good point Mav. This is a long discussion around the ticket registry design and
I think I created a Jira a long time ago gor this. It might be enough to expose
the ticket timestamp in an own attribute of the registry so a deserialization
of all tickets in the cleaner wouldn't be needed. Disablin
See https://issues.jasig.org/plugins/servlet/mobile#issue/CAS-814
You need to extend CAS to use that feature as far as i know.
We use a different approach. We invalidate all current tickets on tos version
change. In the CAS login mask, we force users to accept the new tos version to
allow login.
; To: cas-user@lists.jasig.org
> Sent: Tuesday, September 9, 2014 4:34:28 PM
> Subject: Re: [cas-user] SSO approach without Cookies
>
> Would there be any problem if some one deletes these cookies or hack it ?
> Any precautions to be taken ?
>
>
> On Tue, Sep 9, 2014 at 12:00 PM,
Authentication itself works without, but that is of no help for you, as
JASIG-CAS needs Cookies for SSO.
Maybe another approach would fit your needs, like Claims-Based SSO.
E.g. Windows Identity Foundation. It has it’s drawbacks and conceptual
limitations. See
http://msdn.microsoft.com/en-us/l
See https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide
Am 07.08.2014 um 18:00 schrieb Patrick Pat :
> Hi,
> Problems: (all are in file "PROBLEMS.txt" on this mail)
>
> Etat HTTP 500 - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable
> to validate ProxyTic
Strongly recommending to use a local Maven overlay project.
You can use https://github.com/forsetti/jasig-cas-quickdemo as a starter.
If you need to add logging statements to any cas core classes, simply copy them
over from the JASIG CAS sources into your local project (to the same package)
and
enable to releasing that component as open-source? We'd be
> interested (at Diamond Light Source and Janet) because we also receive a
> large number of attributes after authentication (via RADIUS and/or SAML).
>
> With Regards
>
> Stefan
>
>
>
> On 8 April 20
? We'd be
> interested (at Diamond Light Source and Janet) because we also receive a
> large number of attributes after authentication (via RADIUS and/or SAML).
>
> With Regards
>
> Stefan
>
>
>
> On 8 April 2014 17:21, Robert Oschwald wrote:
> Finished my own
>
> Dan
>
> Dan Ellentuck
>
>
>
> On Mon, Apr 7, 2014 at 3:14 PM, Misagh Moayyed wrote:
> I doubt it. You'd have to build one that talks to the WS.
>
> > -Original Message-
> > From: Robert Oschwald [mailto:robertoschw...@googlemail.com]
I’m wondering if it is possible to populate attributes directly from the
authentication source without performing a 2nd call.
I already receive the additional attributes from a web service as a response to
the authentication call.
Is there a special attributeRespository available which I can fil
Definitely no "chean" on
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method
and not on
http://jasig.github.io/cas/current/installation/Maven-Overlay-Installation.html
as well.
So what link are you referring to, Kelvin?
Robert
gt; , would advise the procedure for it ?
>
>
>
>
> 2014-03-26 16:51 GMT+08:00 Robert Oschwald :
> its not a must, but highly recommended if you want to modify views, extend
> functionality or test locally.
>
> Sent while mobile.
>
> Am 26.03.2014 um 09:20
ise the procedure for it ?
>
>
>
>
> 2014-03-26 16:51 GMT+08:00 Robert Oschwald :
>> its not a must, but highly recommended if you want to modify views, extend
>> functionality or test locally.
>>
>> Sent while mobile.
>>
>>> Am 26.03.
e CAS 3.x ? thanks
>
>
> 2014-03-26 16:16 GMT+08:00 Kelvin Young :
>> Hi ,
>>
>> I see nothing in the link , would you please check .
>>
>>
>>
>>
>> 2014-03-26 16:05 GMT+08:00 Robert Oschwald :
>>
>>> https://wiki.jasig.org
https://wiki.jasig.org/plugins/servlet/mobile#content/view/27525810
use this
Sent while mobile.
