Hello,
Is it possible to have the Logstash Grok patterns on a GitHub repository?
This way, we can avoid reinventing the wheel.
Thank you in advance.
Le mardi 26 mars 2019 à 17:20:09 UTC+1, magicserverpixiedust a écrit :
> Using Elasticsearch for CAS auditing here. Filebeat agent tails the cas
Hello
yes it would be interesting because I have sso.domain.fr sso1.domain.fr
sso2.domain.fr and I have to modify my configuration file when for example
I want to test a new version
Le vendredi 15 septembre 2023 à 15:04:26 UTC+2, Jérôme LELEU a écrit :
> Hi,
>
> One of my customers has requeste
Hello
We have a random connection issue with our internal GitLab service via our
CAS with the OIDC module. In the logs, we see the following message:
"Registered service [oidc-gitlab] is not found or is not authorized for
access."
A simple container restart is enough to get the connection working
Hi
It works, user can login if using wrong password
William
Le mer. 5 avr. 2023 à 23:56, Ray Bon a écrit :
> William,
>
> If the throttled user tries to log in after the page refresh, what happens?
>
> Ray
>
> On Wed, 2023-04-05 at 07:14 -0700, William Vincent (Wix31) wr
/
> failureRangeInSeconds. For instance, the failure rate for the above
> scenario would be 0.33. An authentication
> attempt may be considered throttled if the request submission rate
> (calculated as the difference between the current date and the last
> submission date) exceed
Hello
I have a problem with throttling
When I do a lot of unsuccessful tries I get the message "Unauthorized
access You have entered the wrong password too many times in a row. You
have been rejected.".
But if I refresh the page, the form is displayed and in
"cas/actuator/throttles" the line wi
Try https://apereo.github.io/cas/Older-Versions.html
Sent from a device.
> On Apr 23, 2022, at 11:31 AM, '刘观良' via CAS Community
> wrote:
>
>
> why 5.3.x cannot open, but version 6.x and above can be opened. I checked it
> out two days ago, and it can be opened.
>
> 404 appears
> https://a
@RootName,
Welcome to CAS!
To better assist you, what exactly do you want out of this? CAS as an IdP
with only the CAS protocol, SAML or both?
Moodle: https://docs.moodle.org/311/en/CAS_server_(SSO)_authentication
Office 365:
https://apereo.github.io/2018/12/06/cas53-office365-saml2-integration/
FWIW, we were once a Shib shop. Then we went to SimpleSAMLphp for the SAML
piece while CAS served only the CAS protocol. We have since moved
everything into CAS starting in 6.1. The config is very versatile in the
service properties. We have some interesting vendors who want the craziest
names
, 2022 at 5:35:39 AM UTC-4 William Jojo wrote:
> Our password reset config has worked perfectly on 6.1, 6.2, and 6.3.
> Moving to 6.4 seems to have some bug.
>
> Please see the log entries below. It seems the JDBC PM service thinks the
> query is null.
>
> 6.3.7.4 debug at t
Our password reset config has worked perfectly on 6.1, 6.2, and 6.3. Moving
to 6.4 seems to have some bug.
Please see the log entries below. It seems the JDBC PM service thinks the
query is null.
6.3.7.4 debug at the point of using the reset link:
2022-04-06 04:49:27,511 DEBUG
[org.springfra
),
StandardCopyOption.REPLACE_EXISTING)
Hope this helps someone else. And, if anyone has an idea why I'd love to
know...
Bill
On Friday, April 1, 2022 at 9:50:22 AM UTC-4 William Jojo wrote:
> Hello,
>
> I have tried clearing my .gradle cache and I am running out of ideas to
> get these resources ex
Hello,
I have tried clearing my .gradle cache and I am running out of ideas to get
these resources extracted.
Any help is greatly appreciated.
Thank you!
On Friday, April 1, 2022 at 5:32:37 AM UTC-4 William Jojo wrote:
> Hello all,
>
> Trying to extract template views using getRes
Hello all,
Trying to extract template views using getResource and I keep getting the
following:
> Task :getResource FAILED
FAILURE: Build failed with an exception.
* Where:
Script '/opt/workspace/6.4-new/cas-overlay-template/gradle/tasks.gradle'
line: 341
* What went wrong:
Execution failed
Hello
i have docker-compose and i use cas-overlay-template/tree/6.3 .
this error happens when I use 'docker-compose build'.
