We are currently using CAS 5.3
How can we hide sensitive information like authentication details in the
cas properties file by using the os environment variables?
Thanks in advance
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: h
The error indicates that transport encryption is required -- this generally
means you need to change the LDAP server URI from ldap://server.domain.gTLD
to ldaps://server.domain.gTLD *but* since few LDAP servers use certs issued
from a public certificate authority (CA), you'll also need to set
I was following the build process from CAS codebase in the documentations
https://apereo.github.io/cas/developer/Build-Process-6X.html for CAS 6.0. I
did the following
1. I have cloned the codebase
2. checkout from the master branch.
3. Built the codebase using the following command
Hi Robert,
I am also facing the same issue, I just what to know the steps I need to
follow from the office 365 side. I have configured cas for office 365 but
not sure about the steps in the office 365 part
On Wednesday, July 3, 2019 at 5:41:11 AM UTC+8, Robert Bond wrote:
>
>
> Were you able to
Dear All,
Good day!!!
Currently we are using CAS 5.3.8.
In the CAS protocol 3.0 section 2.2 it is mentioned that /login can be used
as a credential acceptor.
2.2. */login* as credential acceptor
When a set of accepted credentials are passed to */login*, it acts as a
credential acceptor and it
Hello everyone,
we are using cas 5.3.8 in prod. I was trying to enable the rest password
management. I have added the dependencies and the required cas.properties
but getting a 404 response from CAS.
My cas.properties are as following:
cas.authn.pm.rest.
endpointUrlEmail=https://cas1.mys
Hello everyone,
we are using cas 5.3.8 in prod. I was trying to enable the rest password
management. I have added the dependencies and the required cas.properties
but getting a 404 response from CAS.
My cas.properties are as following:
cas.authn.pm.rest.endpointUrlEmail=https://cas1.mys
We have applications that are using CAS protocol as well as CAS REST
protocol. For applications that are using the CAS REST protocol (specially
mobile application) we want to check if the user is already log in to CAS
sso. If so then we want to let the user authenticate. We are using a
memca
ds, Did you find any solution for this error?
On Saturday, November 3, 2018 at 5:56:10 AM UTC+8,
ste...@scarletmail.rutgers.edu wrote:
>
>
> Hi,
>
> A while back I started looking at CAS 5.2.x to work toward upgrading our
> 3.6 server. I got distracted by another project. I'm now looking to
Hi Jay, Did you about to find a way out?
On Thursday, August 2, 2018 at 1:03:47 PM UTC+8, Jay wrote:
>
> Thanks Felix.
>
> Yes I did reach out to the AD team to check the bind credentials for this
> issue.
>
> The same bind credentials are used in our old CAS3.5 application and it is
> working
CAS 6 Password management is has the same problem in the flow. provided
email address is not valid
spring.mail.host=smtp.office365.com
spring.mail.port=587
spring.mail.username=myem...@staffemail.edu
spring.mail.password=mypass
spring.mail.testConnection=true
spring.mail.properties.mail.smtp.aut
Did you find a way to get around with this error?
On Friday, April 7, 2017 at 11:56:11 AM UTC+8, Marcio Gomes wrote:
>
> Hello guys,
> I am setting up CAS5.x LDAP with SSL. The LDAP's server is configured with
> a ssl certificate. The CN's certificate is not same LDAPs hostname.
> So, we got the
Hey mike,
I am having the same error now. Did you find a way to get around with it?
On Monday, July 30, 2018 at 11:48:36 PM UTC+8, Mike wrote:
>
> Is there any way to disable hostname verification in the SSL configuration
> in CAS 5.3.x? We have a cluster of 4 AD servers named nodeX.server.com
I have found this
https://support.symantec.com/en_US/article.TECH226886.html for ldap
referrel but I didn't find anything to ignore the ldap referel.
On Monday, November 19, 2018 at 10:06:28 AM UTC+8, casuser wrote:
>
> Hello Mike,
>
> We are also having the same problem. Did
Hello Mike,
We are also having the same problem. Did you able to solve it?
