Re: [cas-user] SAML2 protocol in CAS6.4.6.6
Hi,
Thanks for your responses!
After analize the CAS-6.4.6.6 code I have found that the bean that causes
my problem is created in
*org.apereo.cas.config.CasPersonDirectoryConfiguration*.
Then, when I add in my build.gradle:
implementation "org.apereo.cas:cas-server-support-person-directory:${project
.version}"
CAS is started without problems (*doesn't appear -No qualifying bean of
type 'org.apereo.cas.authentication.attribute.AttributeDefinitionStore- *)
But I have my doubts if this is a good solution, because in:
https://mvnrepository.com/artifact/org.apereo.cas/cas-server-support-person-directory
This library is used in:
*testImplementation *group: 'org.apereo.cas', name:
'cas-server-support-person-directory', version: 'X.X.X'
¿Any idea about this? ¿Is a good solution?
Thanks,
- Xavier -
El dia divendres, 22 de març del 2024 a les 16:03:39 UTC+1, Ray Bon va
escriure:
> Xavier,
>
> The property names may have changed (your version is old).
> Maybe search this blog, https://fawnoos.com/blog/
>
> Ray
>
> On Fri, 2024-03-22 at 06:02 -0700, Xavier Rodríguez wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hello,
>
> I'm not familiar with SAML 2.0 and I need to set up our CAS 6.4.6.6 with
> SAML2 protocol. Our CAS uses Oauth2 + CAS protocol. Now, we need to add
> this protocol.
>
>
> Folowing the documentation:
>
>
> https://apereo.github.io/cas/6.6.x/authentication/Configuring-SAML2-Authentication.html
>
> I've added in gradle:
>
> implementation
> "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"
>
> And in my cas.properties:
>
>cas.authn.saml-idp.core.entity-id: https://mycas.cat/idp
>cas.authn.saml-idp.metadata.file-system.location: file:/etc/cas/saml
>
> I've ever had the same error:
>
> Exception encountered during context initialization - cancelling refresh
> attempt: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name
> 'scopedTarget.samlProfileSamlAttributeStatementBuilder' defined in class
> path resource [org/apereo/cas/config/SamlIdPConfiguration.class]: Bean
> instantiation via factory method failed; nested exception is
> org.springframework.beans.BeanInstantiationException: Failed to instantiate
> [org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder]:
>
> Factory method 'samlProfileSamlAttributeStatementBuilder' threw exception;
> nested exception is
> org.springframework.beans.factory.NoSuchBeanDefinitionException:*No
> qualifying bean of type
> 'org.apereo.cas.authentication.attribute.AttributeDefinitionStore'*available:
> expected at least 1 bean which qualifies as autowire candidate. Dependency
> annotations:
> {@org.springframework.beans.factory.annotation.Autowired(required=true),
> @org.springframework.beans.factory.annotation.Qualifier("attributeDefinitionStore")}
>
> What am I need to define in my Cas-Server?
>
> I try with several configurations and I've get the same result.
>
> Anyone can help me?
>
> Thanks!!!
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2b90efd6-dff4-4e71-8ec3-4607098ea447n%40apereo.org.
[cas-user] SAML2 protocol in CAS6.4.6.6
Hello,
I'm not familiar with SAML 2.0 and I need to set up our CAS 6.4.6.6 with
SAML2 protocol. Our CAS uses Oauth2 + CAS protocol. Now, we need to add
this protocol.
