It is working now! I can use dc=test,dc=com in all the relevant sections
now after updating our schema to publish the needed attributes to the gc
Thanks!
JASON
On Saturday, June 6, 2015 at 7:36:00 PM UTC-5, Jason Everling wrote:
>
> Carl, Thanks for the reply,
>
> So for the baseDN
.
Thanks again,
Jason
On Friday, June 5, 2015 at 9:33:46 AM UTC-5, Jason Everling wrote:
>
> We have been using CAS 3.5.3 for sometime now and have never needed the
> attributes. I now need to deploy an application that is restricted by an
> attribute value.
>
> I
fix this?
Jason
On Fri, Jun 5, 2015 at 10:25 AM, Jason Everling wrote:
> I actually got it working now but I have a small issue
>
> If I put our root DN for the baseDN instead of an OU where some accounts
> are it errors out,
>
> Unprocessed Continuation Reference(s); n
'dc=test,dc=com'
How can I add the our base dc domain? Users are scattered all out and not 1
specific OU
JASON
On Fri, Jun 5, 2015 at 9:33 AM, Jason Everling wrote:
> We have been using CAS 3.5.3 for sometime now and have never needed the
> attributes. I now need to deploy an
tempt.
I also checked through forums and my configs look the same so I am stuck.
Please help! I have attached debug logs and deployerConfig
Jason
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential;
intended for only the recipient(s) named abov
I added the following in deployerConfigContext.xml,
and revised the cas-servlet.xml to,
After that, I made a few failed logins, and found that the database is
st
I have seen these after login,
JSESSIONID - Session
CASPRIVACY - Warn Cookie
CASTGC - Ticket Granting
JASON
On Tue, Feb 17, 2015 at 3:51 PM, Neil Sabol wrote:
> Hello Jay,
>
> In line with Carl's response, there is a MOD_AUTH_CAS session cookie if
> you are using Ap
uming this would grant a service ticket and then redirect to the
page I created "idmManagePassView" which is basically a copy of
"casMustChangePassView" with a link to change their password behind the CAS
protected password application.
Any help would be appreciated,
JASON
--
Y
On Mon, Nov 10, 2014 at 11:31 AM, Jason Whitener wrote:
> Hi Alberto/Unicon,
>
> Thanks. I was able to get everything to work.
>
> If anyone w
Hi Alberto/Unicon,
Thanks. I was able to get everything to work.
If anyone wants a non-ssl ldap deployerConfig using bind credentials, let
me know and I'll post it.
Jason
On Mon, Nov 10, 2014 at 1:17 AM, Alberto Cabello Sánchez
wrote:
> On Fri, 07 Nov 2014 16:24:13 -0800
> Jas
try
key-ref value of ldapAuthenticationHandler.
I guess I'm just having difficulty putting all the pieces together. A
complete ldap example, starting from the top of a deployerConfigContext.xml
file would be very useful.
thanks,
Jason
--
You are currently subscribed to cas-user@lists.ja
I finally got this working, but I am not sure what I was doing wrong before.
Wish I did, but I don't, it just started working. My guess is there was
something tiny wrong with my config that I corrected by accident.
Just wanted to say thanks for the help!
--
You are currently subscribed to cas
Well thanks for the help; it's progress just to confirm that my config seems
okay.
I feel like improper credentials to my database in the
deployerConfigContext.xml file should result in clear error messages in the
logs to the effect that the database connection is failing.
Any developer on the
Hi Dmitriy,
Thanks again for the help.
Below is the relevant config from deployerConfigContext.xml, with a few of the
surrounding lines for context. Although "passwordhash" appears in the sql
statement, this is a plain text field in the db at the moment.
Hi Dmitriy,
Thanks for the reply.
Passwords are stored in the db as plain text. Ultimately, they would be stored
as a one-way hash, but for now plain text is fine and should make things easier.
I am trying to first simply establish that CAS connects to the MySQL db.
Changing the MySQL connec
I am using CAS 4.0.0 on Ubuntu 14.04 LTS with Tomcat7. I got the quick demo
working, and now I am trying to configure it for authentication against MySQL.