I will not install openjdk because I am in a container .
I try with 6.4 but it's same result :/
thanks for your help
docker-compose build
redis uses an image, skipping
Buildi
Noelette,
Confirmed. I am doing non-autoforwarding SAML2 delegation to Azure. I have
nginx proxy in front of embedded Tomcat app.war. Works in 6.3.7.1, borked
in 6.4.2. Double-checked all of my cas.properties, nothing amiss.
In 6.3.7.1 (working):
2021-11-15 07:04:50,891 DEBUG
[org.apereo.cas.
/catalina/valves/RemoteIpValve.html
> NB2 : it requires rev proxy to set some headers.
> - nginx : proxy_set_header X-Forwarded-Proto $scheme
> - apache2 httpd : RequestHeader set X-Forwarded-Proto
> expr=%{REQUEST_SCHEME}
>
>
> On 15/11/2021 00:07, William Jojo wrote:
> >
Ugh, of course it makes a difference. It is not using AJP any more...
Clearly some rest is in order...
Bill
On Sun, Nov 14, 2021 at 7:14 PM William Jojo wrote:
> Well, it seems adding the following:
>
> cas.server.tomcat.http-Proxy.protocol=HTTP/1.1
>
> Makes a difference. No
Well, it seems adding the following:
cas.server.tomcat.http-Proxy.protocol=HTTP/1.1
Makes a difference. Not entirely sure why. Can anyone shed light on this?
Thank you!
Bill
On Sunday, November 14, 2021 at 6:08:11 PM UTC-5 William Jojo wrote:
> Hello all,
>
> Whenever I try to
Hello all,
Whenever I try to used the Fawnoos doc on configuring the CAS (6.3 or 6.4)
embedded Tomcat behind a proxy, I always get:
*The AJP Connector is configured with secretRequired="true" but the secret
attribute is either null or "". This combination is not valid.*
Even with the following:
.
Any insight would be most helpful. I cannot be the only person using the
feature.
Bill
On Thu, Jul 29, 2021 at 1:55 PM William Jojo wrote:
> To anyone who is familiar with the username (user) value being set by the
> claims of OIDC in Azure AD Delegation. CAS is setting the username
additional attributes.
Can anyone shed light on this?
Thank you!
Bill
On Wed, Jul 28, 2021 at 6:52 PM William Jojo wrote:
> Hello,
>
> I will try to keep this to the point.
>
> CAS is using the subject claim from AzureAD Delegation upon return from
> auth and setting it as the u
Hello,
I will try to keep this to the point.
CAS is using the subject claim from AzureAD Delegation upon return from
auth and setting it as the username regardless of the setting of:
cas.authn.pac4j.oidc[0].azure.principal-attribute-id=email
I can use email, upn, does not matter, it is always
rch
> it myself, I moved on since in-line worked.
>
> Let me try it on my test system and see if 6.2 or 6.3 still have the
> problem. It is possible that it is already fixed.
>
> Bill
>
> Sent from a device.
>
> On Mar 4, 2021, at 12:15 AM, Morning Star wrote:
>
>
Travis,
I am producing some documentation on a bunch of topics that have been
popping up here of late (Apache-shib, mod-auth-cas, cas-management, locust,
etc) which I plan to release shortly. I wanted to know if there was a
branch that needs testing so I can update the cas-management docs
acco
determine why this flies out of control.
Also, if anyone has info on the syntax limitations of inline Groovy scripts
and how to still do logging in the inline script that would be very helpful
for debugging.
Thank you!
Bill
On Monday, June 1, 2020 at 12:44:23 PM UTC-4, William Jojo wrote
Been running 6.1.6 for about 2 weeks. No issues - until I added SAML
support. This morning I noticed CAS no longer working. Checked log and
found:
>From log:
2020-06-01 09:05:32,086 INFO [org.apereo.cas.util.io.PathWatcherService] -
<*Watching
directory at [/etc/cas/saml]*>
2020-06-01 09:05:3
roles. And it auto-creates user account on first
sso login to zoom.
-William
On Tuesday, May 12, 2020 at 4:37:03 PM UTC-5, Keith Alston (Staff) wrote:
>
> Anyone set up Zoom SSO with CAS?? Any pointers/tips??
