[cas-user] CAS 4.1.2/4.0.7 Releases

CAS Community, CAS versions 4.1.2 [1] and 4.0.7 [2] have been released and should shortly find their way into Maven central repositories, if not already. We encourage you to upgrade and deploy these releases into your own CAS maven overlay environment and provide feedback. Upgrading from a 4.1.

RE: [cas-user] LDAP Backed Services

Sounds like what you are seeing is similar to this bug: https://github.com/Jasig/cas/issues/1288 or at least partially related. Please update the issue and it will be addressed in the next patch release hopefully. --Misagh From: Wickham, Jeremy [mailto:jeremy.wick...@msstate.edu] Sen

RE: [cas-user] cas-mfa with Gmail

I don't think that module supports the SAML2 protocol in CAS. If memory serves me right, it only is functional for applications that go through the CAS protocol and possibly SAML1. --Misagh From: Ian Wat [mailto:i...@bucknell.edu] Sent: Friday, November 20, 2015 10:56 AM To: cas-user@list

RE: [cas-user] Building cas-3.4.12

You'd have to talk to ellucian to get accurate instructions on how to build CAS. The official guide for 4.1 is here: http://jasig.github.io/cas/4.1.x/installation/Maven-Overlay-Installation.h tml From: Darouichi, Aziz [mailto:adaro...@post03.curry.edu] Sent: Thursday, November 19, 2015 9:12

RE: [cas-user] Duplicate log entries

Your logger is likely configured to be additive. Turn that bit off. https://logging.apache.org/log4j/2.x/manual/configuration.html#Additivity > -Original Message- > From: nico...@devels.es [mailto:nico...@devels.es] > Sent: Tuesday, November 17, 2015 5:33 AM > To: cas-user@lists.jasig.or

RE: [cas-user] Problem with CAS 4.1.1 and log4j2

See the requirements here: http://jasig.github.io/cas/4.1.x/planning/Installation-Requirements.html > -Original Message- > From: "Borys Pogoreło" [mailto:bo...@ue.wroc.pl] > Sent: Thursday, November 12, 2015 8:46 AM > To: cas-user@lists.jasig.org > Subject: [cas-user] Problem with CAS 4.1

[cas-user] Internet2 OpenIdConnect/UMA/OAUTH workshop

Internet2 have organized an OpenIdConnect/UMA/OAUTH workshop for software developers in February, and would like to assess the potential interest amongst Apereo projects. The dates are Feb 22-25 in Denver (2 back to back 2 day workshops), and the workshop will be provided by an acknowledged expe

RE: [cas-user] CAS 4.1.1 Google Apps SAML issue

Looks like there is a skewAllowance setting for SAML1 but not for SAML2. Do file an issue please. From: Abhijit Gaikwad [mailto:agaik...@fit.edu] Sent: Monday, November 9, 2015 9:31 AM To: cas-user@lists.jasig.org Subject: [cas-user] CAS 4.1.1 Google Apps SAML issue Hello, We are working

Re: [cas-user] ehcache and Service Ticket Validation fails

--Original Message----- > From: Misagh Moayyed [mailto:mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 9:32 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] ehcache and Service Ticket Validation fails > > Your first ST was issued at 2015-11-03 16:38:05. The validation a

Re: [cas-user] ehcache and Service Ticket Validation fails

I saw the link but it is for other class. And i assumed it so. But why my > duplicated aservice ticket is expired within a second. > ____ > From: Misagh Moayyed [mmoay...@unicon.net] > Sent: Tuesday, November 03, 2015 5:17 PM > To: cas-user@lists

RE: [cas-user] ehcache and Service Ticket Validation fails

Seconds: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/ cache/ehcache/EhCacheFactoryBean.html#setTimeToLive-int- From: Song, Doe-Hyun [mailto:ds...@armada.net] Sent: Tuesday, November 3, 2015 3:06 PM To: cas-user@lists.jasig.org Subject: RE:[cas-user] ehcache an

RE: [cas-user] org.jasig.cas.authentication.handler.DefaultPasswordEncoder

For JDK7, you likely want to review: https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest JDK8: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#MessageDigest From: Patrick Coleman [mailto:patcole...@me.com] Sent:

