Re: [cas-user] [CAS 6.1.X] custom cas.properties not working for JSON services

Glad it helps! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. T

[cas-user] Re: CAS 5.3.7 Issue Pac4J OIDC + SAML2 Delegation

Hi Kyra, After reading your problem and if I am not mistaken, I think your problem is mostly *not related* to https://github.com/apereo/cas/pull/3664 (I will reference it as #3664 ), hence studying the fix from #3664 most likely won't help you. In #3664, the problem occurs when using SAM

[cas-user] Re: JWT token OAuth

Hello, Pretty sure it is not possible without modifying CAS code, The logic for generating OAuth/OpenID Authentication is here: 1. https://github.com/apereo/cas/blob/v6.0.1/support/cas-server-support-oauth-core/src/main/java/org/apereo/cas/ticket/accesstoken/DefaultAccessTokenFactory.java#L43 2.

[cas-user] Re: CAS 5.3.7 Issue Pac4J OIDC + SAML2 Delegation

Hi Kyra, > I'm not sure the problem is the OIDC authentication protocol. The problem could be in any component, so you will need to look into all of them. I suggest it might be OIDC only because of my suspection, I don't actually have solid reason to support myself.. As for the log, The tom

Re: [cas-user] CAS is Federated SSO?

Hi Yan, Our CAS server are concurrently supporting service providers connecting through OAuth, SAML and CAS Protocol, so server is running healthy so CAS do support you to connect to multiple protocol. > I do not see any benefit with all the extra work. >From my own experience, some service pro

[cas-user] Google + API Being Depreated in pac4j library, any plan to update CAS before Google+ shutdown?

Hi CAS team, Reference here: https://github.com/pac4j/pac4j/issues/1228, Google+ API is being depreated. And will be shutdown on *March 7, 2019*. So the Google delegate authentication for CAS will most likely not able to work anymore if not patch before March 7, 2019. pac4j is plan to upgrade

Re: [cas-user] Google + API Being Depreated in pac4j library, any plan to update CAS before Google+ shutdown?

Hi Jérôme > That said, as CAS v5.3.9 and v6.0.2 releases are planned for March 01, 2019, I think we can update them before. That's great if it can be done! > Then, you just need to pull the pac4j-* v3.6.0 dependencies along your current version of CAS (pac4j v3.x is backward compatible). There

[cas-user] Re: Cas upgrade from 5.2.3 to 5.3.7 not returning oauthCode

Hi John, Try setting up CAS in *https* instead of *http*. CAS is not intended to be used in *http* so might lead to issue like the above. If not the above issue, then you might need to also look at your debug log for more inspiration, when the error happen did CAS output an error? How does it

[cas-user] Re: Cas Default language

Hi John, Try this: https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#localization # cas.locale.defaultValue=en See if this works. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1V

Re: [cas-user] Re: Cas Default language

Looking at the source code here: https://github.com/apereo/cas/blob/v5.3.7/webapp/cas-server-webapp-config/src/main/java/org/apereo/cas/config/CasWebAppConfiguration.java#L63 The locale also affected by Cookie, maybe try using an Chrome Incognito or similar browser, so that your previous cookie

[cas-user] Re: Support login facebook with cas 5.3

Please read the CAS documentation and specified which part you have problem: 1. https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#facebook 2. https://apereo.github.io/cas/5.3.x/integration/Delegate-Authentication.html Cheers! - Andy -- - Website: https://apereo.gith

[cas-user] Re: Cas upgrade from 5.2.3 to 5.3.7 not returning oauthCode

Hi John, Sorry that's what I can help, there is not enough information to help solve your question. Maybe other will be able to help you. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions:

[cas-user] Re: Cas Resources Link

Hi, I have a sort of similar use case in my CAS 5, I need to use *${@environment.getProperty('mycompany.home**.url**')}* in my *casLoginView.html*, and my *application.yml* is as follows: *mycompany.home**:* *url**: https://www.example.com* And in my case it works. So I think the use of appl