>
>
>
> -Keith Alston
>
> kei...@regent.edu
Not us. Canvas is hosted with the vendor, our CAS is local, we're on 5.3.
-W
On Wednesday, February 26, 2020 at 12:13:47 PM UTC-6, ste...@rutgers.edu
wrote:
>
> We received an email stating there are issues authenticating to our Canvas
> instance due to the Chrome SameSite changes. Has anyon
Good morning!
When requesting a password reset from the main CAS login page (not via
service) you receive a link like the following:
https://casdev.hvcc.edu/cas/login?pswdrst=TST-1-ATe9S6Bym5Vq8Prk6lMa9Pr86war7Ijf
However, if selected from a service's login page, you get the following
https://
Hope this is the right place to list CAS Management bugs, there are several
to report.
Please know that I love the tool and wanted to provide detailed feedback.
My management.properties looks like:
cas.server.name=https://casdev-master.hvcc.edu
cas.server.prefix=${cas.server.name}/cas
mgmt.ser
Andy,
Awesome! Thank you for the heads up!
Bill
On Thu, Jan 23, 2020 at 1:10 AM Andy Ng wrote:
> Hi Bill,
>
> Seems like the CAS team will be fixing this in latest CAS version, see
> this commit:
>
> https://github.com/apereo/cas/commit/e214dba59c2273409c406cf4301e2dc875183295
>
> Looks to me
Hello all,
Running CAS 6.1.3, OpenJDK 11.0.4, CAS Oracle driver (ojdbc10-19.3.0.0.jar)
on Ubuntu 18.04.
In 5.3.x we never needed to set a value for the
*cas.authn.pm.jdbc.sqlFindPhone*. In fact, we do not use it.
It seems in 6.1.3 there must be a query set. Otherwise you get the
following:
E
Dmitriy,
Late to the party on this one. This solution worked for me on Ubuntu 18.04
with distro packaged Tomcat 9.0.16. Thank you!
What are the ramifications of setting this value?
Bill
On Wednesday, November 13, 2019 at 8:58:43 AM UTC-5, Dmitriy Kopylenko
wrote:
>
> For what it's worth - if
We have been using Unicon <https://www.unicon.net/> for a few years now.
Misagh, who I consider the main CAS developer, works for them. We're happy
with their support.
-William
On Monday, September 9, 2019 at 1:38:05 PM UTC-5, Yan Zhou wrote:
>
> Hi,
>
> We use CAS 4.
We're on 5.3.11. Struggled with this as well, could never find a third
party tool or library that could validate the jwt generated by cas. I even
contact the maintainer of one of the python libs and he claims the cas
generated JWT was invalid. I was able to write my own java to validate
base
iVXNlcm5hbWVQYXNzd29yZENyZWRlbnRpYWwiLCJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODg4OFwvYXBpIiwiaXNJbXBlcnNvbmF0aW5nIjoiZmFsc2UiLCJhdXRoZW50aWNhdGlvbk1ldGhvZCI6IkVTTyBBdXRoIEhhbmRsZXIiLCJsb25nVGVybUF1dGhlbnRpY2F0aW9uUmVxdWVzdFRva2VuVXNlZCI6ImZhbHNlIiwiZXhwIjoxNTQ1MDc3MTEwLCJpYXQiOjE1NDUwNDgzMTAsImp0aSI6IlNULTEtYUZwSnRnRXFXTHc3VUREVlN3VnB4SGZucDhnR0EwMjI1ODcifQ
> %3D%3D
> .WB71awCAFz2tsa1ZqoZnWacKKVAarjsylBuOvnetHf9CHsIFgYtg58-2hCbeJT-gMFlCzaolriDsks1bE_RIPw
>
> If I remove '%3D%3D' from J
I think you are seeing the discrepancy due to base64 vs. base64url
decoding. I think the jwt spec. wants base64 url vs. plain base64.
https://en.wikipedia.org/wiki/Base64#URL_applications
On Friday, December 14, 2018 at 9:37:45 AM UTC-6, Devendra Sisodia wrote:
>
> While decoding JWT there is
decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
jwcrypto.jwe.InvalidJWEData: Unknown Data Verification Failure
jwcrypto.jwe.InvalidJWEData: Invalid format {InvalidJWE
day, September 13, 2018 at 10:03:02 AM UTC-4, William E. wrote:
>>
>> +1
>>
>> I ended up grabbing values from the cas startup logs and setting in my
>> cas.properties. Seems to work.