RE: [cas-user] CAS v4.0.6 is released

0-8381 <mailto:linda.t...@alaska.edu> linda.t...@alaska.edu | <http://www.alaska.edu/oit/> www.alaska.edu/oit/ On Mon, Oct 19, 2015 at 2:23 PM, Misagh Moayyed mailto:mmoay...@unicon.net> > wrote: CAS Community, CAS version 4.0.6 [1] has been released and should shortly make its

RE: [cas-user] Suspicious login tracking

Presently, these exists none though it is on the roadmap somewhere, and it's discussed at length within the context of MFA. > -Original Message- > From: HURTEVENT VINCENT [mailto:vincent.hurtev...@univ-lyon1.fr] > Sent: Friday, October 23, 2015 6:35 AM > To: cas-user@lists.jasig.org > Sub

RE: [cas-user] RE: [cas-user] CAS 4.1.1 and KryoTranscoder ?

> quickly > ... and it crashed. > > I didn't have time to check that I could log in all our proxied apps ... > > > Le Jeudi 22 Octobre 2015 18:01 CEST, Misagh Moayyed > a > écrit: > > > It's probably an issue with PGTs. Can you log into a non-prox

RE: [cas-user] CAS 4.1.1 and KryoTranscoder ?

It's probably an issue with PGTs. Can you log into a non-proxied app? > -Original Message- > From: Vincent Bonamy [mailto:vincent.bon...@univ-rouen.fr] > Sent: Thursday, October 22, 2015 7:04 AM > To: cas-user@lists.jasig.org > Subject: [cas-user] CAS 4.1.1 and KryoTranscoder ? > > Hi All,

RE: [cas-user] Help with RegexRegisteredSevice - CAS 4.1.0

See these please: https://github.com/Jasig/cas/tree/4.1.x/cas-server-webapp/src/main/resources/services There is an issue to update the docs to the new JSON format. From: Dustin Lemp [mailto:dl...@jeffco.edu] Sent: Wednesday, October 21, 2015 9:50 AM To: cas-user@lists.jasig.org Subject: [ca

RE: [cas-user] javax.persistence.TransactionRequiredException on CAS 4.1.1

-r-- 1 tomcat7 tomcat7 259014 sep 22 09:39 > spring-expression-4.1.6.RELEASE.jar > -rw-r--r-- 1 tomcat7 tomcat7 426669 sep 22 09:39 > spring-jdbc-4.1.6.RELEASE.jar > -rw-r--r-- 1 tomcat7 tomcat7 25116 sep 22 09:39 > spring-js-2.4.1.RELEASE.jar > -rw-r--r-- 1 tom

RE: [cas-user] javax.persistence.TransactionRequiredException on CAS 4.1.1

- > From: nico...@devels.es [mailto:nico...@devels.es] > Sent: Wednesday, October 21, 2015 3:12 AM > To: cas-user@lists.jasig.org > Cc: Misagh Moayyed > Subject: RE: [cas-user] javax.persistence.TransactionRequiredException on > CAS > 4.1.1 > > Hi Misagh, >

RE: [cas-user] javax.persistence.TransactionRequiredException on CAS 4.1.1

For ticketing we're using Hazelcast. > > If you need a debug level log I can provide it. > > Thanks. > > Regards. > > [1]: http://jasig.github.io/cas/4.1.x/installation/Service-Management.html > > El 20/10/15 a las 14:50, Misagh Moayyed escribió: > > Mak

RE: [cas-user] Memcache Errors

Yes this will also be included in 4.0.7. Appreciate the feedback. From: benjamin.a...@etsmtl.ca [mailto:benjamin.a...@etsmtl.ca] Sent: Monday, October 19, 2015 9:18 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Memcache Errors Hi, CAS v4.1.1 seems to contain a fix for that issue,

Re: [cas-user] javax.persistence.TransactionRequiredException on CAS 4.1.1

Make sure your config matches the docs, exactly by the letter. For instance, you want your entity manager to be called “entityManagerFactory”, and not “factoryBean”. - Misagh > On Oct 20, 2015, at 4:46 AM, nico...@devels.es wrote: > > Hi, > > We just upgraded to CAS 4.1.1. When saving a serv

[cas-user] CAS v4.1.1 is released

CAS Community, CAS version 4.1.1 [1] has been released and should shortly make its way into Maven central repositories, if not already. We encourage you to integrate this release into your own CAS maven overlay environment and provide feedback. Upgrading from a 4.1.x should be painless. You will f