I am not using the maven overlay; I am not much of a Java developer and could
not get it to work, so I have simply downloaded the 4.0.0 tar
So, all our ticketRegistry.xml has in it is below. Should we just comment out
everything under ?
http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:tx="http://www.spri
I don't see a link in your email
-Original Message-
From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Tuesday, April 22, 2014 9:14 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] TGT table not getting cleaned up
On Tue, Apr 22, 2014 at 9:10 AM, Jason Roscoe
How would I go about removing the Java/Quartz job?
Jason Roscoe | Rite Aid | T: (717) 761-2633 x5581| jros...@riteaid.com
-Original Message-
From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Tuesday, April 22, 2014 9:09 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user
I don’t think it’s a permissions issue. Even after we wiped the table clean,
we are still getting the below error, and the table is growing again:
2014-04-17 19:51:52,279 ERROR [org.hibernate.util.JDBCExceptionReporter] - DB2
SQL Error: SQLCODE=-911, SQLSTATE=40001, SQLERRMC=68, DRIVER=3.50.152
Ok, so this morning we dropped and recreated the TICKETGRANTINGTICKET and
SERVICETICKET tables in our production environment. It still does not look
like any records in the TICKETGRANTINGTICKET table are getting cleaned up after
2 hours. There are rows in there from 4:00AM this morning that sh
This select though is very expensive, per our DBA's. Could it be because there
are over 4 million rows?
-Original Message-
From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Thursday, April 17, 2014 11:38 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] TGT table not g
But the select below would never return anything since that
TICKETGRANTINGTICKET_ID would be null for us since we are not using any proxy.
Thanks!
-Original Message-
From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Thursday, April 17, 2014 11:19 AM
To: cas-user@lists.jasig.o
What about the statement below from our DBA's:
The select that was performing scans which has been the target of our tuning
efforts and runs for 8 hours a day, 6 million reads and is executed about 1,800
times a day is as follows. Essentially, it’s scanning the database all day
long and from w
We are not doing any proxying, so in reality, that column should be null?
Like I said, this process seems to have been working before we implemented
throttling. I'm not sure why thought it started happening around that time.
Can anyone tell me the referncial integrity between the SERVICETICKET
Our DBA's have noticed that the below seems to be occurring in our installation:
The delete that runs for about 3 hours every day is as follows.
DELETE
FROM TICKETGRANTINGTICKET
WHERE ID=?
The select that was performing scans which has been the target of our tuning
efforts and runs for 8 hours a
I used to be able to access services management, but at some point I must
have changed a config or broken something, because it isn't working.
https://cas.domain.edu:9443/cas/services/manage.html
redirects to
https://cas.domain.edu:9443/cas/login?service=https%3A%2F%2Fcas.pcc.edu%3A9443%2Fcas%2Fs
Fixed it. I was missing
Jason
On Fri, Oct 18, 2013 at 3:49 PM, Jason Whitener wrote:
> I should note that I do see hibernate attempting to get services from the
> mysql db. Hibernate: select abstractre0_.id as id0_,
> abstractre0_.allowedToProxy as allowedT3_0_, abs
.expression_type
as expression1_0_ from RegisteredServiceImpl abstractre0_
2013-10-18 15:45:10,278 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] -
Just nothing being inserted into RegisteredServiceImpl
On Fri, Oct 18, 2013 at 3:00 PM, Jason Whitener wrote:
> I set CAS 3.5.2 to use MySQL
splay more log details about what SQL is sent and the
responses back?
Jason
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
I found an example pom.xml from some blog, and version 4.1 worked.
In general though, where can one find dependency info? Like on this maven
site,
http://mvnrepository.com/artifact/org.jasig.cas/cas-server-webapp/3.5.2 ,
hibernate versions are missing.
On Thu, Oct 17, 2013 at 1:45 PM, Jason
ifference between the documentation and my set up, is
that my deployerConfigContext.xml file that came with 3.5.2 has references
to spring-beans-3.1.xsd in the schema at the top, whereas the documentation
has spring 2.0 stuff.