Folowing the documentation:
https://apereo.github.io/cas/6.6.x/authentication/Configuring-SAML2-Authentication.html
I've added in gradle:
implementation
"org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"
And in my cas.properties:
cas.authn.saml-idp.core.entity-id: https://mycas.cat/idp
cas.authn.saml-idp.metadata.file-system.location: file:/etc/cas/saml
I've ever had the same error:
Exception encountered during context initialization - cancelling refresh
attempt: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name
'scopedTarget.samlProfileSamlAttributeStatementBuilder' defined in class
path resource [org/apereo/cas/config/SamlIdPConfiguration.class]: Bean
instantiation via factory method failed; nested exception is
org.springframework.beans.BeanInstantiationException: Failed to instantiate
[org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder]:
Factory method 'samlProfileSamlAttributeStatementBuilder' threw exception;
nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: *No
qualifying bean of type
'org.apereo.cas.authentication.attribute.AttributeDefinitionStore' *available:
expected at least 1 bean which qualifies as autowire candidate. Dependency
annotations:
{@org.springframework.beans.factory.annotation.Autowired(required=true),
@org.springframework.beans.factory.annotation.Qualifier("attributeDefinitionStore")}
What am I need to define in my Cas-Server?
I try with several configurations and I've get the same result.
Anyone can help me?
Thanks!!!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bd4ac22e-bf9e-4fa7-8210-c8a8168f927cn%40apereo.org.
[cas-user] Override WebFlow in CAS 6.3.2
Hi,
In CAS 4.2.3 it is really easy modify the webflow. For example, I override
this file to add my new decisionState between two CAS-states:
login-webflow.xml
How can I do it in CAS 6.3.2 in a easy way?
I have done it by adding my new actions, for example, extending:
implements CasWebflowExecutionPlanConfigurer {
}
As it is explained in:
https://apereo.github.io/cas/6.3.x/webflow/Webflow-Customization-Extensions.html.
But I can't do it modifying de .xml file.
Is it posible that override de login-webflow.xml in this CAS-version to
alter the webflow instead of write Actions in Java? I try to do it but
doesn't work for me.
Thanks!!!
- Xavier -
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/90bedc6a-883c-427b-9eb2-af0fe0ac697en%40apereo.org.
[cas-user] Re: How add a Custom OAuth20Client in CAS 5.3.X
Hi, Are there any way to add my new custom Client Oauth2 in CAS-server 5.3.X without modify the PAC4j library? I need to add my new Client-OAUTH but PAC4j only accept limited clients. Are there any way to Override the CAS-Server to add my new Client Oauth in PAC4j? Thanks!!! El divendres, 15 febrer de 2019 10:06:32 UTC+1, Xavier Rodríguez va escriure: > > Hi, > > I'm upgrading from CAS 4.2.3 to CAS 5.3.3. In CAS 4.2.3 I define my custom > oauth integration in *pac4jContext.xml*: > > > > > https://localhost:8444/oauth-server/oauth2.0"; /> > > > > > How can I do this in CAS 5.3.3? > > In this version of CAS I can activate an Oauth through: > > pac4j: > oauth2[0]: > authUrl: https://myOrg/o/oauth2/auth > tokenUrl: https://myOrg/o/oauth2/token > profileUrl: https://myOrg/services-rest/getUserInfo > profileAttrs: > attr1: attr1 > customParams: > state: state > id: xx.yyy.zz > secret: 3233fdsf4343jk545m543543j > > > I put my Custom Oauth in /java Overlay directory. But I don't know how > indicate to CAS that my Class is a new Oauth client. And In what file can I > put my properties for my custom oauth? In the application.yml? > > Or have I to modify the pac4j-oauth library? But I prefer put my Custom > Oauth in Cas-Overlay. > > Any idea? > > Thanks in advance! > > - Xavier - > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a3cb3dc-3158-40f2-98c0-ff8c53408fdf%40apereo.org.