[cas-user] CAS v4.0.6 is released

CAS Community, CAS version 4.0.6 [1] has been released and should shortly make its way into Maven central repositories, if not already. We encourage you to integrate this release into your own CAS maven overlay environment and provide feedback. Upgrading from a 4.0.x should be painless. You will f

Re: [cas-user] Incorrect header check when importing keys

es it happen, and the result is just the same. > > If you need any additional tests please let me know, we were about to put > this version into production when we detected this issue :-/ > > Thanks. > > Nicolás > > El 13/10/15 a las 15:16, Misagh Moayyed escribió:

Re: [cas-user] Incorrect header check when importing keys

When do you get this error? Do you start from Google Apps or do you directly go to cas/login? Could you capture the Google Apps request and paste that back? - Misagh > On Oct 13, 2015, at 4:39 AM, nico...@devels.es wrote: > > Hi, > > We're running CAS 4.1.0 and we also use Google Apps, so we'

Re: [cas-user] CAS compile errors

Are you trying to develop against the CAS codebase, or are you trying to deploy CAS? If it’s the latter, you want to start from: http://jasig.github.io/cas/4.1.x/installation/Maven-Overlay-Installation.html - Misagh

Re: [cas-user] OCSP support for CAS

> My team has implemented CAS 3.5.1. We have a requirement to enable PKI > functions for our web application authentication (logon process). > 1. Does CAS 3.5.1 support X.509 certificate authentication? If so, I’m > seeking documentation other than from here: > http://jasig.github.io/cas

Re: [cas-user] CAS for SAAS applications

you get to select the authentication strategy on a per-service basis. > > Regards > Prasad, > > From: Misagh Moayyed [mailto:mmoay...@unicon.net > <mailto:mmoay...@unicon.net>] > Sent: Wednesday, September 30, 2015 11:30 AM > To: cas-user@lists.jasig.org <mailto:cas-user@l

Re: [cas-user] Error creating bean contextSource

Seems like you downloaded the entire CAS source, which is the wrong way to go about the installation. See the Maven Overlay Installation docs for more info. - Misagh > On Oct 6, 2015, at 12:33 PM, Skyler Sebastian Lindsey > wrote: > > Hi, > > I was able to resolve my error mess

RE: [cas-user] CAS for SAAS applications

If you are saying "Customer X needs to go to CAS A, while Customer Y needs to go to CAS B", that's something you have to take up with the SAAS application. However, there are no multi-tenant CAS deployments that I am aware of [1]. Sounds like a pretty good use case for docker. [1] There i

RE: [cas-user] logout redirect not use "service" but "TARGET" for .NET application?

I don't follow. Why or how is the .NET client sending your logout requests? From: Zhou, Yan [mailto:yan.x.z...@questdiagnostics.com] Sent: Tuesday, September 29, 2015 7:45 AM To: cas-user@lists.jasig.org Subject: [cas-user] logout redirect not use "service" but "TARGET" for .NET application?

RE: [cas-user] cas 3.5.2 catalina logs

You have an app at https://dcis.hhs.gov/main.php whose certificate is considered invalid, and your CAS has SLO turned on, and CAS is trying to send SLO notifications to the app, and it fails. Reference: http://jasig.github.io/cas/4.1.x/installation/Troubleshooting-Guide.html#p kix-path-buildin

RE: [cas-user] need info on cas validate api response extraction

An "interceptor" in what programming language? If you are writing things in Java, there is the Java CAS client that is able to parse the response. Most other clients do as well. From: Mahantesh Prasad Katti [mailto:mahantesh.ka...@indecomm.net] Sent: Tuesday, September 29, 2015 2:57 AM To: ca

RE: [cas-user] Service authorization by hour range

You are welcome to submit a feature request. It would involve extending DefaultRegisteredServiceAccessStrategy to plug in different values for day/time, and refused access based on system time. From: James Michels [mailto:karma.sometimes.hu...@gmail.com] Sent: Saturday, September 26, 2015 1:3

RE: [cas-user] LDAP Persisted Services Management 4.1.0

Since you are deploying the management app, try with: From: Wickham, Jeremy [mailto:jeremy.wick...@msstate.edu] Sent: Thursday, September 24, 2015 2:21 PM To: cas-user@lists.jasig.org Subject: [cas-user] LDAP Persisted Services Management 4.1.0 I can build the services management weba

RE: [cas-user] CAS 4.1 LDAP Authentication failed with lppe

aef> > 2015-09-24 16:42:23,433 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - I am not certain what I am missing here. It looks like lppe might be expecting something which it is not getting but I can't figure out what. -Abhijit From: Misagh Moayyed [mai

RE: [cas-user] CAS Management Bug?