>>
>>
>> On Wednesday, September 12, 2018 at 3:34:32 PM U
+1
I ended up grabbing values from the cas startup logs and setting in my
cas.properties. Seems to work.
On Wednesday, September 12, 2018 at 3:34:32 PM UTC-5, Curtis Ruck wrote:
>
> So i'm trying to automate the generation and persistence of the
> cas.tgc.crypto and cas.webflow.crypto encrypt
We upgraded cas from 5.2 to 5.3 last night. Today almost everything is
working fine except banner 8 sso logins via ellucian's ssomanager(circa
2013 version). We're sporadically seeing the below trace in the browser.
I'm suspecting the 2013 ssomanager app from ellucian is running an outdated
Your service provided in this thread:
"serviceId" : "^(https|imaps|http)://.*"
Will not match with a port specified. Try instead:
"serviceId" : "^(https|imaps|http)://.*:8443/.*"
-W
On Saturday, April 21, 2018 at 8:44:17 PM UTC-5, IOTech Co., Ltd wrote:
>
> i have got error...please help me
I feel ya... :-)
My biggest concern at the moment, as others have posted about here as well,
is the jwt is a url parameter when passed back to the client app. I would
much rather it be a header or cookie or post param or anything really
because my concern is until the jwt expiration time anyo
nderstanding the cas documents,
the
cas.authn.token.crypto.encryption.key and cas.authn.token.crypto.signing.key
accept key values directly, not file paths to files containing the keys.
Anyway, much thanks to Paul at Unicon for all his help. Support money well
spent.
-William
On Wednesday, April
Try this:
cas.authn.ldap[0].principalAttributeList=uid,userprincipalname
Instead of this:
cas.authn.ldap[0].principalAttributeId=userprincipalname
-William
On Thursday, April 12, 2018 at 2:40:00 AM UTC-5, dag wrote:
>
> Thanks for your comment William.
>
>
> I'
12, 2018 at 3:32:55 AM UTC-5, Olivier Calzi wrote:
>
> Hi William,
>
> As i showed in my configuration on my first post i have the same ldap
> configuration on the management.properties and the cas.properties.
> What do you mean exactly ?
>
> Thanks
>
> On Thursday
This makes me think you have a bad ldap search filter in your .properties
file, or maybe ldap support partially configured.
Caused by: java.lang.NullPointerException
at
org.apereo.cas.util.LdapUtils.lambda$newLdaptiveSearchFilter$2(LdapUtils.java:531)
~[cas-server-support-ldap-core-5.2.2.j
We use ldap and used an ldap filter on uid or'ed with upn. Ldap search
syntax.
Like so:
cas.authn.ldap[0].userFilter=(|(uid={user})(upn={user}))
-William
On Wednesday, April 11, 2018 at 10:26:10 AM UTC-5, dag wrote:
>
> Hi all,
>
> I've configured Apereo CAS 5.2,
for cas 5.2.3? Any idea what step I missed?
Thanks,
William
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
va.util.HashSet
[
"true"
]
]
}
jwtAsResponse:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceProperty
values:
[
java.util.HashSet
[
"true"
]
]
}
}
On Tuesday, April 10, 2018 at
trusted.libraries
./java.security
./blacklisted.certs
./java.policy
./blacklist
./policy
./policy/limited
./policy/limited/US_export_policy.jar
./policy/limited/local_policy.jar
./policy/unlimited
./policy/unlimited/US_export_policy.jar
./policy/unlimited/local_policy.jar
-William
On Tuesday, A
, not sure what else to try.
Good luck.
-William
On Tuesday, October 31, 2017 at 5:18:12 AM UTC-5, Krzysztof Kluczynski
wrote:
>
> Hi,
>
> I am getting an NPE
> [org.apereo.cas.mgmt.services.web.AbstractManagementController] -
> java.lang.NullPointerException after a succ
the same cas error.
Thanks,
William
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Comm
We grab the memberof attribute in the user record. Note it's multivalued.