[cas-user] How add a Custom OAuth20Client in CAS 5.3.X
Hi, I'm upgrading from CAS 4.2.3 to CAS 5.3.3. In CAS 4.2.3 I define my custom oauth integration in *pac4jContext.xml*: https://localhost:8444/oauth-server/oauth2.0"; /> How can I do this in CAS 5.3.3? In this version of CAS I can activate an Oauth through: pac4j: oauth2[0]: authUrl: https://myOrg/o/oauth2/auth tokenUrl: https://myOrg/o/oauth2/token profileUrl: https://myOrg/services-rest/getUserInfo profileAttrs: attr1: attr1 customParams: state: state id: xx.yyy.zz secret: 3233fdsf4343jk545m543543j I put my Custom Oauth in /java Overlay directory. But I don't know how indicate to CAS that my Class is a new Oauth client. And In what file can I put my properties for my custom oauth? In the application.yml? Or have I to modify the pac4j-oauth library? But I prefer put my Custom Oauth in Cas-Overlay. Any idea? Thanks in advance! - Xavier - -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/469ef377-7ba7-495f-bd49-fe7c8287c367%40apereo.org.
[cas-user] Re: JWT Client - Cas Server
Hi,
My question is if in this line:
CasAuthenticationProvider provider = new CasAuthenticationProvider();
I have to modify the "CasAuthenticationProvider" to another similar:
"JWTAuthenticationProvider"
JWTAuthenticationProvider provider = new
JWTAuthenticationProvider(..)
And I have to implement in this JWTAuthenticationProvider the
authenticate() method that only validate the "tiket" passed inthe request?
Thanks,
- Xavier -
El dilluns, 14 gener de 2019 16:23:13 UTC+1, Michele Melluso va escriure:
>
> Hi,
>
> we did it with java-jwt library. Taking inspiration from the readme, hope
> it helps:
>
> https://github.com/auth0/java-jwt
>
> regards
> Michele
>
> On Monday, January 14, 2019 at 4:09:57 PM UTC+1, Xavier Rodríguez wrote:
>>
>> I've configured CAS-Server to return JWT and it works fine. My problem is
>> that I don't know how configure correctly my client to read this token.
>> My client is configured with spring-security-cas package. In a
>> "traditional authentication" CAS I define something similar as:
>>
>> public CasAuthenticationProvider casAuthenticationProvider() {
>> CasAuthenticationProvider provider = new
>> CasAuthenticationProvider();
>> provider.setServiceProperties(serviceProperties());
>> provider.setTicketValidator(ticketValidator());
>> ...
>> provider.setUserDetailsService(
>> s -> new User(...)
>> ...
>> return provider;
>> }
>>
>> In JWT case, I've to define an implementation similar to
>> CasAuthenticationProvider that it reads the ticket
>> (&ticket=eyJhbGciOiJIUzUxMiJ9.ZX...) received from de the cas? Any idea to
>> do this?
>>
>> Regards!
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ee9c9118-032c-4c05-b4ba-ac38af3128fa%40apereo.org.
[cas-user] JWT Client - Cas Server
I've configured CAS-Server to return JWT and it works fine. My problem is
that I don't know how configure correctly my client to read this token.
My client is configured with spring-security-cas package. In a "traditional
authentication" CAS I define something similar as:
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider provider = new
CasAuthenticationProvider();
provider.setServiceProperties(serviceProperties());
provider.setTicketValidator(ticketValidator());
...
provider.setUserDetailsService(
s -> new User(...)
...
return provider;
}
In JWT case, I've to define an implementation similar to
CasAuthenticationProvider that it reads the ticket
(&ticket=eyJhbGciOiJIUzUxMiJ9.ZX...) received from de the cas? Any idea to
do this?
Regards!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9f9df45-9426-45cf-9352-f21bc623502b%40apereo.org.
[cas-user] JWT without encryption key
I'm configuring Cas Server 5.3.3. In one service I need to response a JWT without encryption. Is it possible? I have changed in cas.properties: cas.authn.token.crypto.encryptionEnabled=false But it not has effect. In my service I don't configure the property too: "jwtAsServiceTicketEncryptionKey" How can I disable this property? Regards! - Xavier - -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/45815bd6-e7cd-4c77-8d52-c37613314834%40apereo.org.
Re: [cas-user] Oauth2.0 not redirecting back to app
¡Thanks Jérôme and Marina for your responses!
