Re: [cas-user] CAS and OAM Happy Problem

We formerly used OAM in conjunction with CAS in the way originally suggested, by using OAM to protect our CAS server. The goal was to provide SSO between OAM and CAS-protected apps. Our assumption was that it would be easier to protected enterprise apps with OAM and then we could use OAM's coa

[cas-user] ClearPass support in CAS clients?

I've been reviewing ClearPass and I'm finding a lot of good information about the server side, but not much about support for the protocol in the standard CAS clients. What I'm hoping to find is an easy way to set up an HTTP reverse proxy (similar to a software load balancer) that contains a CA

Re: [cas-user] Validation Filter and effective validation

Actually, the CAS client does NOT validate the ticket on each request. Tickets can actually each only be validated once, as per the CAS specification. Instead, the CAS filter validates the ticket ONCE and then stores the result of the successful validation information in the user's session. S

[cas-user] unsubscribe

-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] Inspektr JDBC audit trail cleaner configuration

Thanks! I added some documentation here (see the bottom of the page): https://wiki.jasig.org/display/CASUM/Auditing+and+Statistics+Via+Inspektr -Nathan -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Tuesday, October 11, 2011 9:02 AM To: cas-user@lists.j

[cas-user] Inspektr JDBC audit trail cleaner configuration

n, I can't find "org.jasig.cas.audit.support.JdbcAuditCleaner" in the 3.4.10 source code, though it appears to have been fixed in 3.4.0. Am I missing something? -Nathan Kopp -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change se

RE: [cas-user] JpaTicketRealm on Oracle 11g R2

I wouldn't consider Felix's joke to be an insult at all. In my experience, "supported" in the enterprise world means "I can blame someone if things don't work perfectly." It equates to "CYA" (look it up in Google). ;-) In the open source world, the users of software usually can't "blame" anyo

RE: [cas-user] useSession=false problem

n Wooten bryan.woo...@utah.edu Work: 801.585.9323 Cell: 801.414.3593 From: Nathan Kopp [mailto:nathan.k...@ccci.org] Sent: Friday, July 09, 2010 9:56 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] useSession=false problem First, it is possible to use single logout behind a loa

RE: [cas-user] useSession=false problem

First, it is possible to use single logout behind a load balancer (we do it for a number of our critical applications), but it depends on the CAS client implementation. (Not all clients support single logout, and those that support it don't always work in a cluster.) It really seems that singl

RE:[cas-user] trickle down lock out effect

that would likely cause the issue you are experiencing. Nathan Kopp Applications Strategist Information Technology Group Campus Crusade for Christ, Int'l 407-826-2939 Office | 407-484-8485 Mobile | 407-826-2968 Fax From: Jeremy Bennett [mailto:jbenn...@nbic.com] Sent: Thursday, June 17, 2010 1

[cas-user] Deploying to OC4J

(Resend. Sorry if this is a repeat. I didn't see this come through the list, so I think the original got lost... so I'm resending.) I am putting together a CAS server based on 3.3.5 using the WAR Overlay method. Everything in my implementation works fine when deploying to Tomcat. However, wh

RE: [cas-user] CCC Single Sign Off Server Distribution?

ading our existing clients to use the SAML logout. However, we may eventually re-implement one or both of the other two methods (iframe and link+popup) to support packaged software that requires direct interaction from the user's browser. Nathan Kopp Applications Strategist Information Techno

RE: [cas-user] CCC Single Sign Off Server Distribution?

Ye3s, however the new version currently only supports #1 (logoutCallback). We don't have any remaining clients using the other two methods (iframeLogoutUrl and userLogoutUrl), so we have not re-implemented those features in 3.3.5. Nathan Kopp Applications Strategist Information Technology

RE: [cas-user] CCC Single Sign Off Server Distribution?

the really old 2.x server. Our new code is relatively simple and builds on the existing single sign-off features found in 3.3.5 (which only support SAML clients) and extends that functionality to support our customized protocol for modified CAS clients. Nathan Kopp Applications Strategist I

RE: [cas-user] Compatibility matrix for CAS ?

Just yesterday I tested Oracle Internet Directory (Oracle's LDAP) and it worked with no problems. It probably wouldn't be too hard for someone to put a matrix/list on the wiki and let people fill in the boxes for successful tests. -Nathan -Original Message- From: Marvin Addison [mailto:

RE: [cas-user] CAS ISAPI Filter

ork with IIS... I'll have to fix that example. :-) * Set the log level to DEBUG * Once the log file is being created, it is much easier to find further problems, because the debug log is pretty verbose. Nathan Kopp Applications Strategist Information Technology Group Campus Crusade for C

RE: [cas-user] CAS login Page refreshes after 5th failed login try.

You might be running into a lockout security feature that blocks your IP address because of too many failed login attempts. I know such a feature existed in CAS 2.x... maybe it still exists in 3.3. -Nathan From: Andrew Feller [mailto:afel...@lsu.edu] Sent: Monday, August 17, 2009 3:25 PM

RE: RE : [cas-user] Multi-mode CAS

ode to set the cookie. (You could also provide a way to clear the cookie, too.) Nathan Kopp Applications Strategist Information Technology Group Campus Crusade for Christ, Int'l 407-826-2939 Office | 407-484-8485 Mobile | 407-826-2968 Fax -Original Message- From: Arnaud Clade

RE: [cas-user] One more time: Anyone integrate Illiad to CAS?

For a good ISAPI filter, check out this: http://www.ja-sig.org/wiki/display/CASC/ISAPI+Filter There's a binary in the attached ZIP file. Be sure to use the one dated July 2, 2009... it contains an important bug fix. Note that there are some customizations (such as our version of single log-out),

RE: [cas-user] CAS with only IIS

... however, it does NOT have code to check the proxy chain. We've been using this filter in production since 2004, and the current version is very stable. Nathan Kopp Applications Strategist Information Technology Group Campus Crusade for Christ, Int'l 407-826-2939 Office | 407-484-8

RE: [cas-user] CAS with only IIS

s up and run with it (i.e. host it somewhere like Google Code or SourceForge and facilitate new development), you are more than welcome to do so. Nathan Kopp Applications Strategist Information Technology Group Campus Crusade for Christ, Int'l 407-826-2939 Office | 407-484-8485 Mobile | 407-826

RE: [cas-user] How to use custom login page instead of CAS login page?

an -Original Message- From: Michael Ströder [mailto:mich...@stroeder.com] Sent: Wednesday, March 04, 2009 7:59 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] How to use custom login page instead of CAS login page? Nathan Kopp wrote: > > To accomplish this, we use a techn

RE: [cas-user] How to use custom login page instead of CAS login page?

Using an iframe on the same domain might be your only choice. To accomplish this, we use a technique where the login form is served by the client web site and simply posts the username and password directly to the CAS server along with the "service" parameter. We're using CAS 3.0.x, so the log