CAS 5.2 PAC4J SAML 2.0 Delegation Behavior
Hi All,
I am troubleshooting application
Hi All,
I am troubleshooting application integration and looking for some insight.
We have a CAS 5.2 instance with the PAC4J module, which is being used to
delegate authentication to an IdP using SAML 2.0.
Based on some testing, it seems like the CAS server is delegating
authentication to the
Jen,
You need something like this in the service provider JSON:
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
"canonicalizationMode" : "UPPER"
}
The canonicalizationMode: “UPPER” should do the trick.
Thanks,
Tom
The connection reset is a networking issue.
I would confirm the hostname and port that you are using and I would confirm
that your VM should be able to hit the port and isn't being blocked by a
firewall.
Thanks,
Tom
-Original Message-
From: cas-user@apereo.org
Duane,
I like to use Apache JMeter.
Thanks,
Tom O’Neill
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Duane Booher
Sent: Tuesday, October 17, 2017 5:33 PM
To: CAS Community
Subject: [cas-user] CAS Load Test Scripts
Hi, does anyone have suggestions
RJ,
I could be missing something but your most recent summary of the heap behavior
sounds pretty normal.
Your arguments have the JVM heap initializing at 2 GB and maxing out at 4 GB.
When garbage collection occurs, some of the memory used by the heap should be
freed up.
Sometimes this doesn’t
Scripting the requests and parsing of the ST would do the trick.
You already have the CURL commands so you’d just need to parse out the ticket.
Thanks,
Tom
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Ray Bon
Sent: Friday, August 18, 2017 11:13 AM
To: cas-user@apereo.org
is that we dont know
the statistics about no# of tickets in the registry...etc. Any clues ?
On Fri, Aug 18, 2017 at 9:12 AM, Tom O'Neill
<one...@sigcorp.com<mailto:one...@sigcorp.com>> wrote:
Are tickets ever expiring or are the tables just consistently growing?
If you have a probl
Are tickets ever expiring or are the tables just consistently growing?
If you have a problem with your ticket registry cleaner your data set will grow
and your heap will never fully recover without recycling services.
You shouldn’t have to restart nightly if the ticket registry cleaner is
Thomas,
This doesn’t look quite right at first glance:
Call :
https://int-sso.example.com/cas/p3/serviceValidate?ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com=https%3A%2F%2Fapp.example.com%2Flogin
You have a service parameter and you’ve got the service ticket but you should
have a ticket
Hi,
What version of CAS are you using?
You need to look at configuring a persistent service registry for CAS and the
Service Management app.
https://apereo.github.io/cas/5.1.x/installation/JSON-Service-Management.html
Thanks,
Tom
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On
Hi Ted,
This is something that I’ve come across several times in the past and from what
I recall in my previous research, the ShibCas plugin doesn’t support the
processing of CAS attributes.
I’ve ended up configuring the attribute resolver in Shibboleth to perform
additional LDAP queries after
@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Ray Bon
Sent: Wednesday, January 11, 2017 7:12 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 4.2.2 Hibernate catalina.out logging
Tom,
Set database.show.sql to false.
Ray
On 2017-01-11 15:49, Tom O'Neill wrote:
Hi All,
After recently
may be missing something obvious (hopefully) but would appreciate any
feedback.
Thanks!!
Tom O'Neill
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io
Hi,
The majority of the configuration has been auto-wired at this point.
Follow the steps outlined at:
https://apereo.github.io/cas/4.2.x/installation/JPA-Ticket-Registry.html
1. Add Maven dependency
2. Add jpaTicketRegistry bean to deployerConfigContext.xml
3.
It sounds like you might need to look at using a persistent service registry.
Once you’ve figured out what type of registry you want to use you can work on
getting the services management application running.
Thanks,
Tom O’Neill
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On
registry
working on the first try with MySQL.
Thanks,
Tom O’Neill
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Tom O'Neill
Sent: Tuesday, June 28, 2016 9:41 AM
To: cas-user@apereo.org
Subject: RE: [cas-user] CAS 4.2.2 jpaTicketRegistry Issues
Misagh,
I think that sounds
Carlos,
You should start by becoming familiar with the Maven overlay process (if you
aren’t already).
The next question would be – what CAS release are you working with?
You’ll want to review the JPA notes for the corresponding release.
Thanks,
Tom O’Neill
From: cas-user@apereo.org
rm.jpa and
org.springframework.transaction. See if you can spot anomalies.
If you want to post your overlay to the issues project so we can duplicate it,
that’s fine too.
From: cas-user@apereo.org<mailto:cas-user@apereo.org>
[mailto:cas-user@apereo.org] On Behalf Of Tom O'Neill
Sent: Tues
gistry Issues
Point your overlay to 4.2.4-SNAPSHOT and try again please. (make sure you force
an update with –U)
From: cas-user@apereo.org<mailto:cas-user@apereo.org>
[mailto:cas-user@apereo.org] On Behalf Of Tom O'Neill
Sent: Monday, June 27, 2016 12:05 PM
To: cas-user@apereo.org<
G
[com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool] -
2016-06-27 13:35:01,617 DEBUG
[com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool] -
Thanks,
Tom O'Neill
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscr
38 matches
Mail list logo