RE: [cas-user] Service Manager Wild cards

Bryan, you may want to watch this issue: https://issues.jasig.org/browse/CAS-996 From: Bryan E. Wooten [mailto:bryan.woo...@utah.edu] Sent: Thursday, August 1, 2013 12:29 PM To: cas-user@lists.jasig.org Subject: RE:[cas-user] Service Manager Wild cards Thanks! -Bryan From: Pierce,

Re: [cas-user] service manager application authorization via LDAP

Sono in ferie fino al 23 Agosto. Per ogni necessità scrivere a sist...@unimib.it o aprire un ticket su https://ticketing.si.unimib.it Solo se strettamente necessario , potete contattarmi anche al 334.6626647 o skype pasquale.ficara4. bye -- You are currently subscribed to cas-user@lists.j

RE: [cas-user] service manager application authorization via LDAP

Thanks for catching the typo. I updated the wiki. I am guessing that the version of spring that "spring-security-ldap" depends on is different than what other dependencies in the pom use. (You could check this by running mvn dependency:tree from the command prompt) and so because it doesn't find t

Re: [cas-user] service manager application authorization via LDAP

On Thu, Aug 01, 2013 at 07:21:54PM -0700, Paul B. Henson wrote: > After beating my head against the wall for a while, I figured out that > somehow adding this dependency resulted in multiple versions of some > jars ending up in the war maven created: I managed to work around this by adding expl

[cas-user] service manager application authorization via LDAP

We are testing out CAS; so far I have successfully installed 3.5.2 and configured it to authenticate against our LDAP directory. By updating the sec:user-service configuration to include my username, I am able to access the service management application. However, I would like to configure it

Re: [cas-user] Multiple search base for LDAP

Thanks for your help. I will define two handlers then... On 2 August 2013 12:31, Misagh Moayyed wrote: > As Marvin suggests, either your filter needs to define an attribute that > has a unique value for students/staff [so it fails for other branches of > the subtree]…or you should define two ha

RE: [cas-user] Multiple search base for LDAP

As Marvin suggests, either your filter needs to define an attribute that has a unique value for students/staff [so it fails for other branches of the subtree].or you should define two handlers. The latter configuration is probably simpler to configure. From: Farzan Qureshi [mailto:fqure...@rosm

Re: [cas-user] phpCAS renewAuthentication

On Thu, 1 Aug 2013, Marvin Addison wrote: I recently upgraded an integration test host from phpCAS 1.1.x to 1.3.2 and apparently did not look too closely at the API changes. My old config worked and I moved on, but apparently the way forced authentication works has changed. Formerly I did the fo

Re: [cas-user] Multiple search base for LDAP

Hi Marvin, Thanks for your response. Let me define my scenario. What I want to achieve is as follows: I have couple of user OUs. However I only want users in Staff and Students OUs to be able to log in through CAS Server. I am not sure how to achieve this because currently as I said earlier CAS

[cas-user] Machine to machine access through CAS

We have an java webapp configured with CAS login and would like as a next step to have an easy on-ramp for M2M access to our web service endpoints. Apache is providing "SSLVerifyClient optional" PKI authentication and CAS is setup on JBoss providing the fallback form-based user login. This work

Re: [cas-user] Multiple search base for LDAP

> How I can do a subtree searches? I just reviewed the source and subtree is the default. You can modify the search scope with the scope property of BindLdapAuthenticationHandler. Acceptable values are integers defined in the public constants of http://docs.oracle.com/javase/6/docs/api/javax/namin

RE:[cas-user] Service Manager Wild cards

Thanks! -Bryan From: Pierce, Eric [mailto:epie...@usf.edu] Sent: Thursday, August 01, 2013 11:44 AM To: cas-user@lists.jasig.org Subject: RE:[cas-user] Service Manager Wild cards CAS doesn't have a problem with it, but it may expand more than you want. All of these hostnames would match: http

Re: [cas-user] Multiple search base for LDAP

Thanks for your reply. How I can do a subtree searches? Yes descendent is same but I want to limit search to only to two user OUs that is Staff and Students. Any examples?? Thanks Farzan Qureshi -- Rosmini College Network Administrator & Helpdesk support On 2/08/2013 5:27 AM, "M

