hi, In CAS 5.3.7 many properties had changed and autoRedirect is one of them. So CAS does not recognize your syntax. Of memory i would say, autoRedirect is now specified fot each external saml 2 identity provider. So the right syntax is cas.authn.pac4j.saml[0].autoRedirect=true.
Best regards, Charaf Le mer. 30 janv. 2019 à 00:04, thai.q.nguyen <[email protected]> a écrit : > Hi there, > > I am on 5.3.7 and the 'cas.authn.pac4j.autoRedirect=true' is no longer > work. > I got this error: > Error creating bean with name > 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not > bind properties to CasConfigurationProperties (prefix=cas, > ignoreInvalidFields=false, ignoreUnknownFields=false, > ignoreNestedProperties=false); nested exception is > org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: > Failed to bind 'cas.authn.pac4j.autoRedirect' from > 'file:///etc/cas/config/cas-test.properties' to 'authn.pac4j.autoRedirect' > property on > 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties' > > and CAS is failed to start. > > Any help is appreciated! > > Thanks, > > Thai > > On Monday, January 28, 2019 at 6:32:33 AM UTC-8, oneill wrote: >> >> Jérôme, >> >> >> >> Thanks for confirming what I’m seeing and for the heads up that the >> behavior is adjusted in 5.3. >> >> I updated my troubleshooting environment to 5.3 over the weekend and >> everything looks good after some initial testing. >> >> >> >> Thank you for the help and your contributions to the project, >> >> Tom >> >> >> >> *From:* [email protected] <[email protected]> *On Behalf Of *Jérôme >> LELEU >> *Sent:* Friday, January 25, 2019 2:06 AM >> *To:* [email protected] >> *Subject:* Re: [cas-user] RE: CAS 5.2 PAC4J SAML 2.0 Delegation Behavior >> >> >> >> Hi, >> >> >> >> You're right: the TGT should be checked first. Notice that things have >> been fixed in 5.3, the autoRedirect property is still computed in the >> DelegationAuthenticationClientAction, but the redirection is applied on the >> HTML page. >> >> Thanks. >> >> Best regards, >> >> Jérôme >> >> >> >> Le jeu. 24 janv. 2019 à 23:25, Tom O'Neill <[email protected]> a écrit : >> >> Hi All, >> >> >> >> I did some additional testing and thought I’d provide an update… >> >> >> >> It seems to me that when autoRedirect is set to ‘true’, the CAS TGT is >> ignored and the user is always sent on to authenticate at the IdP. >> >> When autoRedirect is set to ‘false’ the CAS session is recognized OR the >> user can click a button which will delegate authentication to the IdP. >> >> >> >> In other words, having autoRedirect set to true seems to negate the CAS >> TGT check. >> >> I could see an argument for delegating every time and I could be >> overlooking a detail but I think it would be better to have it check for a >> CAS session and only delegate if the user isn’t already authenticated. >> >> >> >> Thanks, >> >> Tom >> >> >> >> *From:* [email protected] <[email protected]> *On Behalf Of *Tom >> O'Neill >> *Sent:* Thursday, January 24, 2019 2:41 PM >> *To:* [email protected] >> *Subject:* [cas-user] CAS 5.2 PAC4J SAML 2.0 Delegation Behavior >> >> >> >> Hi All, >> >> >> >> I am troubleshooting application integration and looking for some insight. >> >> >> >> We have a CAS 5.2 instance with the PAC4J module, which is being used to >> delegate authentication to an IdP using SAML 2.0. >> >> Based on some testing, it seems like the CAS server is delegating >> authentication to the IdP any time the CAS login method is hit. >> >> >> >> We’re have the PAC4J autoRedirect property set to true – so I don’t >> expect or want CAS to present a login page but I also didn’t expect it to >> redirect to the IDP if the user has a valid TGT. >> >> cas.authn.pac4j.autoRedirect=true >> >> >> >> Can anyone confirm that this is the designed and expected behavior? >> >> Is anyone aware of a different setting or combination of settings that >> might adjust the behavior to what I’m looking for? >> >> >> >> Hopefully I’m missing something. >> >> >> >> Thanks!!! >> >> Tom >> >> >> >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/f92554b4-534b-4500-827a-df019ad7c3d3%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f92554b4-534b-4500-827a-df019ad7c3d3%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFkC%3DrHmCwUOx6bO4-tVJP0dbU1MYYAK1nPx9DFXL8BAnzbacA%40mail.gmail.com.
