[cas-user] Re: CAS 6.0 and Database Authentication

in CAS 5.3.x, if cas.authn.accept.users= is set up correctly, you can't login with default casuser Mellon, so I think probably something is setup wrongly I would say looking at the entire debug log, then search for the WARN or ERROR keyword might give you some idea of what's gone wrong, you n

[cas-user] Re: CAS 6.0 and Database Authentication

Hi Zoran, Ops, the last message was sent on phone and misread your message, my bad. > The problem is... I guess you already go through with this: https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/#build-and-deploy (Which is written for CAS 5.1.x), and figured out you can't find the *C

[cas-user] Re: Where to put the JSON Service Registry?

Hi there, By default, it is configured as your *classpath:/services* cas.serviceRegistry.json.location=classpath:/services, You can see this default by visiting your linked documentation here https://apereo.github.io/cas/6.0.x/services/JSON-Service-Management.html, you can see there is a hyper

[cas-user] Re: Where to put the JSON Service Registry?

Oh nice, didn't know there is a detail tutorial made already, great! -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subs

[cas-user] Re: Start with external configuration in CAS 6.1.x

Hi, Do you want to import this instead: https://mvnrepository.com/artifact/org.apereo.cas/cas-server-core-api-configuration-model I don't find any module named `cas:cas-core-api-configuration-model` which is why this failed. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatr

[cas-user] Re: Start with external configuration in CAS 6.1.x

which is why this failed => which might be why this failed - Andy On Wednesday, 24 July 2019 11:14:15 UTC+8, Andy Ng wrote: > > Hi, > > Do you want to import this instead: > https://mvnrepository.com/artifact/org.apereo.cas/cas-server-core-api-configuration-model > > &

[cas-user] Re: Session count is huge or negative (-9223372036854776000)

Hi Christian, Last time I encounter this is when I deployed a multi-clustered CAS setup using Hazelcast as ticket registry, and the hazelcast was setup incorrectly so ticket aren't able to transfer properly sometime. When I notice the ticketing problem, I also recalled seeing the sessionCount

Re: [cas-user] Force Reauthentication for OAuth Protocol CAS 5.3.x

Hi Justin, I think when you say CAS protocol can use *ssoEnabled *( https://apereo.github.io/cas/5.3.x/installation/Configuring-Service-Access-Strategy.html) to enabled / disabled sso. I have once altered CAS to make OAuth protocol also support ssoEnabled, although it is a big of a hack so I

[cas-user] Re: CAS 5.2.4 Login Page XSS

Hi Frank, have you try this? https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests cas.httpWebRequest.header.xss=true - Andy On Thursday, 1 August 2019 09:04:34 UTC+8, Francisco Laria Saldaña wrote: > > Hi, > > We've got an installation of CAS 5.2.4,

[cas-user] Question about maxAgeDays in CAS JDBC audit

Hi all, I tried to use the maxAgeDays config from CAS JDBC audit but failed in CAS 5.3.x / 6.0.x, which is listed here: https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html#database-audits I use maxAgeDays like this in my cas.yml: url: jdbc:mariadb://example.jdbc.

[cas-user] Re: Question about maxAgeDays in CAS JDBC audit

Hi all, After seraching for a while, seems to me that maxAgeDays wasn't implemented at all in CAS 5 / 6. Anyway, I figure to just copy the ticket cleaner and implement that myself, I copied my implementation here to other can reference :D *Config file* package net.mycompany.cas.audit.cle

[cas-user] Re: CAS SSO with OpenID Connect and CAS protocol

Hi Gandhi, So basically these are the process that would happends when you use both CAS and OpenID one after another 1. User login to CAS (e.g. *https://www.cas-server.com*?service= *https://some.service.com*) 2. User login success 3. When you go back to *https://www.cas-server.com*, you can se

[cas-user] Re: CAS keeps generating RegexRegisteredService-********.json files in CAS/Services folder

Hi John, Seems to me there are already discussion around this issue here: https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/json$20start$20service%7Csort:date/cas-user/yD9WXk3n1K8/FV51DLBjAAAJ See if the suggetion from the discussion can help you disable generting these json file

[cas-user] Re: CAS keeps generating RegexRegisteredService-********.json files in CAS/Services folder