In general, how does one determine which versions of all these parts b
That fixed it. I guess apps that I've dealt with in the past had the
trustStore and keyStore set to the same file perhaps.
thanks,
Jason
On Tue, Oct 15, 2013 at 1:13 PM, Marvin S. Addison wrote:
> Maybe it is just Monday and I'm missing something simple, but I assumed
>&g
of this page:
https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide
which I can attach if you think it would help. Nothing stood out to me.
thanks,
Jason
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change se
only getting attributes from one of the two
AD servers. I'm still tracing down what the issue might be.
Jason Nethercott
Architect, Technology Group
jason.netherc...@autodata.net<mailto:jason.netherc...@autodata.net>
Phone:519.451.2323 x6023 Fax:519.451.6615
[cid:image001.png@01CE293
Groups
What am I missing? Or, do I need to talk to my AD administrators about a
possible security or setting issue in our AD servers?
Thanks.
Jason Nethercott
Architect, Technology
Cheers! Love CAS!
Jason
On Mon, Jul 8, 2013 at 3:25 PM, Marvin S. Addison
wrote:
> CAS 4.0.0 release candidate #1 is available for testing and evaluation. We
> heartily encourage early adopters to grab this release from Maven Central,
> integrate into your environment, and provide
Excellent! Many thanks for the fast turn around on this. I've got it up and
running now.
-
Jason Schwanz | Systems Administrator
George Fox University | Administrative Computing
jschw...@georgefox.edu | 503/554-2580
On Thu, May 23, 2013 at 1:18 PM, Dmitriy Kopylenko wrote:
>
Files attached.
-
Jason Schwanz | Systems Administrator
George Fox University | Administrative Computing
jschw...@georgefox.edu | 503/554-2580
On Thu, May 23, 2013 at 11:50 AM, Dmitriy Kopylenko <
dmitriy.kopyle...@gmail.com> wrote:
> Hi Jason,
>
> can you please
x27;s how we do it
instead of a single shared database.
Jason
- Reply message -
From: "Pratap K M"
Date: Sun, Feb 10, 2013 9:53 am
Subject: [cas-user] CAS Server failover?
To:
Dear sir,
In the Single-sign-on(SSO) framework, CAS Server becomes the critical
component. Its fail
other applications also (2 data nodes
and 1 management node) as the backend ticket store and Active Directory for
the User Store.
Jason
On Tue, Jan 8, 2013 at 4:49 PM, William G. Thompson, Jr.
wrote:
> Hi Alberto,
>
> Welcome to CAS!
>
> See if this helps:
> https://wiki
I had a similar issue and it turned out the time on the second load
balanced server was off by a few minutes. I setup ntp on both and the issue
has gone away.
Jason
On Thu, Dec 20, 2012 at 8:54 AM, Carlos Fernandez wrote:
> Abhijit,
>
> Do you have firewalls running on the servers? I
t immediate and user would see just
your shin URL for a split second.
Jason
- Reply message -
From: "Laura McCord"
Date: Thu, Dec 6, 2012 2:46 pm
Subject: [cas-user] Cas and o365 Email
To:
Yeah we are using ADFS and I think is that where the hang-up is occurring. Our
consul
using Microsoft AD it might
be kinda difficult to get it to work since you have to sync users first before
you can use SSO Services.
Jason
- Reply message -
From: "Curtis Long"
Date: Wed, Dec 5, 2012 2:39 pm
Subject: [cas-user] Cas and o365 Email
To:
We were evaluating CAS for
as a middleman.
Jason
- Reply message -
From: "Laura McCord"
Date: Wed, Dec 5, 2012 11:08 am
Subject: [cas-user] Cas and o365 Email
To:
Hi,
I was wondering if anyone has configured CAS SSO to o365 email? If so, I would
love to hear your experience with the topic.
Than
What does your deployerConfigContext.xml look like for the ldap section?
You can remove all the private info from it like yolur server name,
usernames, passwords for the ldap part,
Jason
On Thu, Nov 15, 2012 at 8:11 AM, Min wrote:
> Look at the Error information below, I am wondering if th
-names = 1 needs to be added to
the MySQL Configuration. After I added it the tables were setup correctly.
