We have a backup CAS host at a distant campus. The idea is that if we lose the
main datacenter, that host can be brought online by swinging the DNS entry to
point to the backup CAS host. Pretty simple!
However, we find that JVM have an insane approach to DNS cache timeout -- they
ignore the TTL
On Sep 5, 2011, at 12:55 PM, Scott Battaglia wrote:
Ultimately, the HA section may need to get more vague/generic as it gets above
the Tomcat layer (i.e. we can't describe every load balancer scenario in
explicit detail, nor can we tell you if Apache makes sense in your
environment). We should
custom JSP.
On Thu, Sep 1, 2011 at 12:38 PM, Cary, Kim
mailto:kim.c...@pepperdine.edu>> wrote:
Going a little nuts here. We have a working EZProxy integration with CAS. We're
trying to do authorization based on attributes that are returned by CAS, but
EZProxy is only sending us /serv
Going a little nuts here. We have a working EZProxy integration with CAS. We're
trying to do authorization based on attributes that are returned by CAS, but
EZProxy is only sending us /serviceValidate ticket checks.
The OCLC support folks are saying that we just don't know how to configure our
CAS server 3.4.2.1 is generating the error below from time to time. This is for
a .Net clearpass app. Presumably, by the time of callback, the USER credentials
are good. So, whose credentials are bad here?
Begin forwarded message:
TicketException generating ticket for: [callbackUrl:
https://em
This app is of interest to me, as well. I could see many folks taking
advantage, particularly in .edu.
On May 5, 2011, at 11:08 AM, Joachim Fritschi wrote:
> Am 05.05.2011 13:01, schrieb Matt Elson:
>
>> I basically just want to find the best way to get it out there to help
>> anyone out in the
I shall be there.
On May 3, 2011, at 6:47 AM, ejc wrote:
> Just wondering if anyone else in list-land is planning to be at the
> conference. I'll be there and am looking forward to meeting people.
>
> Thanks,
> Eric
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> kim.
Aaron made a passionate and articulate plea for the VM. We have custom code and
I'm not sure how I'd integrate that with a VM. I will say this, it would make
it easier for me to pitch CAS to people outside my school, if I had a VM and
could say, "mount this and give me a call".
On Apr 28, 2011,
Here's the reference:
http://forum.springsource.org/showthread.php?t=56618
I'm not committed to this as the root cause, but would sure like to find
something I can correct.
On Feb 15, 2011, at 6:03 AM, Marvin Addison wrote:
>> Google doesn't have much on this, but one case shows some involveme
te queries?
>
> Thanks,
> Matt
>
>
> ---
> Matthew Selwood
> Programmer Analyst – Web Services
> University of Victoria
> 250.472.5565 | selw...@uvic.ca | CLE C006
>
> On 2/13/11 9:36 PM, "Cary, Kim" wrote:
>
> Our CAS ser
Our CAS service came up unresponsive (connection timed out) after throwing
about 6 of these errors tonite.
Google doesn't have much on this, but one case shows some involvement with c3po
failing to talk to the database. We use inspektr and our audit database hit a
10Gb threshold tonite. Restart
This is our experience with another network fileshare, Xythos, which works via
WebDAV. Our server team hired folks to CAS-ify the WebGUI, but filesystem
access was provided by apache basic auth over SSL. Is that the kind of thing
that you mean, or do you mean that WebGUI operations also asked fo
We've had this happen with bad clients that fail to recognize the ticket in
certain situations, as well, for example:
Browser < I'm here to use your app
Bad CAS Client > You have no session, see the cas server and come back with a
ticket
< Here's my ticket - ST...
> You have no session, see the
INFO
> [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - Ticket found for >
>
> I should be getting a clearPass response, right?
>
> Francisco
>
>
>
> Em 22-11-2010 17:36, Cary, Kim escreveu:
>> Hmm.
>>
>> On Nov 22, 20
Hmm.
On Nov 22, 2010, at 9:28 AM, Francisco Estanqueiro wrote:
> No authentication information provided.
Perhaps add another known good CAS client page to the array like this
('https://casserver/cas/clearPass','https://mywebserver/test/aCasphpPageThatIKnowWorks.php')
If the second page wor
Here is one way:
$services =
array('https://mycasclearpassserver.pepperdine.edu:8443/cas/clearPass');
foreach ( $services as $service ) {
echo 'Response from service '.$service.'';
flush();
// call the service and change the color depending on the result
if ( phpCAS::serviceWeb($service,
Dear CAS users!
