I tried to reproduce your problem, but I got a different result than you did
(the URL's did not seem to be mangled). I'll report back tomorrow on my
results in greater detail, but in the meantime could you let me know what
version of CAS you are using? I tested using 3.5.0.
David Ohsie
Software
Thank you, Marvin! The help is much appreciated.
On Wed, Feb 13, 2013 at 3:47 PM, Marvin Addison wrote:
> Here's the root cause:
>
> > org.springframework.ldap.PartialResultException: nested exception is
> > javax.naming.PartialResultException [Root exception is
> > javax.naming.CommunicationEx
Here's the root cause:
> org.springframework.ldap.PartialResultException: nested exception is
> javax.naming.PartialResultException [Root exception is
> javax.naming.CommunicationException: kcc.kirtland.edu:636 [Root exception is
> java.net.SocketException: Connection reset
It's odd to me that un
Hello,
I've been trying to get CAS 3.5.1 working properly with our SSL enabled AD
server. It works off and on when authenticating. Some times it properly
authenticates and passes a user and sometimes it fails. I noticed it works
just fine when not using LDAPS, but I would prefer to not go th
We have similar problem with CAS authenticating with our PeopleSoft
implementation when we want the client to go directly to a page within
PeopleSoft.
We weren't able to get CAS to come back with the service URL or TARGET URL when
the url contained a parameter that was another URL with its own
As it's a fairly simple protocol, so the CAS client is my own code base. I am
building a WSFederation bridge for ADFS that uses CAS for authentication. the
"long urls" are basically federation passive redirects from other ADFS
servers. For example I want to retain this query string and path
wa
>From what I've seen, CAS logout is not presumed to affect the Google Apps
session. I think once Google gets initial authentication it never looks
back. I'd be interested in what you're suggesting. Coming from a LAMP
background, is there a cURL equivalent in Java?
Thanks,
Ed
On Wed, Feb 13, 2013
Is IdP initiated single sign out (i.e., sign out from CAS server, or from a
different SP for that matter) supposed to work with Google Apps? I'm seeing the
user logged out from both CAS and Google if I sign out from Google Apps, but if
I sign out from CAS I'm left logged into Google, even though
> The Machines have identical configuration since test environment is cloned
> from production, I can't figure out what's happening.
> Consider I've done the test with only one user working (me).
> And the error occurs only in logout.
I'm certain the issue is around the use of executors somewhere.
The Machines have identical configuration since test environment is cloned from
production, I can't figure out what's happening.
Consider I've done the test with only one user working (me).
And the error occurs only in logout.
Da: Marvin Addison
A: cas-user@lis
Can you report which CAS client you are using and also post the URL that is
in your browser address bar at the CAS login page or a log of the web server
requests.
"Long" or "complex" URL's should be working without a problem.
david
-Original Message-
From: Robert Ginsburg [mailto:rob...@
If your web service was *only* going to use those attributes for coarse
grained authorization, then you might consider implementing coarse-grained
attribute-driven access control within the CAS server such that only users
with appropriate attributes are able to obtain tickets for authentication
to
I must admit to both being a CAS newbie but I have had a similar problem with
CAS 3.51. I was unable to reliably get CAS to return complex URL's . By that I
mean URLs that had fairly long accompanying URL encoded query strings. I ended
up pushing the original URL in a client side cookie and re
> Can we even revoke these certificates when we are not the issuer?
I don't believe it's technically possible via OCSP, and it would be
unusual for CRL but I believe it's technically possible.
> I was thinking we could because
> all we are doing when we run the openSSL command to revoke a certif
> I don't understand the last example
> "Leveraging Attribute Release for Role Data". Would that allow me not to
> have to specify the users?
Yes. You'd need to release attributes to the service, which are
typically delivered by SAML 1.1. Then you can specify the name of the
attribute that contai
Marvin,
Just one more follow up before I move out to start an implementation. What if
we do not issue the certificates we want to revoke. Will this solution still
work?
Our solution is trying to integrate DoD CAC cards (which contains certs issued
by DoD on the CAC card itself). Can we even re
I'm not sure if you could call the following a best practice (more like a
hack) but this seemed relevant here.
Bristol has a Google domain that supports a mixture of local SSO and direct
Google authentication. As students leave they no longer have access to our
local SSO but can continue to acces
17 matches
Mail list logo