The problems is in theme. As says Marina I put de cas.js and it works
perfect!!! The redirect in the file not found causes the second call.
Thanks a lot++
Best regards,
- Xavier -
El dimecres, 5 octubre de 2016 14:50:52 UTC+2, Marina Batet va escriure:
>
> Hi Jérôme,
>
> Thanks for your answer!
>
> Yes, I tested it with firebug and there are two calls to the /cas/login.
> The first with the service url and the second without.
>
> The thing is, I have a custom theme defined for my service. If I use the
> default theme, then I have just one call and everything works fine.
>
> But If I define a custom theme (that in itself it just contains some
> images and a css file, it have no calls whatsoever), then, I see two calls
> to /cas/login in firebug.
>
> And the culprit is the file
> WEB-INF/view/jsp/default/ui/includes/bottom.jsp:
>
> src="<c:url value="${casJavascriptFile}" />">
>
> That it's translated in:
>
> src="/cas/themes/mytheme/js/cas.js">
>
> As this file (/mytheme/js/cas.js) does not exist (in the default theme
> /cas/js/cas.js *does* exists), this call it's redirected to /cas/login
>
> I copied the cas/js/cas.js file to my js theme directory and problem
> solved! L¡Just one call to the method and the service it's not null.
>
> Thanks so much for your help, much appreciated! :-)
>
>
> El dimecres, 5 octubre de 2016 13:45:01 UTC+2, leleuj va escriure:
>>
>> Hi,
>>
>> Indeed, the double call to prepareForLoginPage is the culprit. Is there
>> any resource on your login page somehow calling the /login URL again?
>>
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> 2016-10-05 13:28 GMT+02:00 Marina Batet :
>>
>>> Hi Jérôme and everyone,
>>>
>>> This is happening to me in CAS 4.2.3.
>>>
>>> I'm trying it in localhost, with two CAS servers installed, one acting
>>> as the oauth client (/cas) an the other as the oauth server
>>> (/cas-pac4j-oauth-server-demo). And a test app (/test-client-app) that it's
>>> acting as the client of the first cas (the service). There are no Apaches
>>> nor rewrites in this scenario...
>>>
>>> What I'm seeing is that before the login page it's loaded in the
>>> browser, I have two calls to the "prepareForLoginPage" method. In the first
>>> call, the service is stored in session OK. In the second call, the service
>>> is null (?) and the service attribute is overwrited in the session.
>>> Thereafter, when we try to retrieve the service after de oauth delegation,
>>> etc... the service attribute it's null.
>>>
>>> I have put some more traces in the ClientAction class and compiled it in
>>> order to try to understand what it's happening. I have attached the traces
>>> (just the ones before the login page) , but basically, what it's bugging me
>>> is:
>>>
>>> 2016-10-05 12:53:19,412 DEBUG
>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage]
>>> save service:
>>> https://localhost:8443/test-client-app/j_spring_cas_security_check
>>> ...
>>> 2016-10-05 12:53:22,880 DEBUG
>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage]
>>> save service: null
>>>
>>> Why it's this second call overwriting the service as null when it was
>>> previously stored? What I'm doing wrong?
>>>
>>> Thanks in advanced for any response!
>>>
>>>
>>> Best regards,
>>>
>>> El dimecres, 5 octubre de 2016 10:43:05 UTC+2, leleuj va escriure:
>>>>
>>>> Hi,
>>>>
>>>> In the ClientAction, the service has been saved:
>>>>
>>>> 2016-10-03 16:32:17,094 DEBUG
>>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service:
>>>> https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check
>>>>
>>>> But, indeed, the service is not retrieved during the authentication
>>>> (thus no redirect back to the application):
>>>>
>>>> 2016-10-03 16:32:27,930 DEBUG
>>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - retrieve service:
>>>> null
>>>>
>>>> The service is saved into and restored from the web session: anything
>>>> special in your case?
>>>>
>>&