> Am 26.03.2014 um 08:28 schrieb Kelvin Young :
>
> Hi Stephan ,
>
> thanks for your reply ,
>
> I never use maven , do you mean I must use in CAS server ? except it ,
> what configuration fi
t-after-logout-td254421.html
>
>
>
> -----Original Message-
> From: Robert Oschwald [mailto:robertoschw...@googlemail.com]
> Sent: Tuesday, March 11, 2014 4:26 PM
> To: cas-user@lists.jasig.org
> Subject: Re: [cas-user] CAS protocol for logout
>
> thats a CAS protocol 3.0 feat
thats a CAS protocol 3.0 feature which is described here (spec is not final
released yet)
https://github.com/Jasig/cas/blob/master/cas-server-protocol/3.0/cas_protocol_3_0.md
Sent while mobile.
> Am 11.03.2014 um 20:55 schrieb Tom Poage :
>
> Hello,
>
> The CAS protocol for logout says it tak
I will handle german tonight.
Robert
Am 19.02.2014 um 17:38 schrieb Jérôme LELEU :
> Hi,
>
> We have made many changes in the source code for the future CAS server 4.0,
> impacting language properties as well.
> The english one is the reference, but others should be updated accordingly.
>
> I
Thats what we do for several clients using soap accesses to an authentication
application. we use jaxb marshalled objects with the Spring-WS client.
> Am 29.11.2013 um 17:50 schrieb Joshua Brodie :
>
> Hi List:
>
> Can CAS be leverages to authorize calls to APIs on a web services module?
>
> T
Maybe like this (untested) in casLoginView.jsp:
<%
String cssFileName = "mylogin.css"; // default
Locale locale = request.getLocale();
if (locale != null && StringUtils.isNotBlank(locale.getLanguage())){
String languageCssFileName = "mylogin_" + locale.getLanguage() + ".css";
//
javassist, cglib and Hibernate could be such a candidates.
It does not help to have it in WEB-INF/lib.
See
http://my.opera.com/karmazilla/blog/2007/03/15/permgen-strikes-back
http://stackoverflow.com/questions/2051734/why-is-permgen-space-growing
http://stackoverflow.com/questions/1124131/what
> It's easier to simply deploy CAS in a Tomcat instance by itself and restart
> the container as part of redeployment. I believe most CAS deployers do this;
> we certainly do.
+1 same here.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscr
Saw that on almost every Spring/Hibernate based Application.
Am 24.07.2013 um 21:34 schrieb Jonathan Rosenberg :
> I am trying to run CAS on Tomcat 7.0.22. I have two instances on two
> servers. Both Linux boxes.
>
> One one of the boxes I see the following behavior when deploying:
>
> 1) Fir
our emails) to have it
> stopped. We're waiting on that.
>
>
>
>
>
> On Tue, Jul 23, 2013 at 11:15 AM, Robert Oschwald
> wrote:
> I currently get spammed by tons of emails with subject "AUTO: Zbynek =
> Vavros is prepared for DELETION (FREEZE)&q
I currently get spammed by tons of emails with subject "AUTO: Zbynek =
Vavros is prepared for DELETION (FREEZE)" from the cas-user list.
Can someone please stop this?
Thanks,
Robert
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, chan
Another possible way is to use CAS themes.
See https://wiki.jasig.org/display/CASUM/Theme+Control
In your JSP, you can then use it like this:
….
Am 05.06.2013 um 16:05 schrieb James Sumners :
> Here's a snippet from my casLoginView.jsp that does something simil
No remember-me used, right?
Von meinem iPhone gesendet
Am 01.05.2013 um 00:12 schrieb "Lazar, Michael E" :
> Following the wiki and from my own personal experience I would highly highly
> recommend against using oracle as a jpa ticket registry, especially if you
> intend to put any sort of vol
>
> Where you get this method??.
>
>
> Thank's for all.