On Tuesday, March 13, 2018 at 1:28:43 PM UTC-5, Марат Бралиев wrote:
>
> how best practice to check member of specific group? check in LDAP search
> query, or use some CAS (or ldaptive) handler, and check member of group
Saturday, February 24, 2018 at 3:28:23 PM UTC-5, Manfredo Hopp wrote:
>
> Send the same with hibernate debug
>
> El sábado, 24 de febrero de 2018, William Jojo > escribió:
>
>> My question is very simple. Why on Earth are there two separate calls for
>> validating PM
My question is very simple. Why on Earth are there two separate calls for
validating PM questions? There is a query to get the question(s) followed
by what seems like another query to get the answer(s). The format requires
the query to be in the form of:
select question, answer from table name
, without full BEIS the udcid in banner is not automatically
populated when new users are created. Our IDM calls a delivered BEIS
component to populate any blank udcid values in banner before ldap
provisioning since we don't use BEIS.
IP_IDENTITY_DATA_EXPORT_UTIL.P_ASSIGN_UDCID();
-William
Exactly. cas-management-overlay/target/cas-management.war
Since we use json registry, and ldap, we add the below.
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
org.apereo.cas
cas-server-support-ldap
${cas.version}
On Friday, February 9,
For Dave's docs:
We too have been working on using cas 5.2's saml2 capabilities to replace a
full shibboleth. Not quite there yet, but still working on it.
FWIW - We use apache's mod_ajp to front tomcat and these lines are what we
use in proxy_ajp.conf:
ProxyPass /cas ajp://localhost:8009/cas
Just guessing here, but you may be seeing a character set issue. Java
internally uses UTF-16 I believe. The ldap data may be coming back in
UTF-8 or some extended ascii character set depending on your ldap server
config, OS env variables, etc...
Just to be explicit, you might need to use getB
What is in the service url parameter? Add it as an allowed service regex.
For example, since I access cas-management via localhost, I have a service
that allows ^http://localhost:8080/cas-management/.*
On Friday, January 19, 2018 at 1:41:38 PM UTC-6, Ramakrishna G wrote:
>
> Application Not Au
In our cas.properties, we also have:
cas.personDirectory.principalAttribute=uid,mail
cas.personDirectory.returnNull=false
cas.personDirectory.principalResolutionFailureFatal=false
Hope this helps.
On Wednesday, January 10, 2018 at 10:30:38 AM UTC-6, rbon wrote:
>
> Sebastien,
>
> To see what is
rn:oid:2.5.4.42"
...
http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xsd:string">Jane
Anyone know of a way to specify a different value for FriendlyName than
Na
ntally run into is editing a service, clicking on access
strategy to view settings, make no changes, click save service, and now my
service(json) is set to require all my attributes.
One other, duplicate service has no "Save" button I can find.
Thanks for all your hard work on th
8.5.24]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
~[spring-web-4.3.12.RELEASE.jar:4.3.12.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.3.12.RELEASE.jar:4.3.12.RELEASE]
.
Thanks,
William
--
- Webs
o front
tomcat with apache so it was easy to copy the idp.war into tomcat and
re-enable the shib-cas-authenticator. I guess my hope of moving from
cas+shibb. to just cas will have to wait....
Thanks,
William
P.S. Jeff, thank you for posting your catalina opts!
On Wednesday, December 20, 2017
do you have
>
> if you are on Linux you can do:
> 1.uname -a
> 2-3. free -m
>
> and post the output here
>
> regards,
>
> martin
>
> On Thursday, December 21, 2017 at 11:00:30 AM UTC+11, William E. wrote:
>>
>> Does anyone have any recommendati
g=UTF-8 -server
-Xms1g -Xmx6g -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC
-XX:-UseCompressedOops"
JAVA_OPTS=$CATALINA_OPTS
Thanks,
William
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributi
I believe in 5.2.x it was renamed to cas.serviceRegistry.json.location
-W
On Monday, December 11, 2017 at 3:12:51 AM UTC-6, Didier Capdevielle wrote:
>
> Hi,
> Thanks for your answer. It better works with the good dependency ;)
>
> But now, i have another problem.