Regards,
On Friday, November 16, 2018 at 11:07:34 PM UTC+8, Mike wrote:
>
> Hi. Is there any way to disable CAS 5.x from following referrals returned
> by Active Directory when using the root level DC=DOMAIN,DC=COM to se
I was trying to add Google Recaptcha to CAS
This is my cas.properties
#
#Google reCAPTCHA
#
cas.googleRecaptcha.enabled=true
cas.googleRecaptcha.verifyUrl=https://www.google.com/recaptcha/api/siteverify
cas.googleRecaptcha.siteKey=
cas.googleRecaptcha.secret=xxx
It works now
just needed to change the values of the following properties
cas.authn.ldap[0].allowMultipleDns=false
cas.authn.ldap[0].type=AUTHENTICATED
On Thursday, October 25, 2018 at 9:23:29 AM UTC+8, casuser wrote:
>
> Hello Ray,
>
> Thanks for the reply.
>
> I
endency after the if else; actually after '//
> Other dependencies may be listed here...'.
>
> Ray
>
> On Wed, 2018-10-24 at 03:11 -0700, casuser wrote:
>
> *We are currently using CAS 5.2 and the current properties for LDAP
> authentication, we were trying to using
*We are currently using CAS 5.2 and the current properties for LDAP
authentication, we were trying to using the same for version 6 except the
userFiler which is changed to searchFilter but still we can't connect to
the LDAP. In the logs it's nothing even in the debug mode*
2018-10-24 17:49:12,2
I want to use the embedded tomcat as the container that is why I have
-tomcat
in the pom. But somehow my embedded container working. I have created the
keystore.
Exported the certificate to /etc/cas/config/ and also to the global home
$JAVA_HOME/jre/lib/security/cacerts
Yet when I run t
modules are on the classpath.
security.basic.authorize-mode=role
security.basic.path=/cas/status/**
# security.basic.enabled=true
# security.user.name=casuser
# security.user.password=
##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
Does CAS 5.3 provide support multiple for AD password management?
Previously in CAS version 5.2 it used to only support one Active directory
where else for
LDAP Authentication it used to support multiple Active directory as
authentication methods.
And in the CAS properties in CAS 5.3 documen
It remains valid for one attempt.
On Tuesday, February 13, 2018 at 1:00:09 AM UTC+8, Snoke, Nancy wrote:
>
> Hey all,
>
>
>
> Out of the box, are the password reset links valid only once or as many
> times as the user wants?
>
>
>
> We set up password reset functionality, and did a lot of ti
I am using CAS 5.2.x. For reset password, I get the reset password email
and from the link I can get to the reset password page where I enter my new
password and retype it but I get this error on the browser "Could not
update the account password" and nothing in the server log. I am using LDAP
El lunes, 5 de febrero de 2018, casuser > escribió:
>
>> How to set a LDAP password management for 2 different OU's? Using the
>> current documentation password management can be configured for one OU and
>> it works. but like the authentication there is an option LDAP
How to set a LDAP password management for 2 different OU's? Using the
current documentation password management can be configured for one OU and
it works. but like the authentication there is an option LDAP[0], LDAP[1]
there is no such option for password management. So the authentication
works
How to set a LDAP password management for 2 different OU's? Using the
current documentation password management can be configured for one OU and
it works. but like the authentication there is an option LDAP[0], LDAP[1]
there is no such option for password management. So the authentication
works
I am currently using CAS 5.2.0 and I have few questions regarding Password
reset security questions. Is there a way
1. to force users to configure their custom security questions when the
user login for the 1st time?
2. password change lockout with too many incorrect security quest
Help needed
I am currently using CAS 5.2.0 and I have few questions regarding Password
reset security questions. Is there a way
1. to force users to configure their custom security questions when the
user login for the 1st time?
2. password change lockout with too many incorre
Help needed
I am currently using CAS 5.2.0 and I have few questions regarding Password
reset security questions. Is there a way
1. to force users to configure their custom security questions when the
user login for the 1st time?
2. password change lockout with too many incorre
Hello Everyone,
I am currently using CAS 5.2.0 and I have few questions regarding Password
reset security questions. Is there a way
1. to force users to configure their custom security questions when the
user login for the 1st time?