I just wanted to get that added to the MySQL section so newbie's out there
will get it on the 1st shot,
Jason
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachmen
Hah it works, I added what you mentioned to the AJP Connector section in
the XML file,
Sweetness, time to do some DNS changes
On Mon, Nov 5, 2012 at 12:34 PM, Jason Everling wrote:
> Ok so here is the setup,
>
> Load Balancer in front of 2 CAS Servers both running Apache2 usi
Ok so here is the setup,
Load Balancer in front of 2 CAS Servers both running Apache2 using mod_jk
accessing CAS on port 80 through Apache,
Load Balancer accepts SSL Connection and proxy's the client to the backend
web server on port 80
We have been using HAPROXY and STUNNEL for almost all of ou
What if we are using the same type of setup but using Tomcat with the
Apache AJP Proxy and not using the standard 8080 and 8443 Toimcat ports? I
have tried to do this and when I connect to SSL it connects fine but since
we are connecting to port 80 on the backend server through the load
balancer CA
ation ended.
Is that a mis-configuration issue or a real issue that cas admins have
to contemplate? If it is a real issue, what are some of the best
practices around dealing with discrepant timeout values across
multiple applications?
thank you,
Jason Whitener
Portland Community College
--
Yo
"In our experience, there is no notification sent to applications when
the CASTGC expires"
Thanks, that makes sense.
And I'll probably take you up on the call offer when I get further
into the details:)
Jason
PCC
On Wed, Oct 17, 2012 at 12:35 PM, Andrew Morgan wrote:
> O
Do any of you have cas consultants that you would recommend? We are
in the U.S. - Northwest area / Oregon State. This would be for a
large enterprise set up. ~700,000 user accounts, onsite and offsite
authentication sources, clustered cas, etc...
Jason Whitener
Portland Community College
as well as cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
in cas.properties.
Catalina.out says that I authenticated successfully against our ldap also.
side note: is ROLE_ADMIN a role that must be in our ldap or is that
just an internal CAS role?
thanks,
Jason
--
You are currently subscribed to cas-user@lis
ture.
Have you successfully used this method?
Cheers,
jason
From: Misagh Moayyed [mmoay...@unicon.net]
Sent: Monday, June 04, 2012 12:18 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] Getting userName and Roles after CAS authentication
Have you
lse done this and/or have some pointers? ... TIA!!
Jason
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
y, it is just I need. I just want to know if there is such a mechanism, :-)
Thank you again! Bill & Scott
Jason
On Thu, Apr 26, 2012 at 4:15 PM, William G. Thompson, Jr.
wrote:
> No, CAS doesn't do that. Does CAS Services Management not satisfy your
> need?
>
> Bill
thank you so much, that is what I concerned.
I also want to know if there is a kind of mechanism by which I can set a
secret key on the CAS server and my own services so that other people
without the secret key can not join my SSO because all ticket validations
would fail?
Best Regards,
Jason
using CAS, he can
deploy his own webapp with the parameters (if I don't change the default
validation URLs on my CAS instance), and use my SSO service.
I want to know if there is some other configuration that can prohibit this
happen?
Thank you in advance.
Best Regards,
Jason
--
Yo
e CAS will authenticate a greater
number of people than we will have in JIRA?
Cheers,
Jason
From: Scott Battaglia [scott.battag...@gmail.com]
Sent: Thursday, April 12, 2012 2:39 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] Jira 5 w/CAS .. an
+Jira+with+JASIG+CAS+Client+for+Java+3.1
I'm going to give it a try, but curious if anyone running that combination (or
close to it) and if this is the configuration you use?
Thanks
Jason
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubs
.
You can use the same process for importing the CAS cert (as opposed to the root
signing cert). Just put them in a different store (can't remember the exact
one) for the local computer. IIS should inherit from there.
