RE: [EXT] Re: [cas-user] CAS 6.6.8 - Authenticate using AD

It looks like you have a mix of different formats for property names. Can you share your current properties? You have some older names mixed with some current names. For example, after reviewing your original message, the ‘base DN’ property should be ‘cas.authn.ldap[0].base-dn’ and not

RE: [EXT] [cas-user] CAS 6.3.4 SAML Error.

Eric, What does the access log look like on the servlet container? For example, Tomcat should have a localhost_access_.log file that records all of the requests. I've seen this when ticket validation fails and I've had luck spotting the issue in the past by reviewing the incoming requests.

RE: [EXT] [cas-user] Re: CAS 6.1.6 inotify instances skyrocketing with Groovy files in SAML service.

Hi All, Good timing – I think I just ran into this issue this morning running a Groovy authentication policy but most of our services are CAS. I’m going to keep an eye on it and will let you know what I find. CAS 6.3.0 on Java 11 Thanks, Tom From: cas-user@apereo.org On Behalf Of William

RE: [EXT] [cas-user] Tomcat versions for CAS 3.5.2

K, I don’t know the exact answer but here’s some feedback based on my experiences: What you need to figure out is what JDK you can run 3.5.2 on and then from there you can determine the latest version of the Tomcat container that might work. I’ve seen 3.5.2 on Java 8 with Tomcat 7. Since it

RE: [EXT] [cas-user] Attribute Repository issue!

I would recommend digging through your logs – I’m guessing that the value you’re seeing there (cyiXVXfM2gcgUD6d1kBfoa21HiUlt6vfDwdn) is being pulled as a principal attribute. I had a similar problem where the application kept trying to use one of the password attributes that was being returned

[cas-user] Freshdesk SAML with CAS

Keith, My guess would be that your attribute mapping that is coming through CAS doesn’t match the same format that ADFS was using. I would review the SAML assertion contents and the attribute encoding. If that is the problem you can either change the attribute encoding format in CAS or you can

[cas-user] Re: CAS v 6.2.x - Remove Banner version

Jeremie, The output that it is referring to there is in the cas.log file and would not be visible to users. Thanks, Tom From: cas-user@apereo.org On Behalf Of Jérémie Pilette Sent: Monday, January 25, 2021 8:08 AM To: CAS Community Cc: Fernando Gómez ; Jérémie Pilette Subject: [EXT]

[cas-user] Jpa Connection pool settings

Joe, I don’t know if you removed it for security purposes but the error says that the application timed out trying to connect to the database and your settings are empty. It looks like your database URL (and other details) may be missing. Either way, double check your

[cas-user] Authentication Policy with Multiple Directories

licy script to throw a Prevented Exception on certain conditions. It mostly works but it isn’t perfect and it seems like the authentication policy is the root issue so I’d like to create a new one either through a Groovy script or Java, if necessary. Thanks, Tom From: 'Tom O'Neill' via CAS Community Se

Re: [cas-user] Strict Authentication Source Policy with newer Authentication Policy approach - CAS 6.2.3 - still.

Hi Colin, Did you ever get past this issue? I have a different issue but I am also troubleshooting the authentication manager/password policies and I’d be curious to know where you ended up. I am attempting to get the authentication manager to stop processing handlers if one returns an

[cas-user] Authentication Policy with Multiple Directories

policy. I added the following dependency and I see the log entries: cas-server-support-generic I’m going to see if I can use this approach to accomplish my goal. Still open to suggestions. Thanks, Tom From: 'Tom O'Neill' via CAS Community Sent: Tuesday, January 5, 2021 12:08 PM To: cas-user

RE: [EXT] [cas-user] Authentication Policy with Multiple Directories

LDAP after authentication fails on the first. Thanks, Tom From: 'Tom O'Neill' via CAS Community Sent: Friday, January 1, 2021 3:51 PM To: cas-user@apereo.org Subject: [EXT] [cas-user] Authentication Policy with Multiple Directories CAUTION: This email originated from outside of SIG. Exercise

[cas-user] Authentication Policy with Multiple Directories

Hi All, I am working on a CAS 6.3 deployment where we need to configure multiple directories for authentication using LDAP. I have both LDAP sources configured and working with LPPE enabled but I need to change the authentication behavior slightly. If the user is found in the first directory