Hi John, On seconds thought, those might be some necessary service for OpenID to use Can you check if the serviceId is something like `https://cas.example .org:8443/cas/oauth2.0/callbackAuthorize`? If so, then you probably don't want to remove those, or else your CAS will most likely have une

[cas-user] Re: CAS keeps generating RegexRegisteredService-********.json files in CAS/Services folder

Hmm very strange, it shouldn't do that, at least it doesn't do that in my CAS deployment. What is the version of CAS that you use? - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://

[cas-user] Re: Login Screen prompted in IE even though user logged-in from chrome using OAuth2

Hi John, I don't think this is related to CAS, it is just normal browser behavior Chrome and IE are using 2 different session, so in most case when logging in to IE, you not be login to Chrome. You can try to login something like Google / Facebook in IE and move to Chrome, even those wouldn't

[cas-user] Re: cas 6.x oauth always returns new token

Hi psv, This behavior you described is by OAuth 2 design, wasn't really CAS doing something weird. For your above step, after your client get the *access_token*, you are *suppose to store it somewhere* (maybe in session or somewhere else), instead of throwing it away and getting a new access_t

[cas-user] CAS configuration options

Hi, Can you try out cas.standalone.configurationDirectory=classpath:/src/resources? Can u try putting it in bootstrap.properties to see if it will works (not good practice, but can test if can work) Also, i know you want multiple spring profiles, but just for debug sake, if you put your confi

Re: [cas-user] CAS configuration options

Hi Nomit, Sorry previous was on my phone so it is hard for me to verified the pathing, *classpath:/src/resources* definitely is incorrect, my bad. The relation is: classpath:/ = src/main/resources So, maybe you can try setting it as: cas.standalone.configurationDirectory=classpath:/ And put y

Re: [cas-user] CAS configuration options

Hello Mine did work but I am using CAS 5.x, I have multiple properties in my CAS projects inside src/main/resources. Maybe is a CAS 6.x bug? - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contribut

[cas-user] Re: CAS Oauth server using with postman with POST

Hi Pablo, Althoguh you current solution works, since you are using Postman, an easier option would be just use the body tag, like so: [image: temp.png] The above would work. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - L

Re: [cas-user] Cas Cookie

Hi all, While I do agree that allowing CAS session after browser close is very much a security vulnerability and would suggest against it, there is indeed a config to allow such thing to happen: https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html#ticket-granting-cooki

[cas-user] Re: [cas-dev] Re: Release Announcement: CAS Security Patches

Hello CAS team, Would like to know, would this vulnerability be posted to https://groups.google.com/a/apereo.org/forum/#!forum/cas-appsec-public as well? It would be hard for my colleagues to keep track of any CAS security vulnerability, if these vulnerability is only posted here & the apereo

[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work

HI Kevin, You *cas.log* error contain one error called java.lang.NullPointerException... ... org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast Searching online come up with this issue: https://jira.apache.org/jira/browse/LANG-1365 What is your docker java version? Java 10? FYI, prett

[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work

Hi Kevin, If you are using the latest Java version, best course of action is to upgrade CAS to latest CAS 6.x version :) (currently is CAS 6.0.x, possible to be CAS 6.1 very soon) CAS 5.3.x is still usable (i.e. not EOF as of today), but it is much better to go with the later version. -- - W

[cas-user] Re: Noob question about{...}

Hello, I also agree this part of the documentation is hard to understand unless you read through the whole doc word by word Let make Hazelcat Ticket Registry as an example: https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#hazelcast-ticket-registry You saw that ther

[cas-user] Re: Noob question about{...}

Hello, > what you mean is that this configuration key is only present in the doc, not in the configuration file Yup. ${configurationKey} is not a working mechanism, *don't put ${configurationKey}.cluster.instanceName in your cas.properties file, instead, put this cas.ticket.registry.hazelca

[cas-user] Suggestion: redirection link to CAS overlay should be added to the deprecated "cas-webapp-docker"

Hi all, This post is a suggestion toward adding redirection link to CAS overlay inside the deprecated "cas-webapp-docker" https://github.com/apereo/cas-webapp-docker Yesterday I want to try out CAS for docker for the first time, and stumble across the deprecated repository https://github.com/

[cas-user] Re: Suggestion: redirection link to CAS overlay should be added to the deprecated "cas-webapp-docker"

