Re: [cas-user] Policy for OOO List Spam

Marvin S. Addison wrote: > I'd like to propose that we adopt a policy of removing users from the list if > their mail client/system sends OOO spam to the list in response to posts. +1 !!! Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature

Re: [cas-user] CAS Ldap search return 0 results

Marvin S. Addison wrote: > The logs produced by OpenLDAP, for example, are very helpful in > providing insight into problems like these. Especially 'nentries' reports the number of results found for a particular search. Should be nentries=1 for successful logins. You should see a line SRCH with f

Re: [cas-user] CAS Ldap search return 0 results

Juan Quintanilla wrote: > We have CAS using ldap for the backend authentication, we ran into the issue > were for some users when they attempt to login through CAS the log shows that > > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Search for > uid=bbsmith returned 0 results. > >

Re: [cas-user] Problem with lattribute "dn" for openldap

Marvin S. Addison wrote: >> for openldap try using: > > Don't believe this will work since as Michael noted AD doesn't support RFC > 5020. AD does not set attribute 'entryDN'. Instead AD sets attribute 'distinguishedName'. So CAS can retrieve the DN from an attribute in the user's entry but yo

Re: [cas-user] Problem with lattribute "dn" for openldap

Marvin Addison wrote: >> I use AD and map attributes >> >> and all ok. >> >> But when I try to get dn from my ldap I do not see nothing. > > I don't believe AD supports exposing the DN as an attribute. With MS AD the whole DN of the LDAP entry is in the operational attribute 'distinguishedName'

Re: [cas-user] LDAP Attributes and Extended Schema

Jeffrey Simpson wrote: > I did some more digging and noticed that I was using the AD Global Catalog. > This got rid of the org.springframework.ldap.PartialResultException I was > getting earlier but the AD global catalog does not have all of the > attributes. You can also extend the attributes in

Re: [cas-user] CAS 3.4.10, SPNEGO and CASUM

Marvin Addison wrote: >> I now tried with the attached login-webflow.xml. But it does not work (see >> logs excerpts below). > > Looks correct to me. Non-interactive authentication doesn't involve > the new generateLoginTicket action, so it shouldn't be relevant to > SPNEGO or other non-interact

Re:[cas-user] CAS 3.4.10, SPNEGO and CASUM

Michael Ströder wrote: > I'd like to upgrade from 3.4.8 to 3.4.10. My CAS 3.4.8 successfully uses LDAP > and SPNEGO/Kerberos with a customized login-webflow.xml for SPNEGO/Kerberos. > It does not work with 3.4.10 though. > > It seems some configuration items were

[cas-user] CAS 3.4.10, SPNEGO and CASUM

HI! I'd like to upgrade from 3.4.8 to 3.4.10. My CAS 3.4.8 successfully uses LDAP and SPNEGO/Kerberos with a customized login-webflow.xml for SPNEGO/Kerberos. It does not work with 3.4.10 though. It seems some configuration items were dropped from https://wiki.jasig.org/display/CASUM/SPNEGO Espe

Re: [cas-user] CAS with LDAP

acnu wrote: > WHO: [username: srini] > WHAT: [LDAP: error code 49 - Invalid Credentials]; nested exception is > javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid > Credentials] This simply says the combination of bind-DN and password used in the LDAP bind request is not correct.

Re: [cas-user] Block vacation spam

Scott Battaglia wrote: > We have in the past actively blocked users, and we also apply some filtering > via subject line (this one happens to not change the subject line). So please unsubscribe this e-mail address now. Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.org a

[cas-user] Block vacation spam

HI! Could one of the mailing list admins please block this address from posting to the list? It's very annoying that this out-of-office spam is sent for each posting to the list! Ciao, Michael. Stephanie Nielsen wrote: > Greetings, > > I will be out of the office through 7/25. > For issues re

Re: [cas-user] CAS Best Practice with multiple web application

Scott M. Holodak wrote: > I think that's probably the easiest/most common solution. You have one > authoritative source for usernames & passwords (LDAP or DB). CAS > interfaces with that to service authentication requests. Your individual > web applications use CAS for authentication. Also my s