> With *same* configuration (ju
Perhaps try adding these to cas.properties?
cas.authn.attributeRepository.ldap[0].attributes.member=member
cas.authn.attributeRepository.ldap[0].attributes.memberof=memberof
On Thursday, November 23, 2017 at 4:41:33 AM UTC-6, Sanjaya Addula wrote:
>
> Hi,
>
> How can I configure cas to get the
rsondir
> person-directory-impl
> ${person.directory.version}
>
>
>
> On Tuesday, November 21, 2017 at 10:24:47 PM UTC-5, William E. wrote:
>>
>> I had to add them to mine for the username drop down in cas management to
>> get populated.
>>
>&
I had to add them to mine for the username drop down in cas management to
get populated.
On Tuesday, November 21, 2017 at 2:01:09 PM UTC-6, Justin Andrews wrote:
>
> No, I do not have those in my cas.properties...
>
> On Tuesday, November 21, 2017 at 10:49:13 AM UTC-5, Will
Do you have entries like below in your cas.properties file?
cas.authn.attributeRepository.ldap[0].attributes.uid=uid
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attribu
Is there a way to better handle a user not yet having an email in our
database of questions for PW reset? Currently get 500 Internal Server Error:
We wish we could be more directly helpful to you.
Error: Exception thrown executing
org.apereo.cas.pm.web.flow.SendPasswordResetInstructionsAction@6
Is there a quick way to change the link sent from CAS PM? The link often
contains multiple instances of a period which breaks the links in some
readers/apps.
Changing the period to %2e works always works, but can this be done within
CAS? Should I file this as a bug?
Thank you!
--
- Website:
gt;
> You can even just leave css blank, you do what you need
>
> ** cas.js (G)*
>
> You can even just leave js blank, you do what you want
>
>
> If you access your cas site using this:
> https://cas.sso.com/cas/login?service=https://dino.example.com
> The Jurassic theme s
As the title suggests, we are unable to make this work. Cannot figure out what
might be causing custom templates to be ignored. CSS/JS theming works fine,
but custom templates are needed to make structural changes. The log shows
the service recognizing the theme name, but our fragments are not b
Wonderful! This is great! Any chance you have some docs ready for theming
and tailoring the login form/experience?
Thank you!
On Friday, September 1, 2017 at 4:24:25 PM UTC-4, David Curry wrote:
>
> Hi everyone,
>
> A couple of weeks ago there was a thread here asking for CAS 5.1.x
> step-by-st
Ok, I fixed the update problem - it was the MySQL dialect I chose.
However, the presentation of multiple questions and accepting multiple
answers seems like a bug to me.
Bill
On Wednesday, August 30, 2017 at 9:33:45 AM UTC-4, William Jojo wrote:
>
> Good day to you all!
>
> As
Good day to you all!
As the subject says, I am having two issues with JDBC Password Management.
The first involves the questions.
2017-08-29 20:42:15,243 DEBUG
[org.apereo.cas.pm.jdbc.JdbcPasswordManagementService] -
All three questions are found in the DB and the form presents all of the
qu
Perfect!
As always, thank you so much!
Bill
On Tuesday, August 29, 2017 at 10:21:29 AM UTC-4, Misagh Moayyed wrote:
>
> *password.expiration.warning=Your password expires in {0} day(s). Please
> change your password now.*
>
>
> Which, of course, translates the href to a local CAS link to {1}.
Password policy with AD seems like dabbling in the dark arts. ;-)
In 4.2.7 you cannot use it:
*Attribute 'usePasswordPolicy' is not allowed to appear in element
'ldaptive:ad-authenticator'.*
But you need ad-authenticator to make the return codes work and notify
users of expired accounts and su
I have a similar issue if you l find the answer could you please forward it
to me
On Jul 11, 2017 1:41 AM, "satheesh k" wrote:
> Hello,
>
> We are using CAS V4.1.2 and implemented SAML V1.1. However, while trying
> to validate the SAML request we realized that we need to pass "'service'
> and '
, 2017 at 6:26:59 PM UTC-4, William Jojo wrote:
>
> I see all three questions now! But I cannot get to the password entry page
> unless I only use one question.
>
> Also, I read in another thread that the JDBC drivers have an issue at
> 5.1.1 (which I, too, experienced) and th
I see all three questions now! But I cannot get to the password entry page
unless I only use one question.