RE: [EXT] Re: [cas-user] trouble getting saml idp to work with O365

Stewart, I would recommend double checking the contents of the assertion that is captured through the SAML tracer. You’ll want to verify that you’re providing the correct attributes as well: Name ID Immutable ID (objectGUID) IDPEmail UPN You’ll also

RE: [EXT] [cas-user] which version of SAML do I have

Jennifer, I’m not sure there’s anywhere you can screenshot but the modules you’ve built CAS with should show the versions for everything. Thanks, Tom From: cas-user@apereo.org On Behalf Of Jennifer LaVoie Sent: Tuesday, July 16, 2019 10:49 AM To: CAS Community Subject: [EXT] [cas-user]

RE: [cas-user] CAS is Federated SSO?

Yan, Sounds like you’re on the right track and CAS can probably continue to meet your SSO needs. What version of CAS are you on now? With the right modules and configuration, a CAS server could support Open ID and SAML 2.0, in addition to CAS. Tom From: cas-user@apereo.org On Behalf Of Yan

RE: [cas-user] RE: CAS 5.2 PAC4J SAML 2.0 Delegation Behavior

property is still computed in the DelegationAuthenticationClientAction, but the redirection is applied on the HTML page. Thanks. Best regards, Jérôme Le jeu. 24 janv. 2019 à 23:25, Tom O'Neill mailto:one...@sigcorp.com>> a écrit : Hi All, I did some additional testing and thought I’d p

[cas-user] RE: CAS 5.2 PAC4J SAML 2.0 Delegation Behavior

and only delegate if the user isn’t already authenticated. Thanks, Tom From: cas-user@apereo.org On Behalf Of Tom O'Neill Sent: Thursday, January 24, 2019 2:41 PM To: cas-user@apereo.org Subject: [cas-user] CAS 5.2 PAC4J SAML 2.0 Delegation Behavior Hi All, I am troubleshooting application

[cas-user] CAS 5.2 PAC4J SAML 2.0 Delegation Behavior

Hi All, I am troubleshooting application integration and looking for some insight. We have a CAS 5.2 instance with the PAC4J module, which is being used to delegate authentication to an IdP using SAML 2.0. Based on some testing, it seems like the CAS server is delegating authentication to the

RE: [cas-user] username cas in CAS

Jen, You need something like this in the service provider JSON: "usernameAttributeProvider" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", "canonicalizationMode" : "UPPER" } The canonicalizationMode: “UPPER” should do the trick. Thanks, Tom

RE: [cas-user] Ldap Authentication with Active Directory

The connection reset is a networking issue. I would confirm the hostname and port that you are using and I would confirm that your VM should be able to hit the port and isn't being blocked by a firewall. Thanks,     Tom -Original Message- From: cas-user@apereo.org

RE: [cas-user] CAS Load Test Scripts

Duane, I like to use Apache JMeter. Thanks, Tom O’Neill From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Duane Booher Sent: Tuesday, October 17, 2017 5:33 PM To: CAS Community Subject: [cas-user] CAS Load Test Scripts Hi, does anyone have suggestions

RE: [cas-user] JVM Heap Kept Growing every day

RJ, I could be missing something but your most recent summary of the heap behavior sounds pretty normal. Your arguments have the JVM heap initializing at 2 GB and maxing out at 4 GB. When garbage collection occurs, some of the memory used by the heap should be freed up. Sometimes this doesn’t

RE: [cas-user] CAS 4.2.7 ticket validating failed

Scripting the requests and parsing of the ST would do the trick. You already have the CURL commands so you’d just need to parse out the ticket. Thanks, Tom From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Ray Bon Sent: Friday, August 18, 2017 11:13 AM To: cas-user@apereo.org

RE: [cas-user] JVM Heap Kept Growing every day

is that we dont know the statistics about no# of tickets in the registry...etc. Any clues ? On Fri, Aug 18, 2017 at 9:12 AM, Tom O'Neill <one...@sigcorp.com<mailto:one...@sigcorp.com>> wrote: Are tickets ever expiring or are the tables just consistently growing? If you have a probl