Re: [cas-user] Security question - Generating cookie manually

William G. Thompson, Jr. wrote: However, this does bring up an interesting question as to what else CAS could do to ensure the TGC is only being used by the user-agent that it was issued for...thinking about hashing some sort of browser finger-printing (ala http://panopticlick.eff.org/). In my

Re: [cas-user] OOO List Spam Weapon

Marvin Addison wrote: > I wanted to share the following weapon against out-of-office spammers > for those of you using Gmail: I wonder why I don't receive vacation messages from list members when posting to other mailing lists. One reason could be that those lists are using GNU Mailman which sets

Re: [cas-user] CAS Pre Built VM

Marvin Addison wrote: > Question remains: would anyone deploy a VM appliance to their > production architecture? As said: Not me! Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see ht

Re: [cas-user] CAS Pre Built VM

Marvin Addison wrote: >> Let me know what can we do to take it forward. > > We need answers from the community about whether they can deploy > VMs/appliances to production environments. For security reasons I wouldn't deploy pre-built VMs in production. >> I have built a simple VM with Ubuntu, T

Re: [cas-user] Ldap Attributes

Juan Carlos Giménez Moncada wrote: > I working with CAS 3.4.6 and it extracts all attributes perfectly, but > some attributes that are generated through an overlay in LDAP can not be > recovered in CAS. > > The ldap search is correct, where the attributes in ldap overlay are not > shown. > > If i

Re: [cas-user] LDAP-based credentials to attribute resolvers

Marvin Addison wrote: > I'd imagine it doesn't send the LDAP query because you have two > resolvers for the UsernamePasswordCredentials type, and you're getting > a short circuit on the first one, which doesn't use LDAP to resolve > the principal: > > class="org.jasig.cas.authentication.principal

Re: [cas-user] LDAP-based credentials to attribute resolvers

Michael Ströder wrote: > Another 3.3-to-3.4-migration question: Viewing the logs I wonder whether this is a real problem? 2011-02-07 19:11:44,011 DEBUG [org.springframework.beans.factory.xml.BeanDefinitionParserDelegate] - Neither XML 'id' nor 'name' specified - us

[cas-user] LDAP-based credentials to attribute resolvers

HI! Another 3.3-to-3.4-migration question: Given a CAS server which is using SPNEGO/Kerberos or a fall-back to LDAP-based authc (username/password) against MS AD. Authc works and now I get the sAMAccountName in case of LDAP-authc and the userPrincipalName in case of SPNEGO/Kerberos as principal n

Re: Fwd: [cas-user] [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service.

Scott Battaglia wrote: > All the logs are saying is that the CAS argument extractor couldn't find > a service parameter. Ok, now after a lot of struggling we managed to get this working again by adding explicit section in pom.xml (see section at the end). This was not necessary in CAS 3.3.5. Th

Re: [cas-user] [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service.

Michael Ströder wrote: > Scott Battaglia wrote: >> Can you give us any hints as to what you're trying to migrate? > > I'm using LDAP and SPNEGO with MS AD. To avoid any migration trouble I've > started over nearly from scratch with a new deployerConfigContext.

Re: [cas-user] SPNEGO and CAS Server on Windows Server 2008

Pavel Tavoda wrote: > Add command line parameter for krb5.conf > location. How is this done? > I will send you privately my config which work on my test setup. Could you please send this to me too? Many thanks in advance. Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.

Re: [cas-user] [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service.

ovides seems to be configured. Attached the log4j.xml. Can I turn on more information there? Ciao, Michael. > 2011/2/2 Michael Ströder <mailto:mich...@stroeder.com>> > > HI! > > I'm trying to do what we've done with CAS 3.3.5 now with CAS 3.4.5. >

[cas-user] [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service.

HI! I'm trying to do what we've done with CAS 3.3.5 now with CAS 3.4.5. Frankly I'm completely lost. The entry page just says "CAS is Unavailable". I tried to turn logging to "TRACE" in src/main/webapp/WEB-INF/classes/log4j.xml But the only message which seems to be something like an error is: [

[cas-user] Recommended/compatible maven versions?

