Thank's Marvin. I'll check the settings.
2013/6/17 Marvin S. Addison marvin.addi...@gmail.com
Jun 17, 2013 10:43:58 AM org.apache.catalina.tribes.io.**XByteBuffer
append
SEVERE: Discarded the package, invalid header
The above is the only abnormal message I see and it's not related to CAS.
Hi! Marvin.
I mean the message:
Hibernate: insert into TICKETGRANTINGTICKET (NUMBER_OF_TIMES_USED,
CREATION_TIME, EXPIRATION_POLICY, LAST_TIME_USED, PREVIOUS_LAST_TIME_USED,
ticketGrantingTicket_ID, AUTHENTICATION, EXPIRED,
SERVICES_GRANTED_ACCESS_TO, ID) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
On Tue, Jun 18, 2013 at 07:39:53AM +0100, Carlos Lorenzo wrote:
Hi! Marvin.
I mean the message:
Hibernate: insert into TICKETGRANTINGTICKET (NUMBER_OF_TIMES_USED,
CREATION_TIME, EXPIRATION_POLICY, LAST_TIME_USED, PREVIOUS_LAST_TIME_USED,
ticketGrantingTicket_ID, AUTHENTICATION, EXPIRED,
Hi,
Ø How can I check whether the CAS server is able to successfully communicate
with our LDAP server.
If you check logs in cas server you should see if client initiate
communication. Other way, use wireshark to check traffic between client and
server.
Ø Do I have to firstly enable SSL in
Thank you for replying.
I'm having to take a crash course on Shib, CAS, ADFS, and O365. Can you
explain in a little more detail how you configured this to work, and how you
secured it? I have to try to get something running here in the next few days.
Thanks again for your help.
Geoff
I think it would be easier to go with what you have right now and fill in the
gaps. Beyond the links I included, the only way to get more specific would be
(I think) to start posting my configuration files, which may end up being more
confusing if you've gotten used to your current layout and
42. Got it... ;)
I appreciate the help. I'm about to start trying to stand up the shib box this
afternoon. I'll follow the stuff in the two links and see where that gets me.
Do you use two separate servers in production? I'm toying with the idea of
hosting two separate Tomcat instances
We are just about to go live with our O365/Shibboleth/CAS setup... We're
not using ADFS (yet) but hope to go that route in the future. Using
Shibboleth is fine for Web-based applications plus things like Outlook and
mobile devices. As I understand it, it's not going to work for Lync or
some of
We have one Tomcat instance with both Shibboleth and CAS. Not sure if that's
the recommended or the best, but we only have one instance so we aren't playing
with load balancers. Thank $DEITY for that :)
What the flow for us will be:
1) Client goes to O365
2) Client gets redirected to ADFS
3)
We've gone the O365 - ADFS - Shib - CAS route and although it can be a
bit of work to get configured, I think it's the best of both worlds - full
compatibility with Microsoft applications (including all the desktop clients)
through ADFS and compatibility with other Shibboleth institutions
Hi,
I finally got it working, here is what I did:
1. Download and unzip the CAS-server-3.5.1 package on the machine(RHEL6 in
my case).
2. Open CAS-server-3.5.1/cas-server-webapp/pom.xml, and add the following
dependency within dependencies tag in your pom.xml file
3. Build
FWIW, decided to implement (for now) fronting with Apache httpd and
doing about the simplest thing possible: munging the look and feel.
RewriteEngine On
RewriteOptions Inherit
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://servername\.ucdavis\.edu/cas/ [NC]
Sending this to the cas list as well.
From: bounce-29579664-74232...@lists.wisc.edu
[bounce-29579664-74232...@lists.wisc.edu] on behalf of Young III, Russell
Alonzo [ryoung...@ku.edu]
Sent: Tuesday, June 18, 2013 1:51 PM
To: uportal-u...@lists.jasig.org
Subject:
Security hat on. Curious, any technical reason why the current CAS
server (3.5.x) does not appear to use HttpOnly on its CASTGC cookie?
Will it be available/implemented/as an option in 4.0?
(I've seen ways to set the flag in e.g. web.xml; just wondering)
Thanks.
Tom.
--
You are currently
Where do you see that? In the Chrome dev tool I can see that our CAS 3.5.2
installation sends both HttpOnly and Secure. I didn't make any major changes
from the defaults, either.
Best regards,
--
Carlos M. Fernández
Sr. Enterprise Systems Admin
Saint Joseph's University
W: 610-660-1501
M:
On 06/18/2013 02:23 PM, cfern...@sju.edu wrote:
Where do you see that? In the Chrome dev tool I can see that our CAS 3.5.2
installation sends both HttpOnly and Secure. I didn't make any major changes
from the defaults, either.
Don't see the flag set in browsers I've tested (FF, Chrome), and
It's in the Spring configuration for ticketGrantingTicketCookieGenerator. That
bean takes a boolean parameter named cookieSecure. I'll let you guess what
it does.
Best regards,
--
Carlos M. Fernández
Sr. Enterprise Systems Admin
Saint Joseph's University
W: 610-660-1501
M: 215-316-1193
E:
On 06/18/2013 02:52 PM, cfern...@sju.edu wrote:
It's in the Spring configuration for ticketGrantingTicketCookieGenerator.
That bean takes a boolean parameter named cookieSecure. I'll let you guess
what it does.
Right, the p:cookieSecure sets the Secure flag.
The
18 matches
Mail list logo