Also, I read in another thread that the JDBC drivers have an issue at 5.1.1
(which I, too, experienced) and the person suggested using 5.0.6 - which
works. Should this also be fixed in 5.1
io/cas/5.1.x/installation/Configuration-Management-Extensions.html
>
> More or less the same:
> https://apereo.github.io/2017/02/21/cas-autocfg-strategy/
>
> --Misagh
>
> On July 6, 2017 at 12:48:06 PM, William Jojo (joj...@gmail.com
> ) wrote:
>
> Thank you, Misagh. I am look
Thank you, Misagh. I am looking at the code tree at
https://github.com/apereo/cas/blob/master/support/cas-server-support-pm/src/main/java/org/apereo/cas/pm/.
Again, at the moment, I am attempting to trigger the basic PM
functionality, then I can determine the injection point. If may attempt is
wort
First, I thank all of those who contribute to CAS, to the user community
and to the online docs/how-to's which have enlightened my knowledge thus
far. CAS has been a wonderful SSO tool at our college.
Second, I have both a question and request from the community. Currently we
face having to use a
I have the following environment
1. CAS server 3.51
2. Shibboleth 3.x server
3. implemented shibcas to force authentcation from the shibboleth server
to the CAS server.
I have been able to set and install CAS 3.5.1 , Shibboleth 3.x and
implemented shibcas for use the existing 3.51 f
Hi Elendrys,
It's a great question and of course a lot depends on your specific
situation. Here's my personal take...
CAS has proven itself over the years to be a fantastic and flexible
WebSSO platform, and with Misagh's leadership and help of the
community it has taken another huge leap with CAS
You should take a look at Proxy Granting Tickets, which allow an
application to securely call another app on behalf of a user.
http://stackoverflow.com/questions/6368358/restful-cas-client-and-proxy-granting-tickets
https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
Best,
Bill
On Tue, Nov
Philippe, please see my post:
https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/IXIrh-ZqzrY
Did you perhaps remove the services folder out of
cas-server-webapp/src/main/resources?
Regards,
Bill Crowell
--
You received this message because you are subscribed to the Google Groups "
I figured out what is causing this. In cas-server-webapp's
src/main/resources/application.properties I had the following:
spring.profiles.active=native
spring.cloud.config.server.native.searchLocations=file:/etc/cas/config
In /etc/cas/config/cas.properties I had the following set:
cas.serviceR
I am running CAS 5.0 RC4 on Apache Tomcat 8.0.37 on Centos 7 (Linux).
I saw another post from Philippe Marasse titled "Issue with json service
registry between CASv5 RC3-SNAP and RC4-SNAP" yesterday that looks exactly
like my issue. He was using Tomcat 8.5 though.
I am certain this is a config
All things are possible with CAS. :)
https://apereo.github.io/cas/4.2.x/integration/Attribute-Resolution.html
On Wed, Sep 14, 2016 at 9:17 AM, Toni McWild wrote:
> Hi guys,
> I have deployed 4.2 CAS server for my company but now we are facing a
> problem
>
> Our principal Handler is an LDA
Just FYI,
I committed a JMeter script (multi-level-proxy.jmx) that is the equivalent
of the Multi-Level Proxy test defined here:
1) https://wiki.jasig.org/display/CAS/CAS+Functional+Tests
2)
https://github.com/cas-projects/cas-functional-tests/blob/master/src/test/groovy/org/jasig/cas/test/va
t;/etc/cas/local-users.properties" />
>
>
>
>
> But now I am getting this error:
>
> 2016-09-08 16:25:21,599 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>
> 2016-09-08 16:25:21,599 ERROR
> [org.jasig.cas.authentication.PolicyBasedAuthenticationMan
Yes, with CAS all things are possible. :)
AuthN handlers can be changed so you can have both. Something like
this would work. You'll need to make sure your usernames don't
overlap.
Also see
https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html
Best,
This thread is regarding CAS 4.2.x (and probably with CAS 5.0 but did not
verify).
I noticed with the Ticket Registry Implementations that when a
ProxyGrantingTicket is created with the
org.jasig.cas.ticket.ServiceTicketImpl's "grantProxyGrantingTicket(String,
Authentication, ExpirationPolicy)
1 - 100 of 155 matches
Mail list logo