Hi Pol, Thanks for you suggestion :) My motive is to use official repository if possible, since my organization kind of stumble about using personal repository unless neccesary... Nevertheless, let me check it out and see how it goes, thanks :D Cheers! - Andy -- - Website: https://apereo.gi

[cas-user] Re: cas-overlay-template 6.1.x deals with thekeystore

Hi, FYI, you can use this command to generate key store > ./gradlew[.bat] createKeystore As seen here: https://github.com/apereo/cas-overlay-template/tree/6.1.x#deployment If the above don't help you, then Is that a CAS 6.1.x problems? Have you try that using other version? Cheers! - Andy --

[cas-user] Re: 6.1.1 JSON error with REST authn after update

Bump, Since I also observed same error while testing JSON white list ( https://apereo.github.io/cas/6.1.x/installation/Whitelist-Authentication.html#json-file) on CAS 6.1.x: > parse error: Cannot deserialize instance of > `java.util.ArrayList` out of VALUE_STRING token; nested exception is

[cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

Hi all, Today I am testing out CAS using MongoDB authentication, and found out a behavior for MongoDB Authentication: > if no attribute was given in cas.authn.mongo.attributes, the authentication will failed by No serialized profile found. Here an example: cas.yml: cas.authn.mongo: host

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

Hi Jérôme Oh nice, thanks for your explanation :) I think we should document that *requirement on attribute* on https://apereo.github.io/cas/6.1.x/installation/MongoDb-Authentication.html Since the authentication experience is differs from other Authentication authenticationMethod, (e.g. JDBCA

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

PR is made: https://github.com/apereo/cas/pull/4404 -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Goo

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

Hi Jérôme, PR was declined because Moayyed considered this behavior as something need to be fixed in pac4j, see this: Since defining attributes is necessary for pac4j to work when using MongoDB Authentication, the attributes properties is necessary here. However, this behavior of requiring att

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

Hi Jérôme, Yes that will be the best. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google

[cas-user] Re: 6.1.1 JSON error with REST authn after update

Hi all, Still don't know how to fix it, but I found something here: In CAS 5.3.14, see here: https://github.com/apereo/cas/blob/v5.3.14/core/cas-server-core-authentication-api/src/main/java/org/apereo/cas/authentication/principal/SimplePrincipal.java#L50 SimplePrincipal attribute is: private Ma

[cas-user] Radius Authentication seems not work if MFA is not enabled on CAS 6.1.x, is that intended?

Hi all, In my quest to test out some CAS authentication, I stumble across *Radius Authentication*: https://apereo.github.io/cas/6.1.x/mfa/RADIUS-Authentication.html and want to try it out. I am using CAS 6.1.x I used freeradius docker varience ( https://hub.docker.com/r/freeradius/freeradius-s

Re: [cas-user] Sample Java Web Application to test the login

Hi Steve, What language of sample web app are you talking about, PHP? Java? Others? As you can see here: https://apereo.github.io/cas/6.1.x/integration/CAS-Clients.html#official-clients Here are many ways to connect to CAS, so it is hard to make suggestion if your target is so board :) Cheers!

Re: [cas-user] Re: configure CAS 6.1 to operate with another application

Hi, Taking a look at the tasks.gradle script: https://github.com/apereo/cas-overlay-template/blob/6.1/gradle/tasks.gradle#L29 you can see the working mechaism of *copyCasConfiguration*: ... task copyCasConfiguration(type: Copy, group: "build", description: "Copy the CAS configuration from th

[cas-user] Re: CAS 6.0.5.1 and RADIUS Auth.

Hi all, Have encounter the same issue with CAS 6.1.x. I have make my CAS to build with Radius Authentication by including the following url for repositoryies: maven { url "https://maven.repository.redhat.com/ga/"; } I am also not very sure if this is an appropriate fix.. but it works for me -

Re: [cas-user] Sample Java Web Application to test the login

Hi Steve, > build sample java web app on tomcat Ah, I see > a typical Java EE security web application. I haven't seen any Java EE security web application on the web, so can't recommend any Java EE security web application example to you. A few suggestions, see if those can help you: - Follow

Re: [cas-user] Re: configure CAS 6.1 to operate with another application

Hi Anthony, > First (of all), i thinks it's better to explain in the readme.md that copyCasConfiguration only copy /cas-overlay-template-version/etc/cas/config into /etc/cas/config to avoid bad interpretation. Secondly why copyCasConfiguration doesn't copy entire folder /cas-overlay-template-ve

Re: [cas-user] Radius Authentication seems not work if MFA is not enabled on CAS 6.1.x, is that intended?