[cas-user] Re: Cas Resources Link

Hi, Oh I see, so your problem is actually for th:each tag I see that CAS source code also used th:each in here https://github.com/apereo/cas/blob/v6.0.1/webapp/resources/templates/fragments/loginProviders.html#L26 Maybe that will be helpful to you? Also don't worry about the lack of info t

[cas-user] Re: Cas Resources Link

Hi there, Just got some testing done, it seems that either *environment.getPreperties()* *does not support list* or is bugged Because I tested the following (copy from "https://stackoverflow.com/questions/39218966/what-is-null-safe-way-to-convert-array-to-string-using-thymeleaf";): Which shou

[cas-user] Re: Cas Resources Link

Awesome! A bit frustrated that enviornment.getProperties doesn't support list, but your implementation should be ok. Great work. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: ht

[cas-user] Re: CAS-5.3.8 displays cas login page before rediecting to openid provider login screen

Hi John, FYI, the redirect logic is in here: https://github.com/apereo/cas/blob/v6.0.1/webapp/resources/templates/fragments/loginProviders.html#L90 Also if I am not mistaken, the 6.0.1 branch already have this bug fixed, you can see the following for reference: - https://github.com/apereo/cas/

Re: [cas-user] Which ticket repository are you using?

Hi Dave, 1. Hazelcast 2-5. I consider them sensitive information, sorry Dave can't disclose them 6. You might need to the cap the memory or else it will use a large percentage of the memory, and there is more network traffic between the servers then we expected (but ultimate is still stable s

Re: [cas-user] Which ticket repository are you using?

Hi Ramakrishna, > I could see everyone using Hazecast, in my case is Redis a bottleneck? Using hazelcast is for ease of setup and also the fact that I saw many people already using it. I am a believer of "if it ain't broke don't fix it", so unless you actually sees a problem in performance, imo d

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

Cas server is design to only work with https, please change to use https even if you are testing only -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received

Re: [cas-user] Google + API Being Depreated in pac4j library, any plan to update CAS before Google+ shutdown?

Hi all, And today the CAS 5.3.9 is released with the patch applied: https://github.com/apereo/cas/releases/tag/v5.3.9, it time for a patch. Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Co

[cas-user] Attribute resolution: Use one of the attribute to act as principal ID

Hi all, This question is about attribute resolution. Consider that I normally resolve the following principal and attribute: *For most of my services will be this:* === *Principal ID:* id: andy *Attributes:* user_id: 12345678 other_key: other_valu

[cas-user] Re: Attribute resolution: Use one of the attribute to act as principal ID

Nvm, found my answer here: https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-PrincipalId.html#attribute - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7

[cas-user] Re: SAML2.0 integration with CAS 5.1.4

Hi, CAS 5 only works properly using https, please follow the doc and make a self-sign cert for testing. Also, you need to enable and look at the debug log for more information. https://apereo.github.io/cas/5.3.x/installation/Troubleshooting-Guide.html#review-logs Also if possible, try to use 5

Re: [EXTERNAL] Re: [cas-user] CAS 5.x CORS questions

Hi Aaron, > I’m using 3.5.8. Does you mean you are using CAS 3.5.8? If so then you are reading the wrong documentation. https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests is only for 5.2.x, as you can see in the URL. Your best bet is to find the C

[cas-user] Re: CAS SSO with OpenID Connect and CAS protocol

Yup. when you login using either CAS Protocol or OAuth/OpenID protocol it will login the other way too. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You rece

[cas-user] Re: CAS 5.3.x, OpenID Connect, Getting 401 on token request

Hello, Hmm that is very strange, I am still using CAS 5.3.x and POST working fine. I don't think trying for ID-token directly might not be what you want, since ID-token is different than the authentication code flow, so you are testing 2 things here. I do see that your POST is a bit strange,

Re: [cas-user] Re: How to get google attributes in PAC4J

Hello, What version of CAS are you in? If you are in CAS > 5.3.9 (or the latest CAS 6.x), since Pac4j is updated to 3.6.1: You should see that *emails *is no longer there and there is an *email *attribute instead (which is in plain string) So you can get that very easily, no need to decode ha