>
>
>
> 2013/4/11 Robert Oschwald
> Here are the rough steps how I created a WsAuthenticationHandler for CAS
> 3.4.xx using SpringWS 1.5.4 and JaxB marshalling.
> Use the recommended Maven Overlay project
Here are the rough steps how I created a WsAuthenticationHandler for CAS 3.4.xx
using SpringWS 1.5.4 and JaxB marshalling.
Use the recommended Maven Overlay project setup as stated in the CAS CASUM Wiki
manual.
1. Implement a WsAuthenticationHandler which extends
AbstractUsernamePasswordAuthen
I use a Soap Webservice Authentication Handler for this.
The WebserviceAuthenticationHandler extends
AbstractUsernamePasswordAuthenticationHandler.
Webservice Client is a Spring-WS client injected into the
WebserviceAuthenticationHandler using servers wsdl as Jaxb objects (created by
Maven XJC
See
https://wiki.jasig.org/display/CASUM/Attributes#Attributes-AccessingattributesusingtheCASclientforjava
how to release attributes to the client.
If you use the SAML ticket validator, it works out of the box.
If you want to release the attributes using the /serviceValidate url, you must
add a
Are you using Firefox ?
Then this bug might be of interest:
https://bugzilla.mozilla.org/show_bug.cgi?id=443354#c48
Am 01.03.2013 um 14:53 schrieb "Ohsie, David" :
> So I guess the next natural questions, based on the observations posted here
> are as follows:
>
> 1) If you close your brows
We're working on a new specification which includes all the features and
parameters currently in CAS Server.
There, "service" parameter for logout is explained from specification side.
You can have a look into it on
https://docs.google.com/document/d/1l0o60mLfXF4bkQdwRSH4i6P-IJQki3-v-zyoOAjxDd4/
erified and my CAS server
> does not let users login with a trailing space. I'm using the Bind LDAP
> Authentication Handler pointing against an AD.
>
>
> -Original Message-
> From: Robert Oschwald [mailto:robertoschw...@googlemail.com]
> Sent: Thursday,
Today I noticed a problem in one of our CAS client applications.
If a user enters the username with a trailing space, the CAS client application
fails, as the trailing space doesn't seem to be trimmed by the cas server.
CAS Server: 3.4.11
Client uses cas-client-core 3.1.3 and the trailing space g
We're currently working on the next version of the CAS protocol spec. This
includes SAMLvalidate and other extensions.
Am 11.10.2012 um 03:51 schrieb Baron Fujimoto :
> Is there somewhere in the CASUM wiki I'm overlooking that documents the
> samlValidate CAS URI similarly to how other CAS URIs
Just to get an idea how we handle Remember Me:
We use CAS Remember Me since the beginning (we are the sponsors of this
feature) and here is how we use it:
- Note: Remember Me in the Applications Spring Security is disabled, so we use
only CAS Remember Me.
- As we do not use SAML response yet,
How can that happen?
Normally, only registered service urls are allowed to use Cas.
Cas logout is initiated from these applications. So how can an attacker inject
a malicious logout redirect URL?
Does the same problem apply for the service parameter on logout?
Von meinem iPhone gesendet
Am 02.0
, Box 122
> Edmond, OK 73034
> D: 405.974.2649 | M: 405.550.6804 | bbra...@uco.edu | www.uco.edu
>
> "If you wish to know your past, look at your present conditions. If you wish
> to know your future, look at your present actions." - Siddhartha Gautama
>
Maybe I'm blind,
but I do not find the link to the documentation wiki on
http://www.jasig.org/cas/.
Robert
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG
We use InnoDB on all Tables but see the lock problems on 2 independent
installations.
Am 25.07.2011 um 19:22 schrieb Eric Pierce:
> MySQL uses table-level locking if you're using the MyISAM storage engine and
> row-level with InnoDB. MyISAM was the default for years and is faster than
> Inno
Am 25.07.2011 um 15:48 schrieb Marvin Addison:
>
>
>> This could lead to a problem because the cleaner currently locks your ticket
>> registry for a long time as all tickets are deserialized.