2. password change lockout with too many incorre
Hello Everyone,
I am currently using CAS 5.2.0 and I have few questions regarding Password
reset security questions. Is there a way
1. to force users to configure their custom security questions when the
user login for the 1st time?
2. password change lockout with too many incorre
Hi Toby I am also having the same problem, zero services are loaded from
the jpa service registry. Did you able to solve it?
On Wednesday, July 19, 2017 at 9:13:40 PM UTC+8, Toby Archer wrote:
>
> yes. any ideas on why it is ignoring my files and what I could do to make
> it not ignore my files?
Hi, Please follow the logs and go through it, it says that you have to set
- set cas.authn.accept.users= to a blank value
- cas.webflow.crypto.signing.key=copy from log
- cas.webflow.crypto.encryption.key= copy from log
- cas.tgc.crypto.signing.key= copy from log
- cas.tgc.crypto.e
Hello everyone,
Help needed. I was trying to add service registry using the JPA. I am
having this error of javax persistence exception hibernate type
serialization Exception couldn't be deserialize. invalid stream Header:
7B0A2020
This is what I have in the cas,properties
cas.serviceRegistry
log, you do realize that you need to take out this line:
>
> cas.authn.samlIdp.authenticationContextClassMappings[0]=urn:oasis:names:tc:SAML:2.0:ac:classes:SomeClassName->mfa-duo
>
> If you don't understand what a setting does, do not add it blindly. Ask.
>
> --Misagh
>
> -
I am new to SAML2 and I was following the documentation and added the
dependency in the pom.xml
org.apereo.cas
cas-server-support-saml-idp
${cas.version}
I also have this in the repositories,
shibboleth-releases
https://build.shibboleth.net/nexus/content/repositories/
>From the ..cas/status/dashboard if I click to *status* it says:
2.MemcachedMonitor: ERROR - No memcached servers available.
Although I have configured memcached which is working properly. I have also
configured the memcached monitoring in the pom.xml
as well as in the cas.properties.
#memc
>From the ..cas/status/dashboard if I click to *status* it says:
2.MemcachedMonitor: ERROR - No memcached servers available.
Although I have configured memcached which is working properly. I have also
configured the memcached monitoring in the pom.xml
as well as in the cas.properties.
#memc
From the ..cas/status/dashboard if I click to *status* it says:
2.MemcachedMonitor: ERROR - No memcached servers available.
Although I have configured memcached which is working properly. I have also
configured the memcached monitoring in the pom.xml
as well as in the cas.properties.
#memc
The service ticket validation failed and in the logs there is an error
which says json parse exception: Unexpected character (I) at position 0.
this is the error log :
=
WHO: audit:unknown
WHAT: ST-*
Thanks for the reply and I got it
On Tuesday, December 26, 2017 at 9:07:39 AM UTC+8, casuser wrote:
>
> Hi Ray, thanks for the reply, but there is no "service" parameter in the
> log in URL.
>
> Regards,
>
> FAZLA
>
> On Saturday, December 23, 2017 at 1:4
)?
> A service ticket is only issued if there is a service to log in.
> With https://foo.com/cas/login, no ST,
> https://foo.com/cas/login?service=https://bar.com, there is ST.
>
> Ray
>
> On Thu, 2017-12-21 at 20:38 -0800, casuser wrote:
>
>
>
>
> *How can I
*How can I issue service tickets in CAS 5.2.0. I am using memcached for
storing the tickets. in the logs CAS is issuing the TGT but there is no ST.
this is how it looks like in the log:*
2017-12-22 09:40:47,618 DEBUG
[org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] -
2017
*How can I issue service tickets in CAS 5.2.0. I am using memcached for
storing the tickets. in the logs CAS is issuing the TGT but there is no ST.
this is how it looks like in the log:*
2017-12-22 09:40:47,618 DEBUG
[org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] -
2017
cember 14, 2017 at 5:50:59 AM UTC+1, casuser wrote:
>>
>> There is a load balancer in between the user and the CAS . The load
>> balancer will check allow the SSL certificate. But from the load balancer
>> to the CAS the connection will be HTTP.