Hi Colin Thanks for the advice! It work after adding `cas:cas-server-support-simple-mfa`. Pretty sure that is a bug lol, see if I can trace it down when free, thanks again. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidel

[cas-user] Re: Issue with Ticket Registry Cleanup (MongoDB - CAS 5.3.12.1

Hi Paul, I have done some investigation on your case, and: I can reproduce your error case using my testing docker with CAS 5.3.x and MongoDB 4 ticket registry, after a single login, I can see the error same as yours occurs. Below are my error log as well:

Re: [cas-user] Attribute Resolution and Merging Radius and LDAP

Hi Colin, I have take a look into your problem, which is using *Radius Authentication a*nd *LDAP *attribute, and LDAP attribute don't come up. I am using CAS 6.1.1 + Freeradius + OpenLDAP as demo, but I think the solution should be applicable to CAS 6.0 and other technology as well. Befor

Re: [cas-user] Hazelcast-Ticket Registry config

>From your error logs seems like you are using 6.2.0-SNAPSHOT version of CAS. SNAPSHOT version is going to break sometimes, so better not relies on it for stability. One suggestion might be to use an latest stable version, something like 6.1.1. Another thing is that for your latest properties f

Re: [cas-user] Re: Issue with Ticket Registry Cleanup (MongoDB - CAS 5.3.12.1

Hi Paul, No problem, We help each other in this group here :) - Although you should try, but upgrading to 5.3.14 probably won't fix you bug, seems like that 5.3.14 is basically the same as 5.3.13 but with an library removed, and 5.3.13 only fix an issue related to YubiKey https://github.com/ap

[cas-user] Re: CAS 6.1 : configure json service management to operate with an http application

Hi Anthony, Your serviceId should return *http *only back to CAS, seems weird it return back *https*. - Are you sure jenkins didn't automatically transform your *http *request into *https*? - You should capture your network tab to check out the network. BTW, Your serviceID seems too loose, I

[cas-user] Re: No principal was found in the response from the CAS server.

Hi Steve, See if disabling `mfa-duo` this helps: https://github.com/cas-projects/cas-sample-java-webapp/issues/14 Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh

Re: [cas-user] Hazelcast-Ticket Registry config

Hi there, Yup no problem, we are all helping each other at this group here :) > it seems to me you need to fix this: 07-Nov-2019 05:57:51.789 WARNING [main] com.hazelcast.instance.HazelcastInstanceFactory.null To David: I tried not fixing this warning and Hazelcast is still working. Although we

[cas-user] Re: Per Service Authentication Handler

Hi Jack, See if this helps: https://apereo.github.io/cas/6.1.x/services/Service-Management.html#registered-services requiredHandlers Set of authentication handler names that must successfully authenticate credentials in order to access the service. If defined, only the selected required handler

[cas-user] Re: CAS Client Compilation Error

Hi Steve, Have not tried building this using jdk11. However, looking at this line here: https://github.com/apereo/java-cas-client/blob/cas-client-3.6.1/pom.xml#L94 It seems the project is built using jdk 8, so I am not sure if it supports jdk 11. - Andy -- - Website: https://apereo.github.i

[cas-user] Re: Building from Gradle on Heroku - where to change the cas properties ?

Hi, I haven't tried Heroku so wasn't the most familar with the structure, but see the following: https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html#by-directory CAS by default will attempt to locate settings and properties inside a given directory indicated under th

[cas-user] Re: Building from Gradle on Heroku - where to change the cas properties ?

Hi, Referring this here: https://apereo.github.io/cas/6.0.x/configuration/Configuration-Management.html#overview I am using this for my testing system, and I just checked it does work, and it can be consumed by CAS: java -server -noverify -Xmx2048M -jar *-Dcas.standalone.configurationDirectory

[cas-user] Re: How to make CAS 6.1 work with Azure AD?