>> 2015-09-24 16:01:51,245 DEBUG [net.unicon.cas.addons.serviceregistry.ReadWriteJsonServiceRegistryDao] - https://asgrant2.oakland.edu/, name=test2, allowedToProxy=false, enabled=true, ssoEnabled=true, anonymousAccess=false, ignoreAttributes=false, evaluationOrder=0, logoutType=BACK_CHANNEL}&

RE: [cas-user] CAS returns to the main page instead of authenticating

There it goes. I added both the with and without transactions versions (both are original versions, just munged sensitive data). Let me know if you need anything else. Regards, Nicolás. El 23/09/15 a las 17:36, Misagh Moayyed escribió: I think I have managed to diagnose the problem, but even so

RE: [cas-user] CAS 4.1 LDAP Authentication failed with lppe

Assuming you have configured the passwordPolicy configuration of LPPE, your logs suggest that you are not actually and fully authenticating. There should be a full LDAP response in the logs retrieved by CAS. This is likely an issue with your PasswordPolicyControl setting that may not work well with

RE: [cas-user] CAS Management Bug?

It’s definitely not a browser/platform issue. It’s a bug, that I think got fixed much later on. The following would be helpful to better diagnose this: 1. What type of service registry? 2. Do you have DEBUG logs for the management app that would show the first and second attempts

RE: [cas-user] Custom authentication method url

Take a look at AcceptUsersAuthenticationHandler. That should give you an idea of how to plug in settings into a handler. From: SAMUELE RILLI [mailto:samuele.ri...@unicam.it] Sent: Wednesday, September 23, 2015 10:03 AM To: cas-user@lists.jasig.org Subject: [cas-user] Custom authentication met

RE: [cas-user] CAS returns to the main page instead of authenticating

in debugging it, though. Regards, Nicolás. El 23/09/15 a las 16:49, Misagh Moayyed escribió: Yes, those should do it. From: Nicolás [mailto:nico...@devels.es] Sent: Wednesday, September 23, 2015 8:44 AM To: cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> Subject: Re: [cas-user] CA

RE: [cas-user] CAS returns to the main page instead of authenticating

Yes, those should do it. From: Nicolás [mailto:nico...@devels.es] Sent: Wednesday, September 23, 2015 8:44 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CAS returns to the main page instead of authenticating Hi Misagh, El 23/09/15 a las 11:29, Misagh Moayyed escribió: This seems

RE: [cas-user] CAS 4.0 and 4.1 dependency to JRadius

Let me add that my experience working with 1.1.5 was a while back, so let me try again, and if it works with any additional changes, we can do it :) > -Original Message- > From: Misagh Moayyed [mailto:mmoay...@unicon.net] > Sent: Wednesday, September 23, 2015 4:10 AM >

RE: [cas-user] CAS 4.0 and 4.1 dependency to JRadius

Functionality-wise, sure. However, it will require changes to the CAS Radius API, which we can't do for a patch release. > -Original Message- > From: Stefan Paetow [mailto:stefan.pae...@jisc.ac.uk] > Sent: Wednesday, September 23, 2015 4:06 AM > To: cas-user@lists.jasig.org > Subject: Re:

RE: [cas-user] CAS returns to the main page instead of authenticating

This seems to be an issue with annotation-based transactions. Try disabling transactions for now, or consider switching to a cache-based registry for better performance. From: Nicolás [mailto:nico...@devels.es] Sent: Tuesday, September 22, 2015 11:02 AM To: cas-user@lists.jasig.org Subject: [cas

RE: [cas-user] CAS 4.0 and 4.1 dependency to JRadius

4.1 is already updated. We might be able to release a 4.0.6 that uses jitpack, but since that would have CAS switch to 1.1.5 of jradius, it's going to require a lot of changes to the radius module to work with 1.1.5. So I'd recommend you try with 4.1 first. That should fix the dependency problem.

RE: [cas-user] CAS 4.1.0 Stack Overflow : too low setting for -Xss and illegal cyclic inheritance dependencies

It may be specific to your overlay. If you post a sanitized version of it somewhere that'd be fine to review and detect any possible issues. > -Original Message- > From: Guillaume Chéramy [mailto:guilla...@cheramy.name] > Sent: Monday, September 21, 2015 5:50 AM > To: cas-user@lists.jasig.

