We formerly used OAM in conjunction with CAS in the way originally suggested,
by using OAM to protect our CAS server. The goal was to provide SSO between
OAM and CAS-protected apps. Our assumption was that it would be easier to
protected enterprise apps with OAM and then we could use OAM's coa
I've been reviewing ClearPass and I'm finding a lot of good information about
the server side, but not much about support for the protocol in the standard
CAS clients. What I'm hoping to find is an easy way to set up an HTTP reverse
proxy (similar to a software load balancer) that contains a CA
Actually, the CAS client does NOT validate the ticket on each request. Tickets
can actually each only be validated once, as per the CAS specification.
Instead, the CAS filter validates the ticket ONCE and then stores the result of
the successful validation information in the user's session. S
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Thanks! I added some documentation here (see the bottom of the page):
https://wiki.jasig.org/display/CASUM/Auditing+and+Statistics+Via+Inspektr
-Nathan
-Original Message-
From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Tuesday, October 11, 2011 9:02 AM
To: cas-user@lists.j
n, I can't find
"org.jasig.cas.audit.support.JdbcAuditCleaner" in the 3.4.10 source code,
though it appears to have been fixed in 3.4.0. Am I missing something?
-Nathan Kopp
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change se
I wouldn't consider Felix's joke to be an insult at all.
In my experience, "supported" in the enterprise world means "I can blame
someone if things don't work perfectly." It equates to "CYA" (look it up in
Google). ;-)
In the open source world, the users of software usually can't "blame" anyo
n Wooten
bryan.woo...@utah.edu
Work: 801.585.9323
Cell: 801.414.3593
From: Nathan Kopp [mailto:nathan.k...@ccci.org]
Sent: Friday, July 09, 2010 9:56 AM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] useSession=false problem
First, it is possible to use single logout behind a loa
First, it is possible to use single logout behind a load balancer (we do it for
a number of our critical applications), but it depends on the CAS client
implementation. (Not all clients support single logout, and those that support
it don't always work in a cluster.) It really seems that singl
that would likely cause
the issue you are experiencing.
Nathan Kopp
Applications Strategist
Information Technology Group
Campus Crusade for Christ, Int'l
407-826-2939 Office | 407-484-8485 Mobile | 407-826-2968 Fax
From: Jeremy Bennett [mailto:jbenn...@nbic.com]
Sent: Thursday, June 17, 2010 1
(Resend. Sorry if this is a repeat. I didn't see this come through the list,
so I think the original got lost... so I'm resending.)
I am putting together a CAS server based on 3.3.5 using the WAR Overlay method.
Everything in my implementation works fine when deploying to Tomcat. However,
wh
ading our existing clients to use the SAML logout.
However, we may eventually re-implement one or both of the other two
methods (iframe and link+popup) to support packaged software that
requires direct interaction from the user's browser.
Nathan Kopp
Applications Strategist
Information Techno
Ye3s, however the new version currently only supports #1
(logoutCallback). We don't have any remaining clients using the other
two methods (iframeLogoutUrl and userLogoutUrl), so we have not
re-implemented those features in 3.3.5.
Nathan Kopp
Applications Strategist
Information Technology
the really old 2.x server. Our new code is relatively simple
and builds on the existing single sign-off features found in 3.3.5
(which only support SAML clients) and extends that functionality to
support our customized protocol for modified CAS clients.
Nathan Kopp
Applications Strategist
I
Just yesterday I tested Oracle Internet Directory (Oracle's LDAP) and it
worked with no problems.
It probably wouldn't be too hard for someone to put a matrix/list on the
wiki and let people fill in the boxes for successful tests.
-Nathan
-Original Message-
From: Marvin Addison [mailto:
ork with IIS... I'll
have to fix that example. :-)
* Set the log level to DEBUG
* Once the log file is being created, it is much easier to find
further problems, because the debug log is pretty verbose.
Nathan Kopp
Applications Strategist
Information Technology Group
Campus Crusade for C
You might be running into a lockout security feature that blocks your IP
address because of too many failed login attempts. I know such a
feature existed in CAS 2.x... maybe it still exists in 3.3.
-Nathan
From: Andrew Feller [mailto:afel...@lsu.edu]
Sent: Monday, August 17, 2009 3:25 PM
ode to set the cookie. (You
could also provide a way to clear the cookie, too.)
Nathan Kopp
Applications Strategist
Information Technology Group
Campus Crusade for Christ, Int'l
407-826-2939 Office | 407-484-8485 Mobile | 407-826-2968 Fax
-Original Message-
From: Arnaud Clade
For a good ISAPI filter, check out this:
http://www.ja-sig.org/wiki/display/CASC/ISAPI+Filter
There's a binary in the attached ZIP file. Be sure to use the one dated
July 2, 2009... it contains an important bug fix.
Note that there are some customizations (such as our version of single
log-out),
...
however, it does NOT have code to check the proxy chain.
We've been using this filter in production since 2004, and the current version
is very stable.
Nathan Kopp
Applications Strategist
Information Technology Group
Campus Crusade for Christ, Int'l
407-826-2939 Office | 407-484-8
s up and run with it (i.e. host it
somewhere like Google Code or SourceForge and facilitate new
development), you are more than welcome to do so.
Nathan Kopp
Applications Strategist
Information Technology Group
Campus Crusade for Christ, Int'l
407-826-2939 Office | 407-484-8485 Mobile | 407-826
an
-Original Message-
From: Michael Ströder [mailto:mich...@stroeder.com]
Sent: Wednesday, March 04, 2009 7:59 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] How to use custom login page instead of CAS login page?
Nathan Kopp wrote:
>
> To accomplish this, we use a techn
Using an iframe on the same domain might be your only choice.
To accomplish this, we use a technique where the login form is served by
the client web site and simply posts the username and password directly
to the CAS server along with the "service" parameter. We're using CAS
3.0.x, so the log
23 matches
Mail list logo