Our server folks here are having a hard time using Active Directory groups for
managing permissions in the Confluence Wiki if at the same time it is
CAS-ified. Thus, they have rejected CAS and we now have another place folks
enter their passwords. It seems to me that CAS attribu
Marvin, hi.
Thanks for the brilliant analysis.
Escalating this with Verisign tech support (who are surprised to be getting
tech support calls for Geotrust... but hey they bought the company):
"We see a few folks with this problem. If the app can't ignore the error, they
have to get a differen
Thanks, Marvin. Here is the info:
Web Server CERTIFICATE
-
-BEGIN CERTIFICATE-
MIIE+DCCA+CgAwIBAgIDAK/YMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEwMTEwODA1
Dear CAS user list,
Not a cas problem, but a java (I think) ssl problem. Any thoughts on
troubleshooting this would be helpful. The CAS access for our main cas client
is DOWN!
Last night we put a new cert in https://cas.pepperdine.edu/cas . All the
browsers accepted it, functional test of some
Dear cas users!
Our CAS server gets about 1 requests a day for this URL and loads a page:
x.x.x.15 - - [26/Aug/2010:11:57:10 -0700] "POST
/cas/login?method=POST&service=https://wavenet.pepperdine.edu/psp/paprd89/?cmd=start&renew=true
HTTP/1.1" 200 5111
However about 100 times a day, that re
issue for TGT expiration by adjusting the
cookie timeout to be less than the CAS TGT timeout?
On Aug 5, 2010, at 6:30 PM, Scott Battaglia wrote:
Are any of the tickets getting validated?
On Thu, Aug 5, 2010 at 5:07 PM, Cary, Kim
mailto:kim.c...@pepperdine.edu>> wrote:
Dear All,
This mo
Dear All,
This morning we upgraded to 3.4.2.1 in production. I removed the cas work
director before unpacking the cas.war. Things look really clean on the CAS
server side in cas.log, localhost*log and event the Tomcat valve log.
However, as soon as we did one of our production clients started g
Jeremy,
I do this _on_unix_ by having a single install of my tomcat at CATALINA_HOME
and then using installs of the config for the servers running on two different
ports at CATALINA_BASE. I got this strategy from the O'Reilly book on Tomcat.
It has worked really well for a test environment on t
Hi all,
We have a vendor working with a school here and we're using up our lone saml2
slot in 3.4.2.1 to let them do SAML2 auth for their app.
The vendor test of this feature is still not showing up in our CAS logs (other
than his login POSTs in the access log). I'm just wondering if one of you
Steve,
Didn't see a reply, so hope this helps. These are both security releases, one
for each of the current branches. You need to decide to move up to 342 or stay
on 33 in which case 3.3.5.1 is more logical. No skills on the error, sorry.
KC
On Jul 29, 2010, at 10:12 AM, Steve Cook wrote:
>
Dear Brian,
Any chance you would write up how you did that?
Exchange & IIS & O/S version.
Steps to deploy.
If you can state it from a sysadmin perspective (i.e. no C# developer
assumptions) that would be great but ANYTHING would be helpful.
KC
On Jul 22, 2010, at 5:49 PM, Connor, Brian wrote
Brian,
I'd love to be able to CASify Kronos 5.x behind IIS here. It looks like its a
matter of getting mod_auth_cas working for some test domain/location on that
apache server, then once you've got a working "hello world" page in that
location, you know mod_auth_cas is good to go. Just complete
Ah, exactly. This 'ignore' parameter is required of every AD LDAP connection
setup for it to work properly.
On Jul 7, 2010, at 2:41 AM, Andy Cowling wrote:
> ... which is I guess why we now have the new property in the latest cas:
>
> ignorePartialResultException - This property informs LdapTem
Yes, in the services management tool. Can we fix this issue at that level?
What, make it more specific? The specific URL is odd:
> https://wavenet.pepperdine.edu/psp/paprd89/?cmd=start
On Jul 6, 2010, at 4:42 PM, Scott Battaglia wrote:
>
> On Tue, Jul 6, 2010 at 1:09 PM, Cary, K
> involved here).