RE: [cas-user] Unable to configure ticketing via MySQL

Seems like this is a documentation issue. Should be fixed in the docs. From: Nicolás [mailto:nico...@devels.es] Sent: Sunday, September 20, 2015 11:46 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Unable to configure ticketing via MySQL Hi Jay, The first dependency seems to be auto

RE: [cas-user] LDAP authentication succeeded but CAS says it's not

x27;s not El 19/09/15 a las 18:55, Misagh Moayyed escribió: OK, that’s all correct. Then, the only other possibility is, the ldap authentication does not return that attribute for you. The LDAP entry that is retrieved has an empty collection of attributes. If I run the command on the command

RE: [cas-user] LDAP authentication succeeded but CAS says it's not

else missing so the handler can retrieve the uid attribute? Thanks. El 19/09/15 a las 17:58, Misagh Moayyed escribió: You need to make sure the authentication handler is retrieving that attribute for you. Just because it’s in LDAP it doesn’t mean CAS will get it for you automatically. From: Ni

RE: [cas-user] LDAP authentication succeeded but CAS says it's not

upport.Slf4jLoggingAuditTrailManager] - However, this attribute is indeed present in the LDAP directory for that user and it's accessible by everyone: uid: myuser Thanks. El 19/09/15 a las 15:38, Misagh Moayyed escribió: Change org.jasig.cas to DEBUG and report back please.

RE: [cas-user] LDAP authentication succeeded but CAS says it's not

Change org.jasig.cas to DEBUG and report back please. From: Nicolás [mailto:nico...@devels.es] Sent: Saturday, September 19, 2015 6:30 AM To: cas-user@lists.jasig.org Subject: [cas-user] LDAP authentication succeeded but CAS says it's not Hi, I'm having some issue configuring LDAP authentica

[cas-user] CAS v4.1.0 released

CAS Community, CAS version 4.1.0 [1] has been released and should shortly make its way into Maven central repositories, if not already. We encourage you to integrate this release into your own CAS maven overlay environment and provide feedback. Misagh [1] https://github.com/Jasig/cas/

[cas-user] CAS v4.0.5 released

CAS Community, CAS version 4.0.5 [1] has been released and should shortly make its way into Maven central repositories, if not already. We encourage you to integrate this release into your own CAS maven overlay environment and provide feedback. This is a patch release that should be a drop-in

RE: [cas-user] Validating Service Tickets in POST requests - Securing WS

correct? El martes, 15 de septiembre de 2015, Misagh Moayyed mailto:mmoay...@unicon.net> > escribió: Sorry, I meant to respond to Jérôme with the message below. To answer your question, you need to establish an authn session with GET request first before doing anything posts. From:

RE: [cas-user] Validating Service Tickets in POST requests - Securing WS

Sorry, I meant to respond to Jérôme with the message below. To answer your question, you need to establish an authn session with GET request first before doing anything posts. From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Tuesday, September 15, 2015 8:41 AM To: cas-user

RE: [cas-user] Apereo default theme not suitable for mobile device.

Possible bug. Try adding: to the html tag and test on the device. Post back results please. > -Original Message- > From: Jerome Nenert [mailto:jerome.nen...@u-paris2.fr] > Sent: Tuesday, September 15, 2015 7:59 AM > To: cas-user@lists.jasig.org > Subject: [cas-user] Apereo default theme

RE: [cas-user] Validating Service Tickets in POST requests - Securing WS

Possible bug. Try adding: to the html tag and test on the device. Post back results please. From: Manfredo Hopp [mailto:mhopp.coni...@gmail.com] Sent: Tuesday, September 15, 2015 7:58 AM To: cas-user@lists.jasig.org Subject: [cas-user] Validating Service Tickets in POST requests - Securin

RE: [cas-user] Delegating to another CAS server

tp://www.slu.edu/its> ITS | <http://www.slu.edu/> Saint Louis University _ On Wed, Sep 9, 2015 at 12:46 PM, Misagh Moayyed mailto:mmoay...@unicon.net> > wrote: See http://jasig.github.io/cas/4.1.x/integration/Delegate-Authentication.html Example: https://github.com/pac4

RE: [cas-user] CredentialsToLdapAttributePrincipalResolver replacement in V4

> To sum up, using a separate resolver is only required if additional > attributes not present in the LDAP directory used for authentication are > needed ? Yes, or when you need better control over attribute retrieval from multiple sources, etc. > -- > You are currently subscribed to cas-user@li

RE: [cas-user] SAML1 or Cas 20 or Cas30?