[cas-user] phpCAS renewAuthentication

I recently upgraded an integration test host from phpCAS 1.1.x to 1.3.2 and apparently did not look too closely at the API changes. My old config worked and I moved on, but apparently the way forced authentication works has changed. Formerly I did the following: phpCAS::forceAuthentication(true);

RE:[cas-user] Service Manager Wild cards

CAS doesn't have a problem with it, but it may expand more than you want. All of these hostnames would match: https://english.dept.utah.edu/foo https://somehost.math.dept.utah.edu/bar https://ant.expands.the.asterisk.match.anything.dept.utah.edu/ Usin

Re: [cas-user] Demo Site

I am not a curl expert (maybe others can chime in), but this page had some stuff about self-signed certificates: http://curl.haxx.se/docs/sslcerts.html On Tue, Jul 30, 2013 at 10:10 PM, chandrashekar singh < chandrashekar1...@yahoo.com> wrote: > That is working (WAR from the distribution on tomc

Re: [cas-user] Service Manager Wild cards

> We are running CAS 3.4.12 with the JSON file Service Manager. I have a > request to add service like this: https://*.dept.utah.edu/**. I strongly recommend that you use the RegexRegisteredService and go wtih a pattern like the following: ^https://([A-Za-z0-9_-]+\.)+vt\.edu(:\d+)?/.* That cover

Re: [cas-user] Multiple search base for LDAP

> If I want to have two search base that is one for Students and one for > staff, how I can assign search base for two different user base? > > p:searchBase="ou=students,dc=example,dc=com" ??? > p:searchBase="ou=staff,dc=example,dc=com" ??? The way most folks handle this is to specify a searc

Re: [cas-user] attempt more than once

FWIW, I looked at login page timing for our site. completed in <= 10s 88% completed in <= 30s 91% (+3%) completed in <= 60s 92% (+1%) completed in <= 180s 94% (+2%) And it slowly tails off from there; ~5-10 minutes may not be a bad number. :-) I understand the default Tomcat (in my case) session

[cas-user] Service Manager Wild cards

Quick question: We are running CAS 3.4.12 with the JSON file Service Manager. I have a request to add service like this: https://*.dept.utah.edu/**. I am not sure how CAS will react to the first wildcard character. Thoughts? Thanks, Bryan -- You are currently subscribed to cas-user@lists.jas

RE: [cas-user] Multiple search base for LDAP

I think, (and I may be wrong) that you would just need to configure another authentication handler for the second scope. It should try them in turn. Geoff From: Farzan Qureshi [mailto:fqure...@rosmini.school.nz] Sent: Wednesday, July 31, 2013 11:03 PM To: cas-user@lists.jasig.org Subject: [cas-

Re:[cas-user] Service Management Application

Hi David, Commenting the TerminateWebSessionListener in cas-servlet.xml fixed the issue. Thank you very much. - Rakesh -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/

RE: [cas-user] JPATicketRegistry and ServiceTicket Table

Hi, Thanks for your response. That's probably exactly what's happening. I didn't realize it would delete them so quickly. I thought it would hang onto them until the session timeout elapsed. I am able to authenticate to a service. Geoff From: Scott Battaglia [mailto:scott.battag...@gmail.c

RE: [cas-user] Clustering/HA with MSSQL Backend

Hi, I'm sorry. That part about the hostname wasn't really clear. I was referring to the name appended to the tickets. For instance: TGT-1-bS0yrHX0oJcY7aEv99ZyyDcfWdzeqF0o3VQi5cFHQc6KrUpYBc-someHost.someDomain I assume that needs to be the same so that either server will work with the ticket.

Re: [cas-user] Clustering/HA with MSSQL Backend

Hi, This is not exactly what I meant. For the login process, you need to reuse the same web session (to validate the login ticket which is stored in session). In that purpose, you can replicate/share your web session between your CAS servers or use session affinity. I would recommend the second me