>
> Normally CSS files aren't protected OR the level above the CSS is protected
> and the CSS files share in that session (such that they aren't also issued an
> ST)
>
>
> On Tue, Jul 6, 2010 at 12:09 PM, Cary, Kim wrote:
> All,
>
> We got a few
All,
We got a few of these errors over the long weekend:
> ServiceTicket [ST-70772-xxx-pcas] with service
> [https://wavenet.pepperdine.edu/psp/paprd89/css/cas.css does not match
> supplied service [https://wavenet.pepperdine.edu/psp/paprd89/css/cas.css?]
Can anyone confirm tha
This is a very interesting question to us. I'd like to see it work, but for
'filesystem' webdav, e.g. win & mac drive mounting, I think the difficulty is
more on the client computer than on the server (i.e. the client don't know how
to present a forms login or do redirects).
On Jul 1, 2010, at
Wow. Since I'm currently reading this morning to try to improve/expand our
jmeter tests, this is a topic of interest. We're about to put our enterprise
portal behind CAS Jul 1, and we use BB.
How does one make this page 'public'? We're using Tomcat.
Is there any trick to making the stats view wh
un automatically by developers during development and other
> willing testers before releases.
>
> I have created a JIRA issue to gather ideas for this future testing
> framework and how it should integrate into phpCAS.
> https://issues.jasig.org/browse/PHPCAS-66
>
> Thanks,
>
> Jo
Joachim,
Thanks for your development work on phpcas! I would like to help you test new
releases of phpcas. Could you outline for me a test plan? For example, should I
just have a setup with all the phpcas examples working, debug on, and just run
through each of them for each release? Or, is the
e="C#" CodeBehind="Default.aspx.cs"
> Inherits="CasOwa._Default" %>
>
> ===
> Default.aspx.cs
> ===
> ...
> namespace CasOwa
> {
>public partial class _Default : System.Web.UI.Page
>{
> ...
>}
> }
>
>
All right, we've determined we're running in "Integrated Mode".
I believe the web config is correct (attached) - can someone look at it to
verify or suggest another approach to determining the problem?
The error we're getting is:
Server Error in '/coa' Application.
An error occurred during the
llback
>>>>>> Type: CasOwa.CasOwaAuthHandler
>>>>>> Name: DotNetCasProxyCallback
>>>>>>
>>>>>> Http Modules
>>>>>> CasOwa requires one Http Module configuration for the DotNetCasClient.
>>>&
> Type: CasOwa.CasOwaAuthHandler
>>>>>>> Name: CasOwaAuthHandler
>>>>>>>
>>>>>>> DotNetCasProxyCallback Mapping
>>>>>>> Request path: proxyCallback
>>>>>>> Type:
Thanks, Vishal. We're working from that guide.
Unfortunately, steps 4-6 are completely different on IIS 7. If we can get some
help figuring them out, we'll add the IIS7 steps to the docs.
In fact, it looks, from our scratching around that steps 4-6 in that guide
happen automatically in IIS7. T
Gabe,
I would recommend first put up the simple example app from the wiki, just to
verify you have the php library installed correctly (and are talking to CAS
with the right parameters). Just copy paste the example into a new
testwhatever.php file (rather than trying to add the sample code to a
Vishal,
OK, we installed Bill's github code at c:/coa, made virtual directory /coa at
the same level as /owa (or /Exchange)
We converted that directory to an app. All the handler isapi_net.dll mappings
popped up correctly without us doing anything.
However, webmail/coa/auth is giving us 404 (as
We're also trying to work this against IIS 7. We've had to stop for the day and
aren't as far along as you are.
Of course, the thing to make sure is that the CAS _server_ likes your
https://localhost certificate's CA Root. We're working against a commercial
cert on our test webmail server, whi
Battaglia wrote:
> You have two /'s in the second one. Its showing "//"
>
>
> On Thu, May 13, 2010 at 10:17 AM, Cary, Kim wrote:
> Where is the config to change for this error?
>
> org.jasig.cas.client.validation.TicketValidationException:
>
Where is the config to change for this error?
org.jasig.cas.client.validation.TicketValidationException:
ticket 'ST-207-zZE2XkgmpTY0WpbVRgIe-pcas' does not match
supplied service. The original service was
'https://cas.pepperdine.edu:8443/cas/clearPass' and the supplied service
I'm just wondering if you have to POST to get the proper response from
clearpass when you're authenticating to it (i.e. with a proxy ticket).