HI! http://maven.apache.org currently lists three different major versions. Which of these versions are compatible and/or recommended for building CAS? 2.0.11, 2.2.1 or 3.0.1? Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe

Re: [cas-user] Deploying on tomcat, openjdk: filter start error

Frank Van Damme wrote: > 2010/9/10 Marvin Addison : >>> Yes, off course. /var/log/tomcat5.5 is owne by the user running tomcat >>> - it's where the other tomcat log files are written. >> >> There's only one further explanation: the CAS application is not >> being deployed. That would explain the

Re: [cas-user] Ldap authorities

David Hawes wrote: > On 9/1/10 1:47 PM, Michael Ströder wrote: >> David Hawes wrote: >>> On 8/30/10 12:45 PM, Daniel Bower wrote: >>>> You are correct, the directory structure does not follow that >>>> particular convention. >>>> >>>&g

Re: [cas-user] Ldap authorities

David Hawes wrote: > On 8/30/10 12:45 PM, Daniel Bower wrote: >> You are correct, the directory structure does not follow that >> particular convention. >> >> I'm guessing that whatever tool you use to manage users in ldap would >> also have to ensure that data stays synched between the two trees,

Re: [cas-user] Issue setting up CAS 3.4.2.1 with ldaps [SOLVED]

Joel Rosental R. wrote: > I already fixed the problem by reading this thread > http://www.mail-archive.com/jxplorer-us...@lists.sourceforge.net/msg00266.html > > At the end, i had to change the TLSCipherSuite line in > my /etc/openldap/slapd.conf of > TLSCipherSuite TLS_RSA_AES_256_CBC_SHA1 > by

Re: [cas-user] 3.3.5.1/ is missing in Maven repository

Scott Battaglia wrote: > The original announcement said due to the new repository switch, we > can't post those artifacts. I'm not familiar with maven and I don't want to just blame the volunteers doing the work with CAS. But looking at it from an operational point of view it's a very unfortunate

Re: [cas-user] LDAP Password Policy module problems

Eric Pierce wrote: > CAS doesn't use the LDAP authentication module from Spring security, it > uses the Spring LDAP package > (http://static.springsource.org/spring-ldap/docs/1.3.x/apidocs/) which > doesn't support the password policy additions to LDAP - that's why I had > to just look at the error

[cas-user] 3.3.5.1/ is missing in Maven repository

Scott Battaglia wrote: > We've just posted security releases for the CAS Server. They can be > downloaded here: > > * http://www.jasig.org/cas_server_3_4_2_1 > * http://www.jasig.org/cas_server_3_3_5_1 > > In addition, users of CAS 3.4.2 can upgrade to CAS 3.4.2.1 via the Maven > Repository. Du

Re: [cas-user] Urgent: Active Directory - Bind account is being locked

Francisco Estanqueiro wrote: > we're having a problem in our CAS instances. We use Active Directory as > our credential database but our bind account is being randomly locked by > Active Directory, causing CAS to fail. Do you have an automatic lockout after bad password retrys? Then anybody can ea

Re: [cas-user] Script Authentication Handler

WST wrote: > Is there a ready to use os script adaptor for cas available ? I simply want > to run a python script on the operating system, to do all the checking of > uid/pw and network adresses and return the results to cas. Even though I'm a Python programmer myself I'd strongly recommend to wri

Re: [cas-user] Attributes from AD, release 3.4.2

Marvin Addison wrote: >> I'm not >> getting the attributes mapped in the resultAttributeMapping. > > I see you're searching at the directory root, which in AD generally > contains _many_ referrals. This is a complicated situation for which > most LDAP components do not have an optimal solution.

Re: [cas-user] Problem getting attribute from AD

Marvin Addison wrote: >> But I'm running into an error cause AD referral when we don't get user from >> CN=Users using the baseDN instead. Evry ldap search end in a partial results >> exception. To avoid that, I tried to use a ldaptempate instead of >> contextsource specifying ignorePartialResultEx

Re: [cas-user] [cas-dev] 3.3.5 Spengo Issues

chris_whit...@jbhunt.com wrote: > 2010/02/19 08:52:05 ERROR > org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:152) > [][http-8080-Processor20] > org.xml.sax.SAXParseException: Premature end of file. > org.xml.sax.SAXParseException: Premature end of file. My wild guess would be t

