Hi,
I'd appreciate feedbacks for an idea of mine - does anyone see fitfalls or
security risks?
Basically, my business applications wants to know when logouts occur (java
Single Sign Out Filter). This registration usually occurs when issuing
ServiceTicket - but I wanted to move it to the Ticket
Hi,
I'm trying out a patch/workaround, and would appreciate any opinions on it,
please :)
The issue is single-sign-out when the business application (say "salaries") is
clustered behind a load balancer:
http://jasig.275507.n4.nabble.com/single-sign-out-problem-in-clustered-environment-td2996758
Hi,
We notived if login page has been idle for a while, and then user tries to log
in - it fails, and he needs to re-try (this 2nd attempt succeeds).
I realize the cause is Http session timeout, since the LoginTicket is stored
in session :
http://stackoverflow.com/questions/14135742/cas-credent
for service-to-service interaction.
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Apr 25, 2013 at 8:21 PM, sol myr wrote:
Hi,
>
>Our application requirements are, to give some text explanation when login
>fails (we have several
Hi,
Our application requirements are, to give some text explanation when login
fails (we have several reasons, such as "wrong password", "account locked by
administrator" etc).
Is there a way to return this reason through the RESTful API
(https://wiki.jasig.org/display/CASUM/RESTful+API)?
I.e.
Hi,
One of our applications is a java/Tomcat web-application that uses Ajax (REST
calls).
The problem: if CAS authentication filter intercepts an Ajax call, it asks for
login - and then redirects to the requested REST url... but instead I'd like it
to redirect to the HTML page that issues the c
d credential s
via the Java app which were then used. We have since integrated with Java SSO
client that can access the domain credentials negating the need for user to
enter details.
>On 17 Feb 2013 08:34, "sol myr" wrote:
>
>Hi,
>>We have a legacy non-browser client app
Hi,
We have a legacy non-browser client application (Swing), which does most of the
work locally on the client machine, but occasionally contacts the server using
HttpClient (e.g. REST api to "upload work to server").
The server is a Java web-application on Tomcat.
Is there an easy way to add C
can't do in a sticky session environment.
-----Original Message-
From: sol myr [mailto:solmy...@yahoo.com]
Sent: Sunday, December 09, 2012 2:36 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] Single Sign Out - and load balancer
Hi,
We have a single CAS server, but our *business* applicat
Hi,
Thanks - unfortunately my management forbids shared state for now, but it will
be re-considered in a few months when our architecture matures.
But a million thanks for your willingness to dig up & share this code, it's
deeply appreciated.
As per your remark - please note https://issues.ja
Dear Mr. Marvin Addison,
1) Thanks for replying.
No disrespect was intended, truly. If I had new inputs, I'd gladly contribute.
But please note solutions were already outlined:
https://issues.jasig.org/browse/CAS-742
http://comments.gmane.org/gmane.comp.java.jasig.cas.devel/1495
2) Despite the w
Hi,
We have a single CAS server, but our *business* applications is clustered &
behind a Load Balancer (HAProxy).
We were disappointed to learn that single sign *out* fails on such
architecture, because when CAS sends the "logout" notification to the
application, the notification goes to the Lo
so, using Apache Camel to generate and send real time login/logout events to
external systems might just do the job implementing your use cases. (add Camel
to CAS overlay, configure its route(s) there, etc. - Camel is embeddable and
very lightweight)
Cheers,
Dmitriy.
Sent from my iPhone
On Nov 2
Hi,
I have CAS, plus some Java webapps (running on a separate Tomcats).
Some webapps needs to know which users are logged in (similar to Google Chat,
that shows which of your friends are online).
I need this info through both:
- Query ("select connected users that answer some criteria")
- Even
Hi,
I am using CAS with JBoss 4.2.
I've noticed CAS works great with Servlet/JSP: withing a Servlet/JSP,
request.getUserPrincipal() retrieves the correct user details such as username.
However, if my Servlet invokes a local EJB, it seems that user details aren't
propagated into the EJB. Examp
Hi,
Thanks to everyone who helped me (newbie) understand why CAS uses a different
ServiceTicket per application (especially the security consideration that, if
one application is compromised, the others may still be safe).
Special appreciation to those who manage to provide (useful) replies a
Hi,
I'm very new to CAS/SSO, and where wondering about its design choise.
I'd be grateful if someone has the time to explain:
I gather CAS flow is essentially:
- Browser authenticates to the SSO server, and receives a reusable TGC cookie.
- With this TGC, it can now obtain one-time ST's (ST per a
Sounds nice, thanks very much for this info.
--- On Sun, 2/15/09, Scott Battaglia wrote:
From: Scott Battaglia
Subject: Re: [cas-user] CAS performance results and tips ?
To: cas-user@lists.jasig.org
Date: Sunday, February 15, 2009, 7:57 PM
I don't have any load tests handy but I can give you s
Hi,
We are evaluating CAS, and are interested in performance.
Would anyone please be willing to share either of the following:
1. Performance tips
2. Results for load-tests
3. Results from applications in production, which handle loads of users
Any tips would be most appreciated.
Thanks :)
Hi,
Unfortunately I don't have an answer, but the direction should be - checking
*why* Tomcat can't start the CAS application... could you please check the
following:
1) Spelling: do you have "cas-server-webapp-3.3.1.war", spelled exactly like
this. among your web-applications (by default, it'
Thanks you so very much (to both Mr. Battalgia and Mr. Ströder).
This looks great :)
--- On Thu, 2/12/09, Michael Ströder wrote:
From: Michael Ströder
Subject: Re: [cas-user] CAS + Kerberos integration / LDAP fallback
To: cas-user@lists.jasig.org
Date: Thursday, February 12, 2009, 6:58 AM
sol
Hi,
Thanks very much for the detailed reply :)
You mentioned Kerberos with *fallback* to LDAP, which sounds great.
Could I please ask whether there's built-in CAS support for this?
Or did you implement it yourself?
If it's the latter, could a newbie like me ask for a short hint on how to
appr
:17 PM, sol myr wrote:
Thanks very much for replying.
Sorry for being vague - we'd like the client to obtain a Kerberos ticket, use
it to log into the SSO server, which would validate the Kerberos ticket and
then allow the client to access the business application.
When the SSO serv
odule to speak to Kerberos and then all of
your applications would just speak to CAS.
-Scott
On Wed, Feb 11, 2009 at 8:30 AM, sol myr wrote:
Hi,
We are evaluation CAS.
Our security guys require Kerberos authentication (note: all our machines are
Windows, servers and clients alike). Now w
Hi,
We are evaluation CAS.
Our security guys require Kerberos authentication (note: all our machines are
Windows, servers and clients alike). Now we were wondering: how does CAS
support Kerberos, exactly? In particular :
Is it possible/customary to configure CAS to use Kerberos tickets *inste
Hi,
We are evaluating CAS SOO, and were wondering how it handles HTTP sessions:
Suppose a user is browsing through several pages of the same web-application
("page1.jsp", "page2.jsp", "page3.jsp"), all within the same HTTP session.
Obviously, when accessing "page1" he'll be asked to log in, wit
Hi,
We are currently evaluating CAS for single sign on, and are especially
interested in clustering ( load balancing and failover).
We saw some great wiki documentation on clustering the *CAS server* itself.
However, we are still looking for documentation on clustering our *business*
applicatio
27 matches
Mail list logo