KC
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http
Hi Scott,
Agenda item:
Getting .Net supported and documented at JASIG.
Do you want me to prepare and send you and Marvin an Elluminate session for
this one?
Kim
On May 4, 2010, at 7:07 AM, Scott Battaglia wrote:
> All,
>
> The next community call will be May 12 @ 12pm Eastern. We've got ou
This is exactly the application we're concerned about... registration. Our
registration portal will be CAS-ified by July 1. How much tomcat memory for
that 1024 thread instance?
On May 3, 2010, at 8:01 PM, Scott Battaglia wrote:
> Rutgers had increased their number of threads to a relatively hi
avg. < 0.5
> for 1 min averages in Cacti; ie. we fully overspecced, but didn't really
> know what to expect before we went live)
>
> Johan
>
> On 5/3/2010 11:29 AM, Cary, Kim wrote:
>> Those of you running CAS on Tomcat, how many threads are allocated to your
>
Those of you running CAS on Tomcat, how many threads are allocated to your CAS
instance?
Looks like default is 150, which is what I've got. Should it be higher? 1 Gb of
memory is allocated for the server.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
Francisco,
I heartily thank you for your efforts. Our server people were insisting on a
'procedure' before they would start; now, I've given them one for Thursday's
working meeting.
KC
On Apr 30, 2010, at 7:53 AM, Francisco Estanqueiro wrote:
> Hi everyone,
>
> just finished the casowa Wiki
Can someone give me some insight into how a service authorization of:
https://lib.pepperdine.edu/login**
doesn't match the service
> https://lib.pepperdine.edu/login?qurl=ezp.1aHR0cDovL3dlYi5sZXhpcy1uZXhpcy5jb20vdW5pdmVyc2U
I know I'm no ant pattern matching expert, but what could I be missing
browser" or "restart/logout when done" message.
>
> Regards,
> John
>
>
> On 4/6/2010 5:10 PM, Cary, Kim wrote:
>> As we're closing in on putting our portal behind CAS, I'd like to re-visit
>> this subject with the list:
>>
>>
As we're closing in on putting our portal behind CAS, I'd like to re-visit this
subject with the list:
What do you do to remind your users to exit their browser on public
computers?
We're thinking of printing some table tents for the labs & public access areas,
or maybe laminated stick
Yes, I've been following your exploits with interest and saving the messages
off to a file. If you put something up on the wiki, I think it would help a lot
of folks. Thanks for the on list question and answers Francisco & Bill.
On Apr 5, 2010, at 11:46 AM, Francisco Estanqueiro wrote:
> Sure,
I tried renewAuthentication as well, and it behaved as you describe... not
helpful.
You can set the CAS server URL (as someone showed me) to have &renew=true
tacked on the end and that will create the desired behavior.
IMO it would be nice to have the renewAuthentication parameter function fo
Is there a separate list for .Net client developers? I thought I saw one the
other day, and I'd like to get our .Net people on it... they're talking like
they want to help with the project.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe,
Scott,
If it would ever be nice to have whiteboard/application sharing, we have a
webex-style service called elluminate that could be used by all conf
participants (provided they have that java thing installed :)
Kim
On Mar 17, 2010, at 9:25 AM, Scott Battaglia wrote:
> Reminder: Community Ca
ification
>
> On Wed, Mar 10, 2010 at 8:09 PM, Cary, Kim wrote:
>> Can anyone help me understand this error message? I have 7000+ of them in my
>> log all of a sudden.
>>
>> org.jasig.cas.util.HttpClient:214
>>
>> javax.net.ssl.SSLHandshakeException:
Can anyone help me understand this error message? I have 7000+ of them in my
log all of a sudden.
org.jasig.cas.util.HttpClient:214
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderExcept
Sorry, no help, but that would be awesome here, too (XenApp).
On Feb 26, 2010, at 6:30 AM, Pieslak, Brian wrote:
> I am rolling out a pilot of Citrix XenDesktop and I am interested in
> including it in our CAS SSO solution.
>
> Has anyone tried this before? Is it possible?
>
> Thanks,
> -Bri
62 matches
Mail list logo