>
> There is no such locking explicitly in the code, and it's hard to
> imagine how _any_ database pla
One thing to note when using RememberMe is the DefaultTicketRegistryCleaner
problem.
With RememberMe enabled with a TTL of weeks, you might get a lot of tickets in
the registry.
This could lead to a problem because the cleaner currently locks your ticket
registry for a long time as all tickets a
Do not modify the original source.
Instead, create an own maven project and copy the pom.xml contents described in
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
into your project as toplevel pom.xml
Now you can perform a mvn packag
Only one CAS node is used per db (MySQL). But there are several CAS Servers
using independent schemas on the same db server.
Currently, approx. 100.000-200.000 tickets are in the registry.
As this server uses the fairly old CAS 3.2.1 and the JPATicketRegistry was
improved in 3.3.3, it might help
Marvin, thanks for clarification.
It seems the problem happens when the cleaner is running.
I'm on MySQL 5 (RHES).
We need to use jpa because of rememberMe.
Robert
Am 25.05.2011 um 14:55 schrieb Marvin Addison :
>> One of my CAS Servers (3.2.1) is having a problem with deadlocks.
>
> It's a k
One of my CAS Servers (3.2.1) is having a problem with deadlocks.
The indexes for the foreign keys have been created but I still get deadlock
exceptions sometimes.
Any idea what else could cause this problem?
Hibernate Version 3.2.4.sp1, Spring 2.5.1
Thanks,
Robert
java.sql.BatchUpdateExceptio
You must add the properties to the casServiceValidationSuccess jsp. This is a
custom extension.
Example:
${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes['org.jasig.cas.authentication.principal.REMEMBER_ME'])}
${fn:escapeXml(asse
ci of the different cas client apps differ as well as the messages.
Also, we got a registration button only in some of the themes and on some we
don't.
Could you please give me a pointer on how to achieve a view-per-theme solution?
Am 23.03.2011 um 14:28 schrieb Marvin Addison:
>
> We use thi
Currently, I use 5 themes in the loginView page.
As this is a very complex page now, I'm looking for an alternative.
E.g. different login page per theme or separate views for themes.
Any recommendations?
Thanks,
Robert
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@
Sorry for this lengthy email...
Sometimes I receive this exception for one of my Spring based client apps
(other client apps work fine) on the Cas Server.
It occurs every few 100 authentications, sometimes more often.
The exception on CAS Server:
2011-02-10 02:29:54,226 [TP-Processor11] [u...@x
This is off topic but important to all CAS users.
There exists a remotely exploitable critical bug in Java which can lead to a
complete crash of the JVM.
Every admin is urged to immediately patch all Sun/Bea/Oracle Java Versions on
their servers.
Main cause of the problem is a flaw in the AMD/
+1 for 1.6
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
You need to read the complete document.
In the "Custom Implementations" section it's described how you extend the login
page.
Robert
>
> On Mon, Dec 20, 2010 at 4:07 PM, colagero wrote:
>
> hi all,
>
>
>
> i,m tryng to follow your Documentation to set Remember feature on CAS 3.4.2
> but i
Thats exactly the correct way.
Do not forget to overwrite hashCode() and equals() which takes your new
parameters into account.
See RememberMeUsernamePasswordCredentials as an example.
Am 12.11.2010 um 18:52 schrieb Scott Battaglia:
> You should be extending our class with your own custom cla
I'm going to take some time this weekend to go
> through and write down (and open/update JIRA tickets) for all remaining tasks
> which should give us a good idea of how much more time we need.
>
>
> On Wed, Sep 22, 2010 at 12:33 PM, Robert Oschwald
> wrote:
> Scot
Scott,
do you know yet when you will release 3.5?
Robert
Am 22.09.2010 um 18:27 schrieb Scott Battaglia:
> The CAS 3.5 API's will actually have a purge method :-)
>
>
> On Wed, Sep 22, 2010 at 12:09 PM, Robert Oschwald
> wrote:
> Hi Folks,
>
> as I use reme
Hi Folks,
as I use remember-me, I need to be able to force a relogin of all users (e.g.
if Terms Of Service change).
