You need to make sure that the exchange server cert is known to the
cas jvm and visa versa.
Bill
On Thu, Nov 11, 2010 at 9:30 PM, James Winter wrote:
> I'm a little farther, I'm now at the point where I get the
> "HttpContext.Current.User is null" error but I read that they be due to an
> incor
I'm a little farther, I'm now at the point where I get the
"HttpContext.Current.User is null" error but I read that they be due to an
incorrect SSL certificate which our Exchange server has. I set the skip OWA
cert parameter to false, but I don't know if that effects the CAS side of
things.
I
> "We see a few folks with this problem. If the app can't ignore the error,
> they have to get a different provider, Geotrust will NOT make certs without
> this field. However, another company we own Thawte, doesn't do this."
Uh, sounds like they might want to rethink their implementation. Java
Did you follow these instructions?
https://wiki.jasig.org/pages/viewpage.action?pageId=29133913
Bill
On Thu, Nov 11, 2010 at 4:29 PM, James Winter wrote:
> Some background:
> I setup the CAS Client for OWA on a test Exchange 2003 server in IIS 6 and I
> can successfully get to server.domain.loc
Did you customize the messages.properties file? If so you may be missing newer
strings. One of the benefits of the overlay is that it makes it easy for you to
see what files you changed so you can diff against newer versions.
Sent from my iPo
On Nov 11, 2010, at 17:54, Bryan Wooten wrote:
>
Thanks. Now in the debug logs I think I'm seeing the right XML
response from the CAS server.
This appears to be the error I'm getting now:
[Thu Nov 11 14:16:24 2010] [crit] [client IPADDRESS] configuration
error: couldn't check access. No groups file?: /castest/hello.html,
referer:
M
I did actually diff my deployer config with the one in the cas-server-webapp, I
just missed that little change to the userDetailService, so I fell back on
reading the documentation.
I also missed how much the overlay pom had changed between 3.3.2 and 3.4.2.1
Reading the wiki really helped on th
Marvin, hi.
Thanks for the brilliant analysis.
Escalating this with Verisign tech support (who are surprised to be getting
tech support calls for Geotrust... but hey they bought the company):
"We see a few folks with this problem. If the app can't ignore the error, they
have to get a differen
Thanks, this really helped me wrap my head around what I was seeing here!
I got it to work by adding
${fn:escapeXml(attr.value)}
to my
cas-server-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looks like you are using the CAS 1.0 protocol when talking to your CAS
server. You should do one of the following:
1) Use the CAS 2.0 protocol, generally by replacing "validate" with
"serviceValidate" in CASValidateURL (if your CAS server supports i
Did you not copy from the example deployerConfigContext.xml that comes with
the release version you're using?
On Thu, Nov 11, 2010 at 4:42 PM, Bryan Wooten wrote:
> Following these instructions:
> https://wiki.jasig.org/display/CASUM/Configuring
>
>
>
> "org.acegisecurity.userdetails.memory.I
Following these instructions: https://wiki.jasig.org/display/CASUM/Configuring
username=notused,ROLE_ADMIN
I got a Class not found error on
org.acegisecurity.userdetails.memory.InMemoryDaoImpl
So I add the following to my overlay pom
I believe you've hit on a dark corner of the X.509 spec. It's weird
enough I had to confer with a colleague to make sure I remembered
correctly. Some X.509 engines will consult the DN for a component
called serialNumber, and, if defined, assign the serialNumber field of
the certificate to the val
Some background:
I setup the CAS Client for OWA on a test Exchange 2003 server in IIS 6 and I
can successfully get to server.domain.local/coa/auth. I get redirected to
the CAS login, which then redirects me back to
server.domain.local/coa/auth?ticket=ST-XXX-etc which gives me a 404
error.
Am
Hi,
I'm helping Kim Cary install CAS on a Mac OS X SL Apache instance
using mod_auth_cas, and could use a little help. I checked out the
source using:
svn co https://source.jasig.org/cas-clients/mod_auth_cas/trunk/
built via:
apxs -i -c mod_auth_cas.c
The server is running Apache 2.
Thanks, Marvin. Here is the info:
Web Server CERTIFICATE
-
-BEGIN CERTIFICATE-
MIIE+DCCA+CgAwIBAgIDAK/YMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEwMTEwODA1
The second one is the difference between configured the Auth and Validation
Filters in web.xml and just configuring the Validation Filter.
On Thu, Nov 11, 2010 at 10:18 AM, Tian Xue wrote:
> Hi Scott,
>
> Thank you so much for your suggestions. I do know much about the gateway
> features. I wil
Hi Scott,
Thank you so much for your suggestions. I do know much about the gateway
features. I will go through those two options. The second one sounds like I
need to modify the application source codes at the right place. For the gateway
feature, is it totally configuration issue or plus code
> 2010-11-10 12:15:43 ERROR: Exception attempting validate:
> java.io.IOException: unsupported keyword SERIALNUMBER
I would imagine the root cause is the Sun X.509 engine is having
trouble decoding your cert DN. Can you post the PEM-encoded cert and
I'll take a look?
M
--
You are currently sub
> My understanding is that if I select these attributes in the services
> manager, then they should be passed to my client application along with the
> user name
Attributes are only delivered over the SAML 1.1 protocol. You need to
request SAML from the CAS server by using Saml11TicketValidation
> what should be the values of the following configuration properties?
>
> cas.properties
>
> cas.securityContext.serviceProperties.service
> cas.securityContext.casProcessingFilterEntryPoint.loginUrl
> cas.securityContext.ticketValidator.casServerUrlPrefix
You probably want to point to the public
On Thu, Nov 11, 2010 at 6:39 AM, Alexander Mills
wrote:
> Hey
>
> I am looking into CAS clustering or high availability - and was interested
> to learn that clustering/HA in Tomcat is... not an easy task
I've heard things have improved in TC6/7. In any case I would argue
container session clus
22 matches
Mail list logo