Re: [cas-user] Duplicate entry for SAML2_ATTRIBUTE_QUERY_TICKETS raised

Hi Roger, attributeQueryProfile is actually needed to connect to some of the SAML sp / idp out there (I forget what and which one) So... If your SAML implementation needs to connect to some external vendor you might need to be a aware that you disabled attributeQueryProfile As of why you

[cas-user] Re: CAS 5.3.6 - java.io.UncheckedIOException: java.io.IOException: Stream closed

Hi Mike, Part of our system is using SAML and our version is also CAS 5.3.x. Haven't seen this issue before tho... Maybe it is ticket related issue? What ticket registry are you using? We are using Hazelcast and it is fine. > running into this every login So now nobody can login and you need t

[cas-user] Hazelcast sepearted group of CAS communicating with either other question

Hi all, I am using CAS 5.3.x, and this problem is about Hazelcast. We have setup 2 groups of CAS in the same local network, the 2 group shouldn't communicates with each other. To make sure the group don't communicate, we use the following configuration. *cas.properties for group one* # Configu

[cas-user] Re: CAS drops named anchors

I am not using the name anchor in my use case, but after some testing: I think that saving the named anchor is not a feature that is implemented for all login methods for CAS. For example, in my website: normal login (username & password) will preserve the name anchor (I have checked that both

[cas-user] Re: CAS 5.1.0 with SAML delegation - Help!

Although I don't have an answer to your problem and I can't really help you most likely, I still want to suggest you try implementing something to see if it works or not. In CAS 5.2.0-RC1 or above, there is a feature called "Attribute Repository Merging" https://apereo.github.io/2017/06/30/520

[cas-user] SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

Hi all, here's my problem: _ Background: Version: CAS 5.2.0-RC2 Topic: SAML 2.0 Problem: When I tried to upgrade from CAS 5.2.0-RC1 to CAS 5.2.0-RC2 (CAS 5.2.0-RC1 works completely fine). I have some error with "scopedTarg

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

ror in my maven and I don't want to & I don't have time to fix them now. For now I will revert back to RC1, as that version have all the essential feature for my project. Thanks again! Andy On Monday, 28 August 2017 18:16:45 UTC+8, Andy Ng wrote:

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

same issue is there, you > will likely need to wait another 3-4 weeks until RC4 and beyond. > > On Tuesday, August 29, 2017 at 6:11:50 AM UTC+4:30, Andy Ng wrote: >> >> Thanks for the reply, Misagh! >> >> Since the release of RC3 is coming, I think I will wait til

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

On Tuesday, 29 August 2017 21:52:55 UTC+8, Andy Ng wrote: > > Oh yeah, you are right, I will diagnose it tmr once I am back at my > office, Thanks! > > On Tuesday, 29 August 2017 19:29:14 UTC+8, Misagh Moayyed wrote: >> >> I'd say it's

[cas-user] Question: what is the maven dependency difference from [CAS 5.2.0-RC3] to [RC2 or below]?

Hi all, Today when I try upgrading from CAS 5.2.0-RC2 to RC3, I was faced with lots of symbols not found error in my custom Java code during the compilation stage. So I go ahead and download a fresh CAS War Maven Overlay 5.2.x (branch) to test out the problem. _

[cas-user] Re: Secure endpoints with LDAP - getting "You are not authorized to be authorized" error

I can't help to solve your problem, but I can help you reduce your scope. In the case of normal login. If you want to trigger the service defined, you need to do this: https:// cas.developer.local/cas/ login?service=

[cas-user] Re: Migrating CAS 4.x to 5.1 - Problem with jdbc attribute mapping

Hi Sebastian, >From dev of CAS, here's is an tutorial on how to set up jdbc in CAS 5.1.x: https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/ Just for more reference, here is my settings: cas.authn.jdbc.query[0].sql=SELECT * FROM test_users WHERE uid=? cas.authn.jdbc.query[0].url=jdbc:my