For this, I added a deleteAllTgts() method to the
CentralAuthenticationServiceImpl class (using maven overlay) to be able to
force a relogin of all users (triggered via a REST c
Hi folks,
upgrading CAS from 3.2.1 to 3.4.2.1 went smooth so far. Authentication via my
webserviceHandler and rememberMe work perfect.
The only thing I'm struggling with is the new throttle interceptor
configuration.
The CAS wiki page seems to hold info only for older cas versions and does not
g on up in the world! :-) (hopefully we'll get CAS there at some
> point)
>
> Cheers,
> Scott
>
>
> On Mon, Mar 29, 2010 at 11:26 AM, Robert Oschwald
> wrote:
> I tried to build CAS 3.4.2 but cannot find com.github.inspektr 1.0.0.GA
> artifact.
> I'm behind a
I tried to build CAS 3.4.2 but cannot find com.github.inspektr 1.0.0.GA
artifact.
I'm behind a maven proxy server, therefore I need to add a repo to the proxy I
think.
Unfortunately, I cannot find an explicit repository definition in the main
pom.xml file.
In the old JASIG repo, only a prerelea
Johan,
I opened rfe ticket CAS-814 for this problem a while back.
There needs to be a db schema change (adding a column for the username) I
guess, as otherwise you cannot identifiy users TGTs.
Any news on this Scott?
Robert
Am 23.02.2010 um 00:07 schrieb Johan Reinalda:
> All,
>
> we are testi
It seems you didn't add the casLogoutFilter in your config:
13:06:13,286 ERROR [org.jasig.cas.util.HttpClient] -
This is the CAS single logout POST request from CAS server to your CAS service
URL.
It seems it doesn't get accepted but is ignored within your app.
I recommend to add the SingleSig
RegisteredServiceImpl table, all with no success:
>> MailScanner has detected a possible fraud attempt from "**" claiming to be
>> https://**
>> https://cas-services:8443/cas/services/**
>> https://cas-services:8443/cas/services/j_acegi_cas_security_check**
>>
>> Note
Ant patterns are slightly different than normal RegEx.
Use https://cas-services:8443/cas/services** instead.
Would be great to have a servlceURL example in the Wiki page.
Robert
Am 30.11.2009 um 16:45 schrieb Andy Cowling:
> Hi all
>
> Following the instructions in the Service Management con
I added a comment the the newly created issue
http://www.ja-sig.org/issues/browse/CAS-818.
Also, the Services App does not perform a CAS logout if you press logout.
If you use RememberMe, you will not get logged-out of the app, as you are
immediately logged back in if you click on any action.
R
Am 11.11.2009 um 15:26 schrieb Scott Battaglia:
> On Mon, Nov 9, 2009 at 4:29 PM, Robert Oschwald
> wrote:
> I'm using CAS with RememberMe.
> I need to invalidate a users Tickets (force relogin on next visit) from one
> of my client apps.
> For this, I'm thinking o
I'm using CAS with RememberMe.
I need to invalidate a users Tickets (force relogin on next visit)
from one of my client apps.
For this, I'm thinking of a REST Service, Servlet or SOAP Endpoint.
Any pointers on how to implement it?
I need to supply the users username, and thinking of a way to r
1.5 and 1.6 here.
Robert
On 22 Oct 2009, at 16:35, Scott Battaglia wrote:
Out of curiosity, is anyone still relying on the Java 1.4? The CAS
Client for Java has been compatible with it for a while now.
However, we added a feature to support distributed proxy storage via
memcached and so one
Another approachf for this:
We use maven profiles.
You can define your props within each profile. (e.g. "dev", "prod1",
"prod2" etc.)
"dev" is the default profile.
Advantage of this is, that you can define properties for maven plugins
within each profile, too.