Jason
From: Balen
as/";
serverName="http://localhost:##
redirectAfterValidation="true" gateway="false"
renew="false" singleSignOut="true"
ticketTimeTolerance="5000" ticketValidatorName="Cas20"
serviceTicketManager=&qu
Hey Everyone,
Thought people might be interested, in our last major product cycle we
embedded a CAS server in our portal solution (myCampus) so every all of our
schools are now also CAS deployments as well. We have a batch update for the
deployment list? ;)
Jason
-Original Message-
From
On 7/7/09 11:24 PM, "Scott Battaglia" wrote:
> Dan & Jason,
>
> Looking at the agenda there doesn't appear to be any outstanding items and no
> new items have been listed so we probably don't need a phone call (plus some
> people will be traveling this we
Thanks Marvin, buy you a drink at the next conference! 2 drinks if we do a
Shib 1.3 & Shib 2.0 version?
Jason
On 7/9/09 3:16 PM, "Marvin Addison" wrote:
> Thanks for pointing those links out, Benn. Maybe some folks are still
> using Shib 1.1, so the first link might be
arryover items, we'll
> defer this call. I'll let you know before Wednesday.
Is CAS Clearpass still on the agenda? Is there a tentative agenda in the
wiki somewhere?
Jason
--
Jason Shao
Director of Product Development
CampusEAI Consortium
1940 East 6th Street, 11th Floor
Cle
Discussing approaches for
supporting ClearPass" did that conversation occur, or is it yet to happen?
If not, would that be a good item to schedule, or spot to continue this
discussion?
Jason
--
Jason Shao
Director of Product Development
CampusEAI Consortium
1940 East 6th Street, 11th
Any pointers?
Jason
On 7/3/09 8:12 AM, "Marvin S. Addison" wrote:
> Have loosely tracked the wiki and list convos, but have been in a
> number of
> conversations recently around CAS & Shib coexistance/interop --
> wondering if
> anyone has interesting approaches/st
Mark,
Thanks! Have we published this somewhere? A quick glance through the wiki
didn't seem to turn up anything.
Jason
On 7/3/09 7:58 AM, "Mark John Rank" wrote:
Jason:
For what it's worth... a few months back I did an informal poll of the list
trying to get at some of
Hey Everyone,
Have loosely tracked the wiki and list convos, but have been in a number of
conversations recently around CAS & Shib coexistance/interop -- wondering if
anyone has interesting approaches/stories to share?
Jason
--
Jason Shao
Director of Product Development
CampusEAI Consor
into CAS, instead
of rewiring the XML config that people might find interesting.
Jason
On 7/1/09 2:37 PM, "Biondi, Dan" wrote:
Jason:
There is a resounding "YES!" from our campus to open a JIRA for ClearPass.
This wasn't done in the past due to our unfamiliarit
Isn't Peoplesoft 9.1 supposed to have some SAML authentication support hooks?
Jason
On 7/1/09 3:36 PM, "Bryan Wooten" wrote:
I'll try and explain. We have several IT organizations on campus and we are in
the process of integrating into one department.
So Dept A has imple
Don't forget on Solaris GNU tar (gtar? Been a while) is generally the one you
want, the default Solaris tar often having issues with long file paths.
Many Solaris admins I know alias gtar as tar as a matter of course though, so
YMMV.
Jason
On 6/23/09 12:54 PM, "Scott Battagl
credentials. Not as pure, but much
easier (easier = possible) to setup.
Jason
On 6/23/09 2:52 PM, "Andrew Tillinghast" wrote:
>
> Exchange 2003, followed the instructions here:
> http://www.ja-sig.org/wiki/display/CAS/CASifying+Outlook+Web+Access+2 but
> didn't change to
chitecture, but there are a number of portal
use-cases especially that are difficult to implement without access to user
credentials.
Jason
--
Jason Shao
Director of Product Development
CampusEAI Consortium
1940 East 6th Street, 11th Floor
Cleveland, OH 44114
Tel: 216.589.9626x249
Fax: 216
tExtraCurlOption(CURLOPT_SSL_VERIFYPEER, FALSE);
> >
> > but that hasn't worked. When we curl the server:
> >
> > curl --verbose -k https://
> >
> > it works fine.
> >
> > Any thoughts?
>
> What version of phpCAS ?
>
Sorry, 1.0.1
-- Jason
77 matches
Mail list logo