Re: [cas-user] CAS Active Directory Support: SPNEGO doesn't support IE8

Michael Ströder wrote: > Scott Battaglia wrote: >> Not too much commentary on it: >> http://www.ja-sig.org/issues/browse/CAS-826 >> >> Apparently the new library was refactored quite a bit. > > The last time I've built CAS with SPNEGO support in December

Re: [cas-user] CAS Active Directory Support: SPNEGO doesn't support IE8

your midterm plans are? I also wonder what's the relation to the jcifs-ext module. I've checked the SF project site but there is no release of it for quite some time. Wouldn't that also be affected by JCIFS API changes? Ciao, Michael. > Michael Ströder > Scott Battagli

Re: [cas-user] CAS Active Directory Support: SPNEGO doesn't support IE8

works just fine. Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Page content missing - http://www.ja-sig.org/wiki/display/CASUM/Direct+Mapping+AuthenticationManager

Andy Cowling wrote: > Is the "Direct Mapping Authentication Handler" feature supported in CAS > 3.3.1? If so, where might I find some documentation on configuring it? > > We're looking at failing over to AD authentication, for IE8 users. > Rather than try out SPNEGO at the mo, we're looking to au

[cas-user] Problems with SPNEGO/Kerberos with IE 7 and 8

HI! We've set up a CAS instance (3.3.1) over a year ago and tested it thoroughly with MS IE 6 running under Windows 2000 and Firefox running under various Windows versions. It worked just fine with SPNEGO/Kerberos (NTLM is explicitly disabled in CAS config). Now after a general update of the user

Re: [cas-user] unable to lookup for users in cas

Marvin Addison wrote: >> im trying to connect to MS AD using cas ad has MD5 auth >> i have followed the steps given in >> http://www.ja-sig.org/wiki/display/CASUM/LDAP > > I'm not aware that Active Directory supports DIGEST-MD5 > authentication. Yes, it does. > Do you have a reference for that?

Re: [cas-user] CAS and Active Directory Error 49

Ian Strait wrote: > > > value="{cornetto}"/> What document inspired you to enclose the values in {}? This is wrong. Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To un

Re: [cas-user] Active Directory LDAP Considerations for Attribute Release

Marvin Addison wrote: > I believe ignoring referrals is generally the > best practice. Yepp. > Although it is technically possible to follow referrals, there are > practical obstacles in many cases. Two common problems: the user's > credentials are not valid for the target of the referral, the

Re: [cas-user] password cache?

Scott Battaglia wrote: >> On Thu, Sep 17, 2009 at 11:09 AM, javier > > wrote: >> We have been using CAS for a weeks and just noticed that if the user >> changes his password it's able to logging with the new and the old >> password till the tomcat instance where CAS

Re: [cas-user] StartTLS configuration in deployerConfigContext.xml

Stéphanie Lanthier wrote: > Thank you for your advices. Unfortunalety, I didn't succeed to connect > through the 3269 port of the AD. > > Using nmap, I can see that this port is opened on the AD server. > > On another hand, I saw in the CAS User Manual that my "JVM needs to > trust the certificat

Re: [cas-user] Guaranteeing Ticket Uniqueness in CAS 3.2.x

Andrew Feller wrote: > Perhaps we should change the variable from “host.name” to something > like “uniqueTicketId”? I think that approach would be sufficient for most cases. Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe,

Re: [cas-user] Guaranteeing Ticket Uniqueness in CAS 3.2.x

Andrew Feller wrote: > In CAS 3.2.X, there was a change in the Spring configuration such that > the hostname of the server is being included automatically within the > Spring beans used to generate tickets. Hmm, in some environments it might not be acceptable for security reasons that the real hos

[cas-user] Unsubscribe o-o-o spammers

Please, unsubscribe these stupid people who are spamming the mailing list with their out-of-office messages! Ciao, Michael. P.S.: Funny enough my first message containing containing "out-of-office" in the subject was reject by the mailing list server. -- You are currently subscribed to cas-user

Re: [cas-user] Multi-mode CAS

Arnaud Claden wrote: > > I have a little problem with my implementation of CAS. > > I have tested the Active Directory SSO with SPNEGO : it works like a > charm. Are you using Kerberos? If yes, did you turn off NTLM? > I have tested the fallback to LDAP : it works like a charm. > > The problem