Hi, Your method of declaring the property for azure part would not work, see this: *cas.properties (this would not work)* configurationKey=cas.authn.pac4j.oidc[0].azure ${configurationKey}.id=OUR_ID ${configurationKey}.secret=OUR_SECRET ${configurationKey}.principalAttributeId= .

[cas-user] Re: [CAS 6.1.0-RC6] [CAS MANAGEMENT 6.1.0-RC4] - Application run failed: java.lang.IllegalArgumentException: java.lang.ClassCastException

Hi Nicola, I have tried using CAS 6.1.1 and CAS Management 6.1.0-RC4 in my testing environment, and there are no problem observed during CAS Management start up. I suspect it is some problem related to configuration for JBoss, which I am not familiar with so maybe other can fill it in. Nevert

[cas-user] Re: How to make CAS 6.1 work with Azure AD?

hi, https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties-Common.html#delegated-authentication-settings please try autoredirect=true for your azure config. -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: ht

[cas-user] Re: cas 6.1 with u2f

Hi John, Not familiar with uf2 at all, but I am trying this out in my simulation and I also encountered your bug as well. Something like this: *Caused by: org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'u2fDeviceRepository': Requested bean is

Re: [cas-user] Re: cas 6.1 with u2f

I see, so does that fix your problem? or you must need to use JSON? /Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subsc

[cas-user] Re: How to make CAS 6.1 work with Azure AD?

Hi vallee.romain, Would be the best if you can make it a separate post, since your question seems quite different then the one from OP. Also, would be the best if you can elaborate on your question, what do you mean by "Jasig"? Are you asking 2 question or are those related? Some example given

Re: [cas-user] how to configure cas to load cas.properties from dynamo db

Hi Raheem, Looking thought the source code, it seems that the there are a *NullPointerException *happen https://github.com/apereo/cas/blob/v5.3.10/support/cas-server-support-configuration-cloud-dynamodb/src/main/java/org/apereo/cas/config/DynamoDbCloudConfigBootstrapConfiguration.java#L68 Whic

Re: [cas-user] how to configure cas to load cas.properties from dynamo db

Hi Raheem, Something seems weird about this line: * Invalid property 'spring[cloud][dynamoDb][dynamoDb][preventTableCreationOnStartup]' * I think there should be only one [dynamoDB], and not two. Can you show us your newly updated cas.properties? See it is configured correctly. - Andy -- -

Re: [cas-user] how to configure cas to load cas.properties from dynamo db

Hi Raheem, No need to be sorry, we are learning together :) It is very hard for me to help debug your problem, due to the fact that I don't have AWS account and I am out of credit card for AWS free tier :( Can you help try something, instead of: cas.server.name: htt

Re: [cas-user] how to configure cas to load cas.properties from dynamo db

Hi Raheem, Ok, let try something else. Where are you putting your configuration? inside *cas.properties*? Can you try putting it inside boostrap.properties? 1. Create a file in* src/main/resources/bootstrap.properties* 2. Add your dynamo db config inside it: cas.spring.cloud.dynamodb.credentialA

Re: [cas-user] How to make CAS 6.1 work with Azure AD?

Hi Anmol Budhewar, I think there is some problem with your mail, your mail appear in discussion post what was different from your question. Please go to https://groups.google.com/a/apereo.org/forum/#!forum/cas-user, click "New Topic" and submit your question that way. - Andy -- - Website: ht

Re: [cas-user] How to make CAS 6.1 work with Azure AD?

Hi vallee.romain, No problem on the english, but please make a separate post for your question. Go to https://groups.google.com/a/apereo.org/forum/#!forum/cas-user, click on "New Topic", and write your question. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://git

[cas-user] Re: Redirect to the right service after password reset

Hi lubla, I have looked into the HTML of CAS 6 (if CAS 6 don't have the feature, CAS 5 won't have) of the password reset success page, I don't see any preservation of service, so I guess this part is not implemented... https://github.com/apereo/cas/blob/v6.1.1/webapp/cas-server-webapp-resources

[cas-user] Re: CAS 6.1.1 - Password Management - JDBC - it works only using autocommit=true

Hi Luciano, I encountered this `autocommit need to = true` problem as well when trying out password management today, I am using MySQL as database. Seems like a bug to me. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelin

Re: [cas-user] IAM & SSO

Hi Ram, Although other already answer, still want to charm in with some of my opinion :) > Does CAS support both authentication as well as authorization? Yup, at least the more modern CAS version support authorization. I don't know this is the standard way to do, but judging from the document,

[cas-user] Re: Connect to AD and AZURE

No problem glad it helps! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Communit

Re: [cas-user] Re: SAMLResponse is not base64 encoded

Hi all, I am not familiar with CAS 3, however, I have done some research and tried building CAS 6.1.1 (latest release CAS) with OneLogin PHPSAML, And I found that, CAS 6 can successfully integrate with OneLogin PHPSaml using SAML protocol. No error for CAS 6. So, maybe the lack of base64 enco

[cas-user] Re: Delegated CAS SAML IDP

Hi, Can you try enabled debug log: https://apereo.github.io/cas/5.3.x/installation/Troubleshooting-Guide.html#review-logs And capture more logs for debugging purpose? Also, please be careful when reading the documentation, I see that you are using CAS 5.3.x, but you are viewing CAS 5.2.x docum

[cas-user] Re: Best way to implement Post Authentication actions

Hi Bobby, I have searched around the CAS 6 documentation, seems like there are nothing similar to your use case build in (Althoguh it is still quite possible that such feature exist but I didn't find it). I guess custom implementing might be an feasible idea. If I am customizing to add last us

Re: [cas-user] Re: Delegated CAS SAML IDP

Hi there, Let's try to deduce the problem together! I see you already highlighted the error area around either: - *Signature is not trusted* - *Delegated authentication has failed with client SAML2Client* - *Ignoring the received exception due to a type mismatch* *- 500 server error* Usually th

[cas-user] Re: Best way to implement Post Authentication actions

Hi Bobby, > the *postAuthenticate() *method does not seem to be getting called at all How did you verified that postAuthenticate does not get called? Did you use some logs or you just try executing some post JDBC query and they didn't get called? Have you used the keyword *@Override* to make su

Re: [cas-user] Re: Connect to AD and AZURE

Hi Anmol, Would really appreciate if you can open a new topic instead of replying to an unrelated topic, it would be easier for people to locate your specific question and give answer. I don't have Active Directory setup in my testing environment, so it would be really hard for me to help with

[cas-user] Re: Best way to implement Post Authentication actions

Hi Bobby, See if you can try autocommit=true, as suggeested by this here: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/Kf-dB0b_OuQ If that would helps or not...\ Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List

Re: [cas-user] Re: Delegated CAS SAML IDP

Any change in debug log after you add signResponse=false? - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to

Re: [cas-user] Re: Best way to implement Post Authentication actions

np problem, glad it helps :) -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Commun

[cas-user] Re: How to use ./gradlew getResource for Overlay Customization with CAS 6.1

Hi Carl, The tutorial from https://apereo.github.io/2019/01/07/cas61-gettingstarted-overlay/ seems to be a bit off from the actual implementation. See the actual implementation here https://github.com/apereo/cas-overlay-template/blob/6.1/gradle/tasks.gradle, it seems *suffix cannot be added* f

[cas-user] Re: /login as credential requestor missing login token value

Hi Lain, I have track don't the commit that removed the lt ticket: https://github.com/apereo/cas/commit/ca17b2f39601c503e1a6925951b39bbdffa4c63f it is remove at 4.2.4 -> 4.2.5. Not sure the reason tho, it did seems weird that the documentation and the source code have differs, you might need to

Re: [cas-user] Re: Delegated CAS SAML IDP

Try also add signAssertions=false. And give the error log -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to t

Re: [cas-user] Re: Delegated CAS SAML IDP

Hi Raheem, It seems very likely that there are problem with your SAML metadata... If SAML metadata have problem, there is no config can make the authentication success. Can you double check in your idp, correct sp metadata is imported. And also check in your sp, correct idp metadata is importe

[cas-user] Re: How to use ./gradlew getResource for Overlay Customization with CAS 6.1

glad it helps, also FYI I have submitted a pull request to make suffix also work in the future. https://github.com/apereo/cas-overlay-template/pull/40 if you want suffix to work as well in your current download project, you can add those logic yourself as well. cheers! Andy -- - Website:

