date:20161014

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

2016-10-14 Thread Brandon Martin

I'm currently trying to set this up, I have everything working except LDAP 
authentication. I'd love to see the deployerContextConfig.xml you posted 
here but the link is now dead.

On Tuesday, October 4, 2016 at 3:26:52 PM UTC-7, Dan Roque wrote:
>
> Hi Hank,
>
>Here are my working files using CAS 4.2.6 and Active Directory LDAP 
> (domain info redacted)
>
> deployerConfigContext.xml - http://pastebin.com/AnZJRpSw
> cas.properties - http://pastebin.com/AnZJRpSw
>
> Note: This requires the ldaptive libraries in order to work properly.
>
> http://www.ldaptive.org/download.html
>
> Dan
>
> On Tuesday, October 4, 2016 at 5:48:35 PM UTC-4, Hank Foss wrote:
>>
>> Also, there was no response when I ran:
>>
>>   $ netstat -c -t | grep -e $NAME_OF_YOUR_DIRECTORY_HOST 
>>
>>
>>
>> On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote:
>>>
>>> Thanks to the documentation, I've been able to get far with the CAS 
>>> build so far, but LDAP has been a bit of a challenge so far.
>>>
>>> I followed this link to the letter:
>>> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html 
>>>  Then I re-ran maven by running* mvn install package*, reloaded WAR 
>>> file, and restarted Tomcat - not much luck so far.
>>>
>>> What is good is that the log file cas.log has shown the source IP and 
>>> attempting logon username. So that's a step in the right direction: at 
>>> least it's showing the failure!
>>>
>>> The local user casuser / Mellon logons are successful, and the cas.log 
>>> shows that too. 
>>>
>>> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated.
>>>
>>>
>>> Thanks,
>>> Hank
>>>
>>

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4609b641-e553-4cd7-b4e0-198ca612e235%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 2.0 attribute return?

2016-10-14 Thread Misagh Moayyed



I'm guessing that since there is an officially supported version of the 
protocol that does attribute return, the "easy" hack of adding it in is 
no longer easy. 
No. You just make this file [1] look like this file [2], and you’re done. 
(v4.2.x)

[1] 
https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp

[2] 
https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/3.0/casServiceValidationSuccess.jsp
 

Or you force traffic to go to p3/ and you wouldn’t have to change anything. 



A rather herculean yet more “reasonable” thing to do is to get your vendors to 
upgrade. 

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.580127bc.53078a4b.2a59%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 5 RC3 attribute lookup

2016-10-14 Thread Richard Frovarp


On 10/13/2016 05:54 PM, Baron Fujimoto wrote:

On Thu, Oct 13, 2016 at 05:19:19PM -0500, Richard Frovarp wrote:

I'm very confused as to how to do attribute lookup with CAS 5.

In the actual service entry I have the return all attributes policy, so that
shouldn't be hanging me up.

I am doing AD / LDAP authentication, and it's also where my attributes are
at.

I don't see how

cas.authn.attributeRepository.attributes.uid=uid

does anything, because if I add another attribute there, nothing happens.

I don't see cas.authn.attributeRepository.ldap group of entries doing
anything.

I also don't see cas.authn.ldap[0].additionalAttributes doing much.

If I set cas.authn.ldap[0].principalAttributeList to have more attributes, it
appears to work. But it's also including uid, which isn't in my list. Is that
because of the entry above?

Do I even need to have the cas.authn.attributeRepository.ldap section?

cas.authn.attributeRepository.attributes.* are used as defaults unless set
otherwise and can have unexpected results (see my earlier post re cn being
remapped by cas.authn.attributeRepository.attributes.cn=commonName) I
believe these may be deprecated or changed in future releases.

I define all the attributes in cas.authn.ldap[0].principalAttributeList

Since we release all of them by default, what I actually do is define a
variable, and use that to factor out the list of attributes so I don't
have to replicate it in multipe places. YMMV.

our.default.attributes=\
   cn,\
   displayName,\
   ... etc ...
   mail,\
   uid

cas.authn.ldap[0].principalAttributeList=${our.default.attributes}
cas.authn.attributeRepository.defaultAttributesToRelease=${our.default.attributes}



Thanks for the info. I got that punched in and my config cleaned up 
quite a bit.


--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5eb60a82-e137-4f9b-335d-3a04ce7cb763%40ndsu.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 2.0 attribute return?

2016-10-14 Thread Richard Frovarp


On 10/14/2016 12:15 PM, Baron Fujimoto wrote:

On Wed, Oct 12, 2016 at 11:21:50AM -0500, Richard Frovarp wrote:

There was a sort of extension to the CAS 2.0 protocol that allowed for
attribute return. Is that even possible in the upcoming 5.x line? I can't see
anything in the docs for the 4.x line, so I'm guessing not. I think we have
some old services that were doing CAS 2.0 with attribute return. They
certainly were all external vendors.

Thanks,

Richard

The /cas/samlValidate endpoint has returned attributes via SAML for a
long time in CAS. It's still present in 5.x.



I haven't tried it yet, but /p3/serviceValidate should also return
attributes via XML or JSON.



-baron


Yeah, most of our stuff does SAML 1.1. I know some vendors were 
specifically doing CAS 2.0, and expecting attribute return. You used to 
be able to hack something into the xslt to have it put the attributes 
there in an extension that some of the CAS clients understood.


I did see that CAS 3.0 supports attributes. It might just come down to 
pointing them at that validator. It also might come down to having them 
upgrade. The unfortunate part is that the list of vendors needing this 
has been lost to time. I should be able to look at the logs and see who 
is hitting the CAS validation endpoint over the SAML one, and go from 
there.


I'm guessing that since there is an officially supported version of the 
protocol that does attribute return, the "easy" hack of adding it in is 
no longer easy.


--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e8d9b0f4-1ea5-657a-965a-4a0b1f4beebb%40ndsu.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Server load w/ 4.2.6

2016-10-14 Thread Misagh Moayyed

You can exclude the hazelcast dependency from the relevant module, and provide 
your own exact version. 

-- 
Misagh

From: Tom Poage 
Reply: Tom Poage 
Date: October 14, 2016 at 8:44:49 PM
To: CAS Community 
Subject:  Re: [cas-user] Server load w/ 4.2.6  

Disabling the fourth node doesn't change anything.  

Profiling shows the highest CPU/time is spent in Hazelcast. Whether this is a 