The recommended approach is, whatever works for your environment. If your client needs SAML1, then use SAML1. If it needs attributes and your client supports CAS3, then use CAS3. If it needs attributes and your client does not support CAS3, use SAML1. It all depends on what type and version of a

RE: [cas-user] CredentialsToLdapAttributePrincipalResolver replacement in V4

nager, null out the matching resolver. > -Original Message- > From: Jerome Nenert [mailto:jerome.nen...@u-paris2.fr] > Sent: Thursday, September 10, 2015 6:25 AM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] CredentialsToLdapAttributePrincipalResolver > replaceme

RE: [cas-user] CredentialsToLdapAttributePrincipalResolver replacement in V4

Where do you see that reference in the documentation? I can't find it :( Also, does 4.x mean 4.0.x, or 4.1.x? Are you authenticating against LDAP? > -Original Message- > From: Jerome Nenert [mailto:jerome.nen...@u-paris2.fr] > Sent: Thursday, September 10, 2015 5:12 AM > To: cas-user@lis

RE: [cas-user] CAS w/ SAML clock skew?

Which SP implementation are you referring to? There are many. > -Original Message- > From: Tom Poage [mailto:tfpo...@ucdavis.edu] > Sent: Wednesday, September 9, 2015 8:23 PM > To: cas-user@lists.jasig.org > Subject: [cas-user] CAS w/ SAML clock skew? > > Does the CAS SAML SP implementat

RE: [cas-user] Delegating to another CAS server

See http://jasig.github.io/cas/4.1.x/integration/Delegate-Authentication.html Example: https://github.com/pac4j/j2e-pac4j-demo From: Jeff Abernathy [mailto:abern...@slu.edu] Sent: Wednesday, September 9, 2015 10:21 AM To: cas-user@lists.jasig.org Subject: [cas-user] Delegating to another CAS s

RE: [cas-user] Where is persistence.xml in 4.0.x (JPA Ticket Registry)

Post your maven overlay config somewhere on github, etc and we can track down if this is a config issue or a bug with the build. > -Original Message- > From: Christian Rohmann [mailto:crohm...@netcologne.de] > Sent: Wednesday, September 9, 2015 9:12 AM > To: cas-user@lists.jasig.org > Sub

RE: [cas-user] Where is persistence.xml in 4.0.x (JPA Ticket Registry)

istence.xml in 4.0.x (JPA Ticket > Registry) > > Hey Misagh, > > thanks very much for the quick reply. > > > On 09/07/2015 03:21 PM, Misagh Moayyed wrote: > > You have JAR/dependency conflict. Examine your lib directory and > > remove/exclude duplicates.

RE: [cas-user] Where is persistence.xml in 4.0.x (JPA Ticket Registry)

You have JAR/dependency conflict. Examine your lib directory and remove/exclude duplicates. From: crohm...@netcologne.de [mailto:crohm...@netcologne.de] Sent: Monday, September 7, 2015 12:40 AM To: cas-user@lists.jasig.org Cc: cas-user@lists.jasig.org; dkopyle...@unicon.net Subject: Re: [cas-us

RE: [cas-user] logging SLO requests

;t get - I did turn org.jasig.cas up to debug (I have a test system that I can send only my test to through our load balancer so noisy isn't a problem), but even then I got nothing about sending logout requests. Ted F. Fisher Information Technology Services From: Misagh Moayye

RE: [cas-user] CAS 2.0 Protocol Attribute Release

The snippet for CAS2 is likely in this file for your CAS server: https://github.com/Jasig/cas/blob/3.6.x/cas-server-webapp/src/main/webapp/ WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp From: Juan Quintanilla [mailto:jquin...@fiu.edu] Sent: Friday, September 4, 2015 1:21 PM To

RE: [cas-user] logging SLO requests

I don't think you can actually see the logout message, unless you turn up debugging to TRACE which would be very noisy. With DEBUG for org.jasig.cas, you'd see statements that are similar to "Sending logout request to XYZ" where XYZ is the service in question you're troubleshooting. From: Ted

RE: [cas-user] Attribute resolved but not released?

Is your client pointing to the /p3 endpoint? Are attributes configured for release in your registry? You have so far resolved them. From: Chris Irwin [mailto:chris.ir...@sadasystems.com] Sent: Thursday, September 3, 2015 8:54 AM To: cas-user@lists.jasig.org Subject: [cas-user] Attribute resolved

RE: [cas-user] 4.1.0 RC2 is released

s-user] 4.1.0 RC2 is released > > Hello, > > On 08/27/2015 01:26 PM, Misagh Moayyed wrote: > > Also, this is really the first functional release candidate for v4.1; > > Please ignore 4.1.0 RC1. If you run into issues and anomalies, please > > discuss and submit issues. &g

Re: [cas-user] Changing username / password from user input and perform multiple queries to backends

> > 1) To authenticate a user, I need to change the username / password data > I received from the login page a little (i.e. add some "@realm" to the > user or convert the password to some proprietary syntax the backend > uses) before sending it to let's say an ODBC or LDAP backend. What seems >

RE: [cas-user] SAML 2 metadata for CAS SP?

use it's very good at that, only limit what services use it directly. > > Looking forward to when we can find/make time to deploy the integrated IdP > 3.x (which might solve some of the edge cases). > > Thanks. > Tom. > > > On Aug 26, 2015, at 3:47 PM, Misagh Moayy

[cas-user] 4.1.0 RC2 is released

CAS Community, CAS version 4.1.0 RC2 [1] has been released and should shortly make its way into Maven central repositories, if not already. We encourage you to integrate this release into your own CAS maven overlay environment and provide feedback. This is a release candidate that is geared tow

RE: [cas-user] SAML 2 metadata for CAS SP?

nfortunately, we're still at IdP 2.x. > > We try to avoid this, but maybe all we can do is have the vendor use CAS > directly (which provides SSO for our IdP). > > Tom. > > On 08/26/2015 01:50 PM, Misagh Moayyed wrote: > > What version of the IdP is this? >

RE: [cas-user] SAML 2 metadata for CAS SP?

What version of the IdP is this? If your IdP is anything v3+, you can just turn on its CAS support, register the client and have it talk CAS protocol to the IdP directly. > -Original Message- > From: Tom Poage [mailto:tfpo...@ucdavis.edu] > Sent: Wednesday, August 26, 2015 12:46 PM > To:

RE: [cas-user] Resolving attirbutes dao results in "no value specified for parameter 2"

gmail.com> >: Try using NamedParameterJdbcPersonAttributeDao instead. On Wednesday, August 19, 2015 at 3:26:37 PM UTC-7, Manfredo Hopp wrote: See my previous mail which describes details of this issue. Same result for version 1.7.0 (latest?) Regards Manfredo 2015-08-19 17:45

RE: [cas-user] creating an attribute with fixed value

Ted, See: https://github.com/Jasig/person-directory/blob/master/person-directory-imp l/src/main/java/org/jasig/services/persondir/support/NamedStubPersonAttrib uteDao.java This should be available in the latest version of person directory, or in cas-addons. From: Ted Fisher [mailto:tf

RE: [cas-user] Resolving attirbutes dao results in "no value specified for parameter 2"

This “may” be an issue with person directory. Don’t know yet, but your other option for now would be to have 2 DAOs and merge the result together finally. What version of person directory is this by the way? Can you dulicate the problem with the latest? From: Manfredo Hopp [mailto:mhopp.co

RE: [cas-user] single log out and login-webflow.xml

solution still out there I’m overlooking. Thank you for the information, I appreciate your patience while I tried to get a better handle on the full picture. -bob From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Saturday, August 15, 2015 10:45 AM To: cas-user@lists.jasig.org

RE: [cas-user] single log out and login-webflow.xml

. As such, the only way you actually would receive SLO callbacks is when you invoke the logout endpoint. This is of course assuming that you're using the default ticket registry cleaner. From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Friday, August 14, 2015 8:11 AM To: 

RE: [cas-user] CAS protocol flow sequence: AuthN then check service registry?

s old. That was the behavior which was changed to check service > authorization before the author transaction start in 3.5.1+ (I don’t > remember the exact 3.5.x version where it went in). > > > >Cheers, > >Dmitriy. > > > >> On Aug 14, 2015, at 1:59 PM, Baron Fuj