Re: [cas-user] Wanted to say thanks and ask Yet Another Question

Scott Battaglia wrote: > We mostly don't recommend a combination or embedded and redirect views > because it just leads to confusion and more difficulty with user education. This is true for one organization. But my customer has also this branding requirement mostly caused by his own customers for

Re: [cas-user] Re cas-user Why are service tickets single use

Anthony R. J. Ball wrote: >> Also, what is "login caching" ? We don't have that anywhere in our >> documentation, and you keep referencing it. > > I admit this came from another site talking about CAS > https://sp.princeton.edu/oit/sdp/cas/Wiki%20Pages/Home.aspx > under Best Practices, though it

Re: [cas-user] Re cas-user Why are service tickets single use

Anthony R. J. Ball wrote: > Well, of course you need the redirect at the beginning because of the > login cookie. It is the repeated redirects after the fact that seem > unnecessary. If you have repeated redirects when accessing the same application then your application server with the CAS clie

Re: [cas-user] Why are service tickets single use?

Anthony R. J. Ball wrote: > It seems somewhat ridiculous to me to have a redirect to CAS, have > CAS redirect a service ticket back to the app, than have the app talk > to CAS in the background to validate the service ticket. Why can't you > just have a base ticket that allows you to just do the

Re: [cas-user] Multilingual forms

ok at the files ./webapp/WEB-INF/classes/messages_*.properties which contain the localized messages and are referenced by name in the .jsp files. Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com -- You are currently subscribed to cas-user@lists.jasig.org as

Re: [cas-user] Multiple JAAS Realms for CAS Authentication Filter

If the requirement is that CAS clients access the CAS server with two different URLs like https://myserver:8181/cas/login?service=x&realm=myrealm https://myserver:8181/cas/login?service=y&realm=myrealm2 then one could also simply set up two CAS server instances with different realm confi

Re: [cas-user] Ldap Service Registry

so I can't answer the last question > > Michael Ströder a écrit : >> 3. Object class 'casService' is STRUCTURAL which seems appropriate at >> first glance. I guess the CAS service entries are also managed by the >> built-in CAS service manager application? Le

Re: [cas-user] Ldap Service Registry

Marteau Christophe wrote: > > For those who are interrested in deploying Ldap Service Registry. Disclaimer: I'm not really familiar with the CAS service registry since up to now I don't deploy it myself but I'm always curious looking at LDAP schema files. ;-) Just looking at the schema for now I

Re: [cas-user] NullPointerException when using multiple LDAP user containers.

Marvin Addison wrote: >> http://www.ja-sig.org/issues/browse/CAS-663 >> >> Not sure in which state this is. Didn't do tests for this myself > > Fix is still unconfirmed, but got a recent report that maybe it's > still broken. I had some doubts when reading http://www.ja-sig.org/issues/browse/CAS

Re: [cas-user] Can't start CAS(3.3.2) with LDAP configuration

Seiichirou Hiraoka wrote: > I try following. > - Fix deployerConfigContext.xml > - Get spring-ldap-1.3.0.RELEASE-all.jar > - Copy above jar file to > /opt/tomcat/webapps/cas-server-webapp-3.3.2/WEB-INF/lib > - Start CAS > -> SUCCESS! Glad it helped. It seems your manually tweaking the WAR file

Re: [cas-user] NullPointerException when using multiple LDAP user containers.

Adam Franco wrote: > I have an Active Directory in which users are stored in multiple > containers. While a single BindLdapAuthenticationHandler with the > searchBase configured to my AD domain root suffices to verify passwords, > I found that I had to configure separate > CredentialsToLDAPAttribut

Re: [cas-user] Can't start CAS(3.3.2) with LDAP configuration

Seiichirou Hiraoka wrote: > > I want to use LDAP server for CAS authentication. > But can't start CAS with LDAP authentication settings. > [..] > + class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> Please read section "AuthenticatedLdapContextSource" and the red box on http

Re: [cas-user] Update 3.1 to 3.3.2 and ldap support

Enrico Bianchi wrote: > > "Michael Ströder" wrote: >> Enrico Bianchi wrote: >>> on the catalina.out Caused by: >>> org.springframework.beans.factory.BeanCreationException: Error >>> creating bean with name >>> 'org.jasig.cas.ada