RE: [cas-user] JVM Heap Kept Growing every day

Are tickets ever expiring or are the tables just consistently growing? If you have a problem with your ticket registry cleaner your data set will grow and your heap will never fully recover without recycling services. You shouldn’t have to restart nightly if the ticket registry cleaner is

RE: [cas-user] CAS 4.2.7 ticket validating failed

Thomas, This doesn’t look quite right at first glance: Call : https://int-sso.example.com/cas/p3/serviceValidate?ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com=https%3A%2F%2Fapp.example.com%2Flogin You have a service parameter and you’ve got the service ticket but you should have a ticket

RE: [cas-user] CAS-Management : Services Added are lost after tomcat restart

Hi, What version of CAS are you using? You need to look at configuring a persistent service registry for CAS and the Service Management app. https://apereo.github.io/cas/5.1.x/installation/JSON-Service-Management.html Thanks, Tom From: cas-user@apereo.org [mailto:cas-user@apereo.org] On

[cas-user] RE: Passing attributes to Shibboleth IDP using shib-cas-authn3

Hi Ted, This is something that I’ve come across several times in the past and from what I recall in my previous research, the ShibCas plugin doesn’t support the processing of CAS attributes. I’ve ended up configuring the attribute resolver in Shibboleth to perform additional LDAP queries after

RE: [cas-user] CAS 4.2.2 Hibernate catalina.out logging

@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Ray Bon Sent: Wednesday, January 11, 2017 7:12 PM To: cas-user@apereo.org Subject: Re: [cas-user] CAS 4.2.2 Hibernate catalina.out logging Tom, Set database.show.sql to false. Ray On 2017-01-11 15:49, Tom O'Neill wrote: Hi All, After recently

[cas-user] CAS 4.2.2 Hibernate catalina.out logging

may be missing something obvious (hopefully) but would appreciate any feedback. Thanks!! Tom O'Neill -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io

[cas-user] Help For Jpa Ticket Registry - 4.2.5

Hi, The majority of the configuration has been auto-wired at this point. Follow the steps outlined at: https://apereo.github.io/cas/4.2.x/installation/JPA-Ticket-Registry.html 1. Add Maven dependency 2. Add jpaTicketRegistry bean to deployerConfigContext.xml 3.

RE: [cas-user] [CAS USER] MAnagement

It sounds like you might need to look at using a persistent service registry. Once you’ve figured out what type of registry you want to use you can work on getting the services management application running. Thanks, Tom O’Neill From: cas-user@apereo.org [mailto:cas-user@apereo.org] On

RE: [cas-user] CAS 4.2.2 jpaTicketRegistry Issues

registry working on the first try with MySQL. Thanks, Tom O’Neill From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Tom O'Neill Sent: Tuesday, June 28, 2016 9:41 AM To: cas-user@apereo.org Subject: RE: [cas-user] CAS 4.2.2 jpaTicketRegistry Issues Misagh, I think that sounds

RE: [cas-user] Implementation CAS

Carlos, You should start by becoming familiar with the Maven overlay process (if you aren’t already). The next question would be – what CAS release are you working with? You’ll want to review the JPA notes for the corresponding release. Thanks, Tom O’Neill From: cas-user@apereo.org

RE: [cas-user] CAS 4.2.2 jpaTicketRegistry Issues

rm.jpa and org.springframework.transaction. See if you can spot anomalies. If you want to post your overlay to the issues project so we can duplicate it, that’s fine too. From: cas-user@apereo.org<mailto:cas-user@apereo.org> [mailto:cas-user@apereo.org] On Behalf Of Tom O'Neill Sent: Tues

RE: [cas-user] CAS 4.2.2 jpaTicketRegistry Issues

gistry Issues Point your overlay to 4.2.4-SNAPSHOT and try again please. (make sure you force an update with –U) From: cas-user@apereo.org<mailto:cas-user@apereo.org> [mailto:cas-user@apereo.org] On Behalf Of Tom O'Neill Sent: Monday, June 27, 2016 12:05 PM To: cas-user@apereo.org<

[cas-user] CAS 4.2.2 jpaTicketRegistry Issues

G [com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool] - 2016-06-27 13:35:01,617 DEBUG [com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool] - Thanks, Tom O'Neill -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscr