Hi Charaf, Thank for the tip! cas.authn.pac4j.saml[0].autoRedirect=true clears the error and CAS is started. However, CAS shows the login page (instead of redirect to IdP's login page).
Not sure if I miss something else. Thanks, Thai On Tuesday, January 29, 2019 at 3:34:05 PM UTC-8, Charafeddine Youssef wrote: > > hi, > > In CAS 5.3.7 many properties had changed and autoRedirect is one of them. > So CAS does not recognize your syntax. Of memory i would say, autoRedirect > is now specified fot each external saml 2 identity provider. So the right > syntax is cas.authn.pac4j.saml[0].autoRedirect=true. > > Best regards, > Charaf > > Le mer. 30 janv. 2019 à 00:04, thai.q.nguyen <[email protected] > <javascript:>> a écrit : > >> Hi there, >> >> I am on 5.3.7 and the 'cas.authn.pac4j.autoRedirect=true' is no longer >> work. >> I got this error: >> Error creating bean with name >> 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not >> bind properties to CasConfigurationProperties (prefix=cas, >> ignoreInvalidFields=false, ignoreUnknownFields=false, >> ignoreNestedProperties=false); nested exception is >> org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: >> Failed to bind 'cas.authn.pac4j.autoRedirect' from >> 'file:///etc/cas/config/cas-test.properties' to 'authn.pac4j.autoRedirect' >> property on >> 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties' >> >> and CAS is failed to start. >> >> Any help is appreciated! >> >> Thanks, >> >> Thai >> >> On Monday, January 28, 2019 at 6:32:33 AM UTC-8, oneill wrote: >>> >>> Jérôme, >>> >>> >>> >>> Thanks for confirming what I’m seeing and for the heads up that the >>> behavior is adjusted in 5.3. >>> >>> I updated my troubleshooting environment to 5.3 over the weekend and >>> everything looks good after some initial testing. >>> >>> >>> >>> Thank you for the help and your contributions to the project, >>> >>> Tom >>> >>> >>> >>> *From:* [email protected] <[email protected]> *On Behalf Of *Jérôme >>> LELEU >>> *Sent:* Friday, January 25, 2019 2:06 AM >>> *To:* [email protected] >>> *Subject:* Re: [cas-user] RE: CAS 5.2 PAC4J SAML 2.0 Delegation Behavior >>> >>> >>> >>> Hi, >>> >>> >>> >>> You're right: the TGT should be checked first. Notice that things have >>> been fixed in 5.3, the autoRedirect property is still computed in the >>> DelegationAuthenticationClientAction, but the redirection is applied on the >>> HTML page. >>> >>> Thanks. >>> >>> Best regards, >>> >>> Jérôme >>> >>> >>> >>> Le jeu. 24 janv. 2019 à 23:25, Tom O'Neill <[email protected]> a >>> écrit : >>> >>> Hi All, >>> >>> >>> >>> I did some additional testing and thought I’d provide an update… >>> >>> >>> >>> It seems to me that when autoRedirect is set to ‘true’, the CAS TGT is >>> ignored and the user is always sent on to authenticate at the IdP. >>> >>> When autoRedirect is set to ‘false’ the CAS session is recognized OR the >>> user can click a button which will delegate authentication to the IdP. >>> >>> >>> >>> In other words, having autoRedirect set to true seems to negate the CAS >>> TGT check. >>> >>> I could see an argument for delegating every time and I could be >>> overlooking a detail but I think it would be better to have it check for a >>> CAS session and only delegate if the user isn’t already authenticated. >>> >>> >>> >>> Thanks, >>> >>> Tom >>> >>> >>> >>> *From:* [email protected] <[email protected]> *On Behalf Of *Tom >>> O'Neill >>> *Sent:* Thursday, January 24, 2019 2:41 PM >>> *To:* [email protected] >>> *Subject:* [cas-user] CAS 5.2 PAC4J SAML 2.0 Delegation Behavior >>> >>> >>> >>> Hi All, >>> >>> >>> >>> I am troubleshooting application integration and looking for some >>> insight. >>> >>> >>> >>> We have a CAS 5.2 instance with the PAC4J module, which is being used to >>> delegate authentication to an IdP using SAML 2.0. >>> >>> Based on some testing, it seems like the CAS server is delegating >>> authentication to the IdP any time the CAS login method is hit. >>> >>> >>> >>> We’re have the PAC4J autoRedirect property set to true – so I don’t >>> expect or want CAS to present a login page but I also didn’t expect it to >>> redirect to the IDP if the user has a valid TGT. >>> >>> cas.authn.pac4j.autoRedirect=true >>> >>> >>> >>> Can anyone confirm that this is the designed and expected behavior? >>> >>> Is anyone aware of a different setting or combination of settings that >>> might adjust the behavior to what I’m looking for? >>> >>> >>> >>> Hopefully I’m missing something. >>> >>> >>> >>> Thanks!!! >>> >>> Tom >>> >>> >>> >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f92554b4-534b-4500-827a-df019ad7c3d3%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f92554b4-534b-4500-827a-df019ad7c3d3%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/423951b2-0bf9-41e1-bb09-ae7cbc1930a5%40apereo.org.