Re: [cas-user] Update 3.1 to 3.3.2 and ldap support

Enrico Bianchi wrote: > > on the catalina.out Caused by: > org.springframework.beans.factory.BeanCreationException: Error > creating bean with name > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#3c37f4' > defined in ServletContext resource > [/WEB-INF/deployerConfigContext.xml]: Cann

Re: [cas-user] Update 3.1 to 3.3.2 and ldap support

Enrico Bianchi wrote: > 8. I am not sure that ldap is in war. You could check whether the relevant JARs are included simply with: unzip -l cas.war Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access

Re: [cas-user] SSO and Browser Windows Question

Venka Ashtakala wrote: > > I have question about the Single Sign on and how it pertains to browser > sessions. I have noticed the following: > > If I open an IE7 (or IE6) window and login to CAS, then I can access my > CASified applications in the same window via tabs and the CASified > applicat

Re: [cas-user] CAS 3.3.2 + Moodle 1.9.2 + phpCAS 0.5.1-1

Not sure whether that's your problem but any reason why you're using such an old version of phpCAS? Ciao, Michael. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display

Re: [cas-user] CAS3.3.1 and X509/LDAP

Andy Cowling wrote: > Michael Ströder wrote: >> It seems I don't understand your issue. >> [..] >> If you already successfully authenticated the user via X509Check why do >> you present a login form? >> > Our company does not consider this a stro

Re: [cas-user] ldap with cas-server-3.3.2 fails?

Vladimir Shved wrote: > Just replaced the class names before receiving your message and it > worked, without changing any properties. To avoid misunderstandings: If it happens to work without setting the property userDn instead of username then it seems you're simply using anonymous access. This m

Re: [cas-user] CAS3.3.1 and X509/LDAP

It seems I don't understand your issue. Andy Cowling wrote: >4. We use a webflow that first executes the X509Check - and then if > successful, passes the user to the login form. Invalid cert uses > do not see the login form. If you already successfully authenticated the user via X

Re: [cas-user] CAS3.3.1 and X509/LDAP

ugh. Who issues the client certs? If you control the client certs your issuing CA should be the only one trusted CA for the login. Also you can provision parts of the client cert data to the user's LDAP entry. ...etc... Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.

Re: [cas-user] How to configure CAS for case-sensitive userid

Barry Silk wrote: > Can anyone offer advice on how to configure CAS for case-sensitive userids? Why do you want that? It's the opposite of common practice. Note that this is not only a matter of how CAS treats the case of user-IDs. In your case the matching rules applied to the attribute type whi

Re: [cas-user] Internet Explorer and SPNEGO

chris franks wrote: > We're using SPNEGO to front our Shibboleth services and i'm having > problems making IE behave when it doesn't want to do SPNEGO > (incorrectly set up browsers/offsite access). > > IE always seems to revert to "grey box auth" which is something we've > been telling people not

Re: [cas-user] Lotus Domino SSO Support

xuan wrote: > > Looking at ways to integrate Lotus & Quickr in our SSO solution (i.e. > get CAS to 'talk' to the domino server) and found this just published > some weeks ago: > http://www.ja-sig.org/wiki/display/CASST/Lotus+Domino+SSO+Support > Has anyone got any more info about the state of this

[cas-user] Building SVN trunk

HI! I'm trying to build the SVN trunk to test issues CAS-663 and CAS-664. There's a missing dependency (see below). Do I have to manually install it or is there a automatic way of installing the jradius stuff? Ciao, Michael. Missing: -- 1) net.sf.jradius:jradius:jar:20060406 Try dow

Re: [cas-user] CAS to read diplayName attribute in the LDAP for password while authenticating

Rahul Chaturvedi wrote: > But, in our application we have all our passwords stored in another LDAP > attribute named as "displayName". Ouch! Why are you doing this? This is very bad practice! The standard attribute 'displayName' has a very specific semantics. You should at least use a custom attri