RE: [cas-user] Unable to reach /cas-management

This generally means the app has crashed. Look into your container logs and you’ll find the root cause. You should have a cas-management.war that is deployed by the container, and just because you declare that dependency, it doesn’t mean you’re going to get that file. If you’re doing this inside

RE: [cas-user] Attribute Release

: https://**"; /> yourAttributeName My question is, can I do this to release the same set of attributes for any service? This looks like it’s going to require me to set this up for every new service. Sincerely, Christopher Irwin From

RE: [cas-user] Attribute Release

You are not getting anything from CAS because you’re not allowing any attributes to be released. Your logs/config show you’re only resolving attributes. Your service registry needs to release them next. See: http://jasig.github.io/cas/4.0.x/integration/Attribute-Release.html From: Ray Bon

RE: [cas-user] single log out and login-webflow.xml

Regardless of how your TGT expires, when it does and whether it's manual or automatic via the expiration policy, SLO will initiate. You no longer have an SSO session, and you will be logged out every application you have authenticated to via CAS. Starting with 4.1 I think, you will have the ab

RE: [cas-user] CAS protocol flow sequence: AuthN then check service registry?

> But wouldn't it be better to check against the registry first and disallowing unauthorized service URLs before bothering with authentication? What CAS version are you on? That is the exact current behavior. > -Original Message- > From: Baron Fujimoto [mailto:ba...@hawaii.edu] > Sent: T

RE: [cas-user] Cas 3.5.2.1 and ldap WHAT: 'principal' cannot be null.

You'll need to look into your container/CAS logs to figure out why authentication is failing. > -Original Message- > From: Karlos [mailto:kjlore...@gmail.com] > Sent: Thursday, August 13, 2015 5:34 AM > To: cas-user@lists.jasig.org > Subject: [cas-user] Cas 3.5.2.1 and ldap WHAT: 'princip

[cas-user] CAS Server v4.0.4 released

CAS Community, CAS version 4.0.4 [1] has been released and should shortly make its way into Maven central repositories, if not already. We encourage you to integrate this release into your own CAS maven overlay environment and provide feedback. Upgrading to either of these releases from a 4.0.x

RE: [cas-user] Exposing principal id in LPPE

principal id in LPPE In our case, the login id is also the principal. Specifically, how would ‘userid’ be accessed in in LPPE? -- Raymond Walker Software Systems Engineer StSp. ITS Northern Arizona University From: Misagh Moayyed Reply-To: "cas-user@lists.jasig.org <mailto:

RE: [cas-user] Java CAS client and Trust Store

t after restarting Tomcat multiple times, when I `stat` the > `/etc/shib- > > cas/ssl.properties` file, it appears as though the file has never been > > accessed. > > The CAS client ultimately fails with a stack trace indicating that it > > doesn't trust the c

RE: [cas-user] Java CAS client and Trust Store

gh the file has never been > accessed. > The CAS client ultimately fails with a stack trace indicating that it > doesn't trust the cert of the CAS host, which leaves me wondering if (a) > there is something wrong with my truststore, or (b) the `sslConfigFile` is > not being

RE: [cas-user] Java CAS client and Trust Store

he 'keyStorePath' is just the path to a > Java keystore, and the 'keyStorePass' is just the plaintext password? > > Thanks, > Carl > > - Original Message - > From: "Misagh Moayyed" > To: cas-user@lists.jasig.org > Sent: Wednesday, August

RE: [cas-user] Java CAS client and Trust Store

Yes. Look for "sslConfigFile" here in the project's README/docs: https://github.com/Jasig/java-cas-client I don't know if that will stop the client from looking into the Java keystore though. Probably not. > -Original Message- > From: Waldbieser, Carl [mailto:waldb...@lafayette.edu] > S

RE: [cas-user] CAS 4 (Unicon overlay) with AD plus attributes

I knew this sounded familiar, and so I dug this up: https://github.com/Jasig/cas/issues/722 Long story short; it’s something that is fixed and will need to be backported to 4.0.4. From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Tuesday, August 4, 2015 11:58 AM To: 'cas

RE: [cas-user] CAS 4 (Unicon overlay) with AD plus attributes

That is the default behavior, yes, supposedly :) You should not get anything unless you explicitly allow them. >From what you’re describing, this sounds like a regression. Please submit an issue, and attach a sample of your deployerConfigFile.xml to the issue. Time permitting, the fix might g

  1   2   3   4   5   6   >