Which log file are you looking in?
On Tue, Sep 27, 2011 at 2:19 PM, William Holloway <
william.hollo...@nyumc.org> wrote:
> Greetings all,
>
> We've been using CAS 3.4.2 happily for some time for many apps using CAS2.0
> protocol and for GoogleApps. We've recently had a request from a vendor to
On Thu, Sep 15, 2011 at 12:28 PM, Ourada, John wrote:
> Was reading through the Invalid Login Attempt Throttling and had a couple
> of thoughts.
>
> ** **
>
> Refer to page:
> https://wiki.jasig.org/display/CASUM/Throttling+Login+Attempts
>
> ** **
>
> First, it took me a little to realiz
All CAS does is provide a ticket asserting that someone really is who they
say they are, and respond to subsequent validation requests to access
services. That's the authentication bit (who are you?).
What you're asking about is authorization; when someone is allowed to do
something, what those s
On Tue, Sep 27, 2011 at 2:51 PM, Tillinghast, Andrew P. <
atill...@conncoll.edu> wrote:
> As to what happens when CAS is down that's two fold:
> 1) We use Google API's to allow our web based password change tools to Sync
> our passwords to Google. This allows end users to use devices such as their
CAS unavailable is the default error handling for any error encountered by CAS.
If you have a development instance of CAS you can comment out the
entries in your web.xml and the errors will display onscreen.
Depending on the the nature of the error, particularly jsp errors, the error
will log
Thanks, Aaron.
Sorry. I seem to be having a hard time grasping the big picture.
Let's say that I have 10 separate systems that need SSO. I have a new CAS
server. I have an empty LDAP server.
I, Bradford, oversee the whole system. Sally Smith needs access to System1
and System 5 as an admin.
Hi,
On Sep 27, 2011, at 1:34 PM, Tillinghast, Andrew P. wrote:
>
> My experience is that it's better to create a CAS theme so that the CAS login
> page looks like it's in the page you are coming from i.e. portal page or
> similar. This lets CAS have full control of the flow etc. The iframe met
We have CASified gmail and google apps in production for over a year now. Works
great.
As to what happens when CAS is down that's two fold:
1) We use Google API's to allow our web based password change tools to Sync our
passwords to Google. This allows end users to use devices such as their iPho
> CAS login screen they're presented with an error message saying that "CAS is
> unavailable".
In that case, there should be an underlying cause logged to the CAS
application log, which is placed in the current working directory by
default. See https://wiki.jasig.org/display/CASUM/Logging for mor
We have a CAS 3.4.8 server configured for ldap against our AD
infrastructure. It allows SSO to our various web applications and to
google apps. On occasion when a user has entered their
username/password at the CAS login screen they're presented with an
error message saying that "CAS is unava
My experience is that it's better to create a CAS theme so that the CAS login
page looks like it's in the page you are coming from i.e. portal page or
similar. This lets CAS have full control of the flow etc. The iframe method can
have problems if you need to throw warnings or errors back to th
If your apps are aware of the roles, who has which roles, and the authorization
rules for each role, then authentication doesn't really have anything to do
with it. The user's ID will be passed along with the CAS ticket, and the app
can look it up from there.
If the app is _not_ aware of role
I have a few web applications that I'm trying to tie in via CAS, but I'm a
little confused about the authorization, which I read CAS isn't supposed to
do. Yet, I see something like groups, but don't know what they are.
Anyway, my scenario is pretty common, and is as follows:
We need to restrict a
It would be fantastic if we could put an effective notice on the protocol docs
about the best practice being to use the libraries.
I know someone is barking up the wrong tree when they start asking me 'are you
using CAS1.0 or CAS2.0' questions. I have to convince them not to write code to
the p
We using Terracotta to provide the redundancy for Tomcat. It is a big package
to add, but it is a relatively easy setup and may be something that you find
useful for your other Tomcat apps. Take a look at NAU's presentation.
-John
From: Marvin Addison [mail
thanks
On Tue, Sep 27, 2011 at 2:46 PM, Marvin Addison wrote:
> > so what am i supposed to do?
>
> Specifically, I have no idea. The following error you cited has a
> number of causes:
>
> java.io.EOFException: SSL peer shut down incorrectly
>sun.security.ssl.InputRecord.read(InputRecord
I feel somewhat silly for not thinking of the SRPM in the repos. I am
appropriately chastised and will go back to my corner now :)
We've built mod_auth_cas 1.0.9.1 and installed it; as promised, everything
works just like it should. I've attached the spec file in case anyone else
needs it.
--
> Combining JDBCRealm with any kind of CasAuthentication Valves does not work.
> You'll get an error like this
> LifecycleException: java.lang.IllegalArgumentException: Expected CasRealm
> but got org.apache.catalina.realm.JDBCRealm/1.0
That error sounds familiar. It's entirely possible I made
> so what am i supposed to do?
Specifically, I have no idea. The following error you cited has a
number of causes:
java.io.EOFException: SSL peer shut down incorrectly
sun.security.ssl.InputRecord.read(InputRecord.java:352)
sun.security.ssl.SSLSocketImpl.readRecord(
Google for t
> So... if repcache isn't working and/or isn't worth the headache, what's the
> best way to share the Ticket Registry on a couple of CAS servers?
If I were doing it all over again I'd go with memcached. The
simplicity of the software and integration is very appealing to me
personally, but it may
> So far, the log in authenticates and a ticket is generated.
> The ticket is then sent to the "serviceValidate" process/page and an XML
> response is received.
There's no reason to interact with CAS at that level, particularly for
new users, unless it's purely for academic study. For production
thanks for the reply
so what am i supposed to do?
On Mon, Sep 26, 2011 at 10:49 AM, Klas Wikblad wrote:
> Hello, you have a problem with your ssl certificate. Have you tried to just
> surf into https://localhost:8080/cas/login?
>
> //klas
>
> On Sep 26, 2011, at 09:15 AM, SEBUDANDI ROBERT wrote:
22 matches
Mail list logo