Dear all,
this is just to give a feedback about a problem I had few weeks ago.
Moving from cas 3.3.2 to 3.3.5 had the effect of not allowing single
sign out and the log reported the following message:
.
.
.
2009-12-10 11:32:38,060 DEBUG
Jeff,
Did you ever get the module to work? Are you still have issues? After the
documentation was updated on Feb 10, I changed my configuration setting
specified for passwordWarningcheck.xml. I am getting no warning message and
there is nothing in the logs. Logging is set to:
Hi Phil,
Sorry for the delay. I checked that from browser and it was OK.
wget
https://djboss4201.cyii.corp/cas/serviceValidate?service=http://dalfresco01.cyii.corp/alfrescoticket=ST-9-p4sfceld9FAgjDSzhfTe-cas
--2010-02-15 18:49:49--
Hi,
It looks like the connection is valid, but unfortunately I can't see
the contents of the returned page because wget does not validate the
SSL certificate on your CAS server. Can you try again with
'--no-check-certificate' and see what comes back?
-Phil
On Mon, Feb 15, 2010 at 12:58 PM, J
Hi Phil,
Sorry I send the mail before finishing it.
I'm using a self signed certificate but it is the same from tomcat and
tomcat it's working
I send you the same wget result using tomcat
wget
Strange, it does appear that the response is well-formed when it comes
back. Can you try increasing CAS_MAX_RESPONSE_SIZE from 4096 to some
larger value (e.g. 65536 or some other large value) and re-compiling?
The output of the debug log then may shed some light on what exactly
mod_auth_cas is
Hi,
I would suggest avoiding the test I recommended since the SSL
configuration is different. My bet is that the module is just reading
garbage encrypted data since the handshake is probably failing. I
will look into how mod_auth_cas can gracefully handle this issue.
Would you mind creating a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We are running a Big IP load balancer, and our current setup is for the
load balancer to replace the requesting IP with it's own IP, and places
the original IP into into an 'x-forwarded-for' header added to the packet.
We are looking to implement
That would imply that your user is NULL. Does this happen if you don't
enable the throttling login attempts? The throttling login attempts, if
you're doing it by user, defaults to the normal field for userName on the
form.
On Mon, Feb 15, 2010 at 5:03 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
It all depends on what Tomcat and the Servlet spec say should happen. CAS
merely reads from the request object.
If the default doesn't do what you want, you can provide your own filter to
make the ClientInfo object available.
Cheers,
Scott
On Mon, Feb 15, 2010 at 4:57 PM, Jeff Chapin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No, I have not got this to work yet.
I moved focus to other issues on my plate. I will look into this again
further tomorrow, but this appears to be the *EXACT* same experience I
am having -- so we appear to be on the same page, at least.
Jeff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I commented out my modified handlerMappingB from my cas-servlet.xml and
restored the original, and got the same error visiting '/cas/logout' and
not on '/cas/login', which caused me to check my original statement.
When I enabled my original config,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Could you clarify for me -- is this a Tomcat filter, or something inside
CAS?
Thanks for all your hard work!
Jeff
Scott Battaglia wrote:
It all depends on what Tomcat and the Servlet spec say should happen.
CAS merely reads from the request
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I had actually been barking up that tree -- using BindLdap, and not
FastBind, but had to move in different directions. I will try to
replicate your results in the morning and see what I can come up with.
Thanks for the pointers!
Jeff
Vitty, Paul
Paul,
Thanks for the update. I realized that after compiling cas-server-webapps,
my cas-servlet.xml and login-webflow.xml were different from one supplied in
the ldap-pwd-exp modules. I copied them over and restarted tomcat. Now I
am getting a new error. I am looking into this..
--STACK
Hi,
Looks as though you either don't have the accountLockedView defined in your
login-webflow.xml or you don't have the JSP in your WAR file.
Paul Vitty
Apache/MySQL Web Platform Engineer
Application Platform Delivery
Information Services Directorate
University of Ulster
Tel: 02890 366273
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A quick google answered this. Sorry.
Jeff Chapin wrote:
Could you clarify for me -- is this a Tomcat filter, or something inside
CAS?
Thanks for all your hard work!
Jeff
Scott Battaglia wrote:
It all depends on what Tomcat and the
Can you post your relevant config?
On Mon, Feb 15, 2010 at 5:24 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I commented out my modified handlerMappingB from my cas-servlet.xml and
restored the original, and got the same error visiting
You're configuration is wrong. You don't have your Bind Authentication
Handler configured within the authenticationHandlers list.
Cheers,
Scott
On Mon, Feb 15, 2010 at 1:03 AM, Maina Watare mwat...@yahoo.com wrote:
Hi,
I have not added any CredentialsToPrincipalResolver.
I am just
Thanks scott, it worked .
--- On Mon, 2/15/10, Scott Battaglia scott.battag...@gmail.com wrote:
From: Scott Battaglia scott.battag...@gmail.com
Subject: Re: [cas-user] CAS Active Directory LDAP Support
To: cas-user@lists.jasig.org
Date: Monday, February 15, 2010, 7:42 PM
You're
We had similar requirements and we worked them out by wrapping Jasig's
Authentication Filter by our own Authentication Filter.
If anyone is interested in details:
http://midnightit.wordpress.com/2010/02/15/cas-branded-authentication-filter/
Regards,
Yuriy Zubarev
On Sun, Feb 14, 2010 at 7:05
21 matches
Mail list logo