Re: [cas-user] MD5 Passwords in LDAP

schneisc wrote: > I've been trying to get CAS to authenticate with LDAP (Tivoli Directory > Server) and am having trouble using anything but plain text for the > password Where plain text? Are you familiar with the different LDAP bind methods? Regarding CAS server the passwords have to be added to

cas-user@lists.jasig.org

Michael Ströder wrote: > Scott Battaglia wrote: >> Oh wow, my apologies! I completely messed that up. We added it to the >> authentication handlers and it passes it down to the correct Spring LDAP >> stuff. I'll need to do the same for the CredentialsToPrincipalReso

cas-user@lists.jasig.org

Scott Battaglia wrote: > Oh wow, my apologies! I completely messed that up. We added it to the > authentication handlers and it passes it down to the correct Spring LDAP > stuff. I'll need to do the same for the CredentialsToPrincipalResolver > then. Can someone open a JIRA issue for this? I th

cas-user@lists.jasig.org

Johan Reinalda wrote: > > Looks like the ticket is still waiting final resolution & testing. I feel guilty for not testing in the mean time... > I can help here, if I can get some pointers on how to get the 3.3.2 code > downloaded ? Is it possible to just build 3.2.2-SNAPSHOT with maven by chan

cas-user@lists.jasig.org

Johan Reinalda wrote: > > I just did another clean copy, (mvn clean/mvn package) and let the war > be installed again: > Now I have: > > # pwd > /usr/local/apache-tomcat-6.0.18/webapps/cas/WEB-INF/lib > [r...@sso-test lib]# ls -la | grep ldap > -rw-r--r-- 1 root root 32670 Feb 10 17:07 > cas-se

Re: [cas-user] How to Authenticate depending on attribute values?? Please help

Ashima wrote: > I am using BindLdapAuthenticationHandler for authentication. I am > extracting additional attributes using 'attributeRepository' as > follows:- > > > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > > >

cas-user@lists.jasig.org

Johan Reinalda wrote: > To follow up, I just discovered that if I set the searchBase = > "ou=Department,dc=x,dc=y,dc=z" > things work. That is to say, the ldap query result doesn't cause an > exception, gets the result, then asks for the attributes, and they are > returned. Yes, since there are no

Re: [cas-user] phpcas

apparao gsp wrote: > > I am a php developer , I dont know good knowledge of java , ofcourse I > Know little bit java, > > I was successfully configured java, cas-server in tomcat, and > > I am using fedora-8, > > In my cas-server browser I got this url now how to use this session id in > php

Re: [cas-user] How to use custom login page instead of CAS login page?

Nathan Kopp wrote: > > To accomplish this, we use a technique where the login form is served by > the client web site and simply posts the username and password directly > to the CAS server along with the “service” parameter. Hmm, one should think about some security implications of such an appro

Re: [cas-user] server dought

apparao gsp wrote: > phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); This should be the fully-qualified domain name (FQDN) used to access the CAS server instance. It has to match what's written in the server's cert as FQDN.

Re: [cas-user] CAS + Kerberos integration / LDAP fallback

sol myr wrote: > You mentioned Kerberos with *fallback* to LDAP, which sounds great. > Could I please ask whether there's built-in CAS support for this? > Or did you implement it yourself? Just configuration of CAS 3.2+. Make yourself familiar with the state descriptions in login-webflow.xml. The

Re: [cas-user] cas 3.3.1 server setting

zhang li wrote: > org.springframework.ldap.AuthenticationException: [LDAP: error code 32 - > No Such Object]; nested exception is > javax.naming.AuthenticationException: [LDAP: error code 32 - No Such > Object] Check the property searchBase in deployerConfigContext.xml. The above error code indica

Re: [cas-user] CAS + Kerberos integration ?

sol myr wrote: > > Sorry for being vague - we'd like the client to obtain a Kerberos > ticket, use it to log into the SSO server, which would validate the > Kerberos ticket and then allow the client to access the business > application. > > When the SSO server is specifically CAS, it feels like l

Re: [cas-user] translating CAS logging messages

Scott Battaglia wrote: > Thanks to everyone who has contributed log translations so far. We have > the following locales: en, cs, es, fr, it, sv, zh. If anyone can > translate into any additional languages, that would be greatly > appreciated. We'll accept any language! Find attached an attempt