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

Would like to report that this problem is indeed fixed in RC3, thanks a lot! -Andy On Wednesday, 30 August 2017 10:41:24 UTC+8, Andy Ng wrote: > > Instead of only change the properties from 5.2.0-RC2 to > 5.2.0-RC3-SNAPSHOT, do I still need to do anything? I ask this becasue in >

[cas-user] Re: Rejecting based on attributes

Hi Marcus, If you are using 5.0.x or later , there should be a requiredAttributes field mentioned in the doc "https://apereo.github.io/cas/5.1.x/installation/Configuring-Service-Access-Strategy.html";. You will need to group all your users that need the restriction to the same service, then do

[cas-user] Re: Oauth profile response structure

Looking at the source code, it seems like the default behavior is to put attributes on the attributes parameters, and can't change by settings for now *OAuth20UserProfileControllerController.java* (line:158 ) protected Map writeOutProfileResponse(final AccessToken accessToken) throws IOExc

[cas-user] Re: Migrating CAS 4.x to 5.1 - Problem with jdbc attribute mapping

ot it to work with a little trying. > > First I got confused because the field and attributes names in this > tutorial are the same... > Lack of documentation on cas attributes... > > > Sebastian > > Am Freitag, 15. September 2017 10:50:19 UTC+2 schrieb Andy Ng: >>

[cas-user] CAS 5.2.0-RC3 saml 2.0 response KeyInfo how to configure

Hi all, Version: CAS 5.2.0-RC3 Scope: SAML 2.0 Problem: I am connecting my SAML 2.0 sp using CAS 5.2.0-RC1 without problem, but when I

[cas-user] Re: CAS 5.1.x Custom template. Anyone get this working?

To my recall, there has been a lot of theme related posts in this group. I also tried to make theme works on my project when I work on 5.1.x, which lead to failed. However, when I updated my project to 5.2.0-RC3, I actually make theme works, and here how the folder and file in my project is l

[cas-user] Re: CAS 5.2.0-RC3 saml 2.0 response KeyInfo how to configure

want to export. -Andy On Tuesday, 19 September 2017 17:52:21 UTC+8, Andy Ng wrote: > > Hi all, > > Version: CAS 5.2.0-R

[cas-user] Re: Service registry initialisation using JSON files. Help needed

Hi Didier, Seems like your service registry config location is invalid. In my application.properties I always uses file:/ instead of file:// and it works. Maybe you can tries *cas.serviceRegistry.config.location=file:/etc/cas/json* if not ok, you can also try *cas.serviceRegistry.config.locati

[cas-user] Re: Disable status/monitoring endpoints

You can enable/disable or set sensitivity on different endpoint based on these below: https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#cas-endpoints https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#spring-boot-endpoints I think by default

[cas-user] Re: Global post authentication processing

For orgin, if you don't mind to use 5.2.0-RCx: *Pac4j:* you can see this (https://apereo.github.io/cas/development/installation/Configuration-Properties.html#facebook) You can see that there is a field called [clientName], which actually will let you define the name of your pac4j providers. But

[cas-user] Re: Global post authentication processing

d). However, I probably cannot use the RC > version (policy reasons). Is there any workaround around this? > > On Tuesday, October 10, 2017 at 3:40:05 AM UTC+2, Andy Ng wrote: >> >> For orgin, if you don't mind to use 5.2.0-RCx: >> *Pac4j:* >> you can see this ( >

[cas-user] Re: SSO problems with CAS 5.1.3

Did you configure your properties file to the correct port? You can do so with making a file application.properties in src/main/resources And add these things here: https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#cas-server On Wednesday, 1 November 2017 15:17:27 UTC

[cas-user] Re: CAS 5.1.x Custom template. Anyone get this working?

I have tested Cas 5.2-RCX to be working. Seems like CAS 5.1.x also works. In any case, you can check it yourself. And you don't need to edit all the files, only the necessary one, and let the default handle other files. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitt

[cas-user] Re: Cas 5.1 How to get client's service url.