>>
>> How to con
>
> On Mon, Dec 18, 2017 at 9:58 AM, casuser > wrote:
>
>>
>>
>> *This is my cas.properties, *# cas.tgc.path=
>> cas.tgc.maxAge=-1
>> # cas.tgc.domain=
>>
>> cas.tgc.signingKey=*
*This is my cas.properties, *# cas.tgc.path=
cas.tgc.maxAge=-1
# cas.tgc.domain=
cas.tgc.signingKey=***
cas.tgc.name=TGC
cas.tgc.encryptionKey=**
guessing in your case if you change these to your load balancer that will
> help things a little bit.
>
>
>
> Doug
>
>
>
> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org
> ] *On Behalf Of *casuser
> *Sent:* Thursday, December 14, 2017 5:14 PM
> *To:*
+8, leleuj wrote:
>
> Hi,
>
> I would try: cas.server.httpProxy.secure=true
> Thanks.
> Best regards,
> Jérôme
>
>
> On Thu, Dec 14, 2017 at 1:46 AM, casuser > wrote:
>
>> How to remove the warning "Non-secure Connection" from the log in page?
&g
ettings for the
> location in Nginx
>
>
>
> proxy_set_header Host $host;
>
> proxy_set_header X-Forwarded-Proto $scheme;
>
>
>
> I wonder if you need to try something similar in your setup.
>
>
>
> Doug
>
>
>
> *From:
wrote:
>
> I strongly recommend to not use the approach you try to configure.
> Connection between the LB and CAS Servers should be encrypted as well.
>
>
> Am 14.12.2017 um 08:13 schrieb casuser >:
>
> Thank you Cristina,
>
> Actually what I meant was lets say http
t;
>
> Edit cas.properties and add the following lines:
>
>
>
> # configure CAS to only listen for non-SSL traffic on port 8080
>
> server.port=8080
>
> server.ssl.enabled=false
>
>
>
> Doug
>
>
>
> *From:* cas-...@apereo.org [mailto:cas-...@ap
UTC+8, Cristina Vlaicu wrote:
>
> Hello,
>
> I had configured https on the application server. I had nothing to
> configure in CAS properties.
>
> Thank you,
> Cristina
>
>
>
> On Dec 14, 2017 6:51 AM, "casuser" >
> wrote:
>
> Ther
There is a load balancer in between the user and the CAS . The load
balancer will check allow the SSL certificate. But from the load balancer
to the CAS the connection will be HTTP.
How to configure cas in that way so that it listen to HTTP?
I have tried this in my cas.properties but didn't so
There is a load balancer in between the user and the CAS server. The load
balancer will check allow the SSL certificate. But from the load balancer
to the CAS server the connection will be HTTP.
How to configure cas server in that way so that it listen to HTTP?
I have tried this in my cas.pro
How to remove the warning "Non-secure Connection" from the log in page? I
want to get rid of it because from the load balancer to the CAS server the
connection will be HTTP.
I have tried the following configurations to remove the warning:
"In the event that you decide to run CAS without any SS
How to remove the warning "Non-secure Connection" from the log in page? I
want to get rid of it because from the load balancer to the CAS server the
connection will be HTTP.
I have tried the following configurations to remove the warning:
"In the event that you decide to run CAS without any S
I have tried the following configurations to remove the warning:
"In the event that you decide to run CAS without any SSL configuration in
the embedded Tomcat container and on a non-secure port yet wish to
customize the connector configuration that is linked to the running port
(i.e. 8080), t
I was working with CAS 5.0.3 and with the current LDAP setting I could have
logged in but remember me wasn't working. I was having an error Unrecognized
field "canonicalizationMode"which was solved in later version according
one answer. So now I have updated to 5.2 but I am getting the follo
; browser?
> There are settings, cas.tgc.maxAge and cas.tgc.rememberMeMaxAge, to tune
> cookie behaviour.
> You may also investigate your browser settings, perhaps it is removing the
> TGC on browser close.
>
> Ray
>
> On Wed, 2017-11-08 at 19:49 -0800, casuser wrote:
>
> ev
every time I logged in it says you,nobody has successfully logged into CAS.
and in the catalina.log the error shows that :
java.lang.IllegalArgumentException:
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException:
Unrecognized field "canonicalizationMode" (class
org.apereo.cas.servi
62 matches
Mail list logo
