Re: [cas-user] CAS 335: service mismatch between https://blah.com/login?a=whatever and https://blah.com/login**

That Ant pattern does match - otherwise you'd get the This service is not authorized to use CAS' error The problem is that the ticket was issued for the url with the parameters ( https://lib.pepperdine.edu/login?qurl=ezp.1aHR0cDovL3dlYi5sZXhpcy1uZXhpcy5jb20vdW5pdmVyc2U) , but the request to

RE:[cas-user] Specification violation [EJB3 JPA 6.2.1.2] - You have not defined a non-jta-data-source for a RESOURCE_LOCAL enabled persistence context named: CasPersistence

Yup, removing persistence.xml from the distribution's Cas-server-core-3.3.1.jar did the trick. I suspect that JEE5 detected and tried to load persistence.xml independently from the app. I remember that is what drove me to use the Spring approach of naming it myappPersistence.xml in my own

Re: [cas-user] Problem with SPNEGO (Getting NTLM token instead of Kerberos)

Thanks, Dean. Ok, so... looks like most of of our settings line up. I did mean to mention this, though... when I said kinit, etc, were working from the command line I might have been going off half-cocked. Doing: klist -k ...shows my krb5.conf is getting picked up, it sees the keytab file I

Re:[cas-user] Problem with SPNEGO (Getting NTLM token instead of Kerberos)

Bill, When you get this error: kinit(v5): Client not found in Kerberos database while getting initial credentials. for your SPN, your KDC is trying to tell you that it couldnt find your SPN in the Kerberos Database, in this case AD. That tells me that there is something wrong with the AD

Re: [cas-user] Problem with SPNEGO (Getting NTLM token instead of Kerberos)

Dean, No, not trying to do this across domains. Solaris does have a 'domainname' command, however, which in this case returns empty -- maybe that's a problem? Also, the 'hostname' command just returns an unqualified hostname -- also maybe an issue? Still trying to wrap my head around how all

Re: [cas-user] CAS and Two factor authentication

i think 2 factor authentication means, 2-way ssl, that is client certificate verification and ssl. That is mutual authentication, not 2-factor. 2-factor authentication is a means by which a _user_ presents two credentials (e.g. hardware security token and password) instead of just one

[cas-user] problems with QueryDatabaseAuthenticationHandler (jdbc)

Hello, iam using cas-server 3.3.5 and having problems with this handler. My deployerConfigContext.xml looks like ... [...] bean class=org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandlerproperty name=sqlvalueSelect password from cas_usr_data where id=?/value/property property

Re: [cas-user] CAS and Two factor authentication

We implement second-level CAS server which does similar but not exactly 2 factor authentication. http://www.ja-sig.org/wiki/display/CASUM/Second-Level+CAS+Server On Fri, Apr 30, 2010 at 6:37 AM, Mike mike_r...@hotmail.com wrote: Yes, this is the exact requirement for two factor authentication.