I also don't know a way to retrive the hostname. However I would like to know what is your use case for the hostname If, for example, you have 3 hosts that need 3 different customized authentication 1) https://i-only-use-saml.example.com 2) https://i-only-use-oauth.example.com 3) https://i-only

[cas-user] Re: Cas 5.1 How to get client's service url.

In that case, I would suggest using a custom template. And make all the username, password parameters to be hidden. Or maybe create a loading ... so user know they are being redirected. Here are how to set up custom template: https://groups.google.com/a/apereo.org/forum/m/#!topic/cas-user/k-yf

[cas-user] Re: Cas 5.1 How to get client's service url.

e service URL Hope this helps you! -Andy On Monday, 27 November 2017 06:50:25 UTC+8, Andy Ng wrote: > > In that case, I would suggest using a custom template. And make all the > username, password parameters to be hidden. Or maybe create a > loading > ... so user know they are bei

[cas-user] Re: CAS with REST API

Pretty sure what you want is this:https://apereo.github.io/cas/5.2.x/protocol/REST-Protocol.html As for safety, since this REST implementation is included as an official features, the safety risk shouldn't be that high, your mileage may vary. Moreover, you can always check the source code yours

[cas-user] Re: How to specify landing page (url) in json file for a service when accessStrategy requiredAttributes results in "Service Access Denied"

Well... If this is a necessary feature and you still haven't come up with a solution, here an idea that might helps you. (I think unauthorizedRedirectUrl is for other use case, hence not working, as you have tested) Any time user have this error "Service access denied due to missing privilege

[cas-user] Clustering nodes between two server have high traffic CAS 5.2.0-RC4

Hi all, *Background:* Today I have deployed our CAS 5 server (5.2.0-RC4) to production, to replace the existing CAS 4, we are using a load balancer with 2 clustering node by Hazelcast. *Problem:* there is a problem of increasing network traffic (a near straight slope) since the next morning of

Re: [cas-user] Clustering nodes between two server have high traffic CAS 5.2.0-RC4

54:53 UTC+8, rbon wrote: > > Andy, > > Have you configured a caching mechanism for the logs? > Do you have your application servers (tomcat) clustered? > CAS 5.x has good session management and does not need to be on a clustered > environment. > > Ray > > On Thu, 20

[cas-user] Re: Cas 5.1.6 to 5.20 JSON Service Theme Parameter Not Working as Expected

I also encounter this problem, working on CAS 5.2.0-RC4 and not worked on CAS 5.2.0, I think the problem lies in this file here: https://github.com/apereo/cas/blob/master/support/cas-server-support-themes/src/main/java/org/apereo/cas/services/web/RegisteredServiceThemeResolver.java On line 134

[cas-user] Re: CAS 5.x - regular expressions

Hi Jeff, Would like to know what exactly you want to catch using regex for the two links? (Maybe give some example?) The first link you provided, when translate to regex only matches something like these: https://my.service.edu, http://my.service.edu/// Which,

[cas-user] Re: SessionMonitor: WARN

Hi Jeff, I just searched the above keyword "is above threshold " in the CAS 5.2.x source code, and found that the parameter that control this is: # cas.monitor.tgt.warn.threshold=10 FYI: https://github.com/apereo/cas/blob/v5.2.0/core/cas-server-core-monitor/src/main/java/org/apereo/cas/monitor/

[cas-user] Re: JSON registered services infos not appearing in the login page!!

Are you directly accessing your site like this: https://www.example.com/cas Instead of giving it a service param https://www.example.com/cas?service=https://www.yourpage.com If you want your website "https://www.example.com/cas"; to have your logo, and not giving a service paramter you might c

[cas-user] Re: User-Interface-Customization

Hi, When I need to read stuff from properties file, I use this: https://stackoverflow.com/questions/21726119/how-to-access-system-properties-in-thymeleaf-template ${@environment.getProperty('myPropertyName')} I use it something like this: See if that fit your needs? - Andy On Tuesday, 6 Fe

Re: [cas-user] Custom Authentication

Good to hear that you make it working! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Co

<    1   2   3   4