E.g. we define the "doCheck" and "
Yes, just add it to the list of interceptors on handlerMappingB.
Thats all.
Robert
> >Is there any other configuration changes necessary?
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://w
Do you mean you want to secure an endpoint by cas?
Or do you want to implement an endpoint using normal WSSE
authentication together in an application which uses CAS
authentication for Webusers, also?
The first one I have never done.
I think you must get the CAS proxy ticket (PGTIOU via the
ott
>
>
> On Thu, May 14, 2009 at 6:55 AM, Robert Oschwald > wrote:
> I need to update a foreign (non CAS) application using a wsclient on
> a CAS RememberMe login.
>
> What is the best point in CAS to add this code to?
>
> Robert
>
>
> --
> You
I need to update a foreign (non CAS) application using a wsclient on a
CAS RememberMe login.
What is the best point in CAS to add this code to?
Robert
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives,
Thats a quite annoying thing.
You must add the service application first, otherwise you lock out
yourselve.
There exists a ticket to hardcode the service application definition
into the spring config files or to set it to readonly to avoid exactly
this problem.
To resolve the problem, you mu
It might be better to inform the user those errors.
You can do this by different Exceptions you throw.
Here is an example for a SearchModeSearchDatabaseAuhenticationHandler:
protected final boolean authenticateUsernamePasswordInternal(
UsernamePasswordCredentials credentials) throws
Authent
Its an addition that some people did, like the url parameter. Its
probably a good contender for our new process of updating the
protocol ;-)
There's no need to modify your logoutView.jsp. If you've enabled
serviceRedirects on the LogoutController and you give it the service
url it wil
Scott,
the "service" param is not defined in the CAS Protocol specs for the /
logout phase, only "url" is defined.
See http://www.jasig.org/cas/protocol section 2.3.1.
Is your suggested "service" param on /logout a JA-SIG CAS 3 extension?
Thanks,
Robert
I now changed my logoutView.jsp to redire
You don't need to develop an own auth handler, if one of the jdbc
handlers who come with cas are enough for your needs.
See http://www.ja-sig.org/wiki/display/CASUM/JDBC
Example:
Set the handler up in the deployerConfigContext.xml file:
class
=
"org
..jasig.cas.adaptors.jdbc.S
Scott,
shouldn't it be http://my.server.com/cas/logout?url=http://www.cnn.com ?
Robert
Am 13.02.2009 um 15:53 schrieb Scott Battaglia:
> When you call http://my.server.com/cas/logout you would do
> http://my.server.com/cas/logout?service=http://www.cnn.com
> where cnn.com is wherever you wan
ioned redirect to
https://liber.lit.trend.it:9443/Profile_Web_two/j_acegi_cas_security_check?ticket=ST-4-c7digmz2ZRawvDuNnsU7EOFzBbgXnhg6bhz-20
goes directly to the access denied page
2009/2/9 Robert Oschwald :
That seems to be the log for the CAS server, only.
What about the CAS client log?
Rober
ervletRequestHandledEvent: url=[/PRJ_CAS_Web/login];
client=[10.1.226.169]; method=[POST]; servlet=[cas];
session=[FEB7BA97D2396C68E97A55192D589862]; user=[null]; time=[472ms];
status=[OK]
2009/2/9 Robert Oschwald :
Try to set your log level to "trace". If it is a cert problem, you
migh
Try to set your log level to "trace". If it is a cert problem, you
might get the error.
Robert
Am 09.02.2009 um 09:25 schrieb ::SammyRulez:::
yes, as I said the same exact setup works well on windows. I created
the cert following cas FAQ
2009/2/9 Robert Oschwald :
Have you adde
Have you added the cert to your Java Keystore?
Robert
Am 09.02.2009 um 09:00 schrieb ::SammyRulez:::
Hi folks
I have a problem with cas client on Linux. (Sun jdk 1.6 jboss 4.0.5
GA, acegi on client side) Cas server authentication goes well but when
redirected to the client web app something g
84 matches
Mail list logo