[cas-user] Re: (6.0.3) sessionCount has never decrease after logout

Hi, It is a normal behavior for sessionCount to remain the same after user logout. No need to panic :) CAS does not relies on creating and destroying an entire session for verifying whether or not user are login or not. Instead, CAS uses the cookie called *TGC *for SSO verification, you can us

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

Hi Michele, I have setup a surrogate authentication demo in my testing docker environment , I tried both CAS version 6.0.7 and 6.1.2 and the surrogate attribute seems to be working just fine. I don

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

Hi Michele, I see, you are talking about can't receive the *principal *attribute. Kind of busy these days, when free will take a look into it. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributi

[cas-user] Re: CAS 5.2.3 running on tomcat 9 and openjdk11

CAS 5.2.x don't really work well with Java 11. To upgrade to Java 11, you will also need to upgrade CAS version to CAS 6. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh

Re: [cas-user] Re: CAS 5.2.3 running on tomcat 9 and openjdk11

Hi Rao, When we use our CAS 5.3.x and load with Java 11, it didn't even manage to startup... That why we stick to Java 8 for the moment. Don't know why your CAS 5.2.x version work with Java 11 initially, perhaps you didn't use the module that have problem I assumed. In any case, seems like goi

[cas-user] Re: Suppress the GET for /cas/v1/tickets

Hi Raheem, I also encountered this issue on 5.2.x, not sure if this is still an issue on later CAS version, I suspect this issue is fixed on later version since it seems like a spring problem. I used a very ugly method to suppress this message, basically I override the GET method and prevent t

Re: [cas-user] Re: Suppress the GET for /cas/v1/tickets

Hi Raheem, Where did you find the public CAS 5.2.x docker image? In any case, since you are able to create file and put it in the structure, maybe the following will work: == - Put a spring.factories in the following directory: your_project/src/ma

Re: [cas-user] Re: Suppress the GET for /cas/v1/tickets

Hi Raheem, I don't have time today to do a full test, but I suspect the problem exists in the pathing: When using CAS 5.2.x overlay, the structure seems like this: ├── *cas* │ └── src │ └── main │ └── resources │ ├── hbmsu.properties │ ├── services

Re: [cas-user] Need Help Custom authentication CAS SSO 6

Hi Fernando, Have you look into *Rest Authentication*? https://apereo.github.io/cas/6.1.x/installation/Rest-Authentication.html *> encode it and then send it to an external service of mine that is responsible for validating and to obtain the information of the user to my database* What languag

[cas-user] Re: New to thymeleaf

Hi Tushar, I think you will find better result posing your question in thymeleaf forum or other medium (e.g. stackoverflow) Thymeleaf: http://forum.thymeleaf.org/General-Usage-f2234430.html More people with experiences in thymeleaf are in those sites, especially seems your easy-login.html and

Re: [cas-user] CAS and database

Hi, I would highly recommend following https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html and read through it so you get a better idea of how CAS works in generaal. However, if you just want your database to setup and don't want to dive deep, you might follows this

Re: [cas-user] CAS and database

Hi there, If you look at the file here: https://github.com/casinthecloud/cas-pac4j-oauth-demo/blob/master/pom.xml You will see that the repo you use, are using the SNAPSHOT version of 6.2.0-RC1-SNAPSHOT. The SNAPSHOT version doesn't make stability a high priority, so you are better sticking t

[cas-user] Re: Adding cas.properties file to source control

Hi Dustin, What version of CAS are you using? So for source control which source control are you trying to use? I assume you are talking about git since this is the most common source control nowadays. There are document here stating how to do: https://apereo.github.io/cas/6.1.x/configuration/

[cas-user] Re: CAS 6 - Dockerized Deployments on two VMs with ticket registry

Hi Maksim, Pretty sure: cas.ticket.registry.hazelcast.cluster.public-address and cas.ticket.registry.hazelcast.cluster.publicAddress Both works the same, since spring property allows both camelCase and kebak-case. And I did successfully use docker CAS and use Hazelcast as ticketing system

Re: [cas-user] cas5 start up time much longer, development productivity?

Hi Yan, Me too, I also wait a long time during each CAS 5 war deployment. However, actually you don't need to re-deploy the war file everytime you change something, if you just want to change some properties (e.g. Maybe you want to change the scope properties from EMAIL to PROFILE for pac4j go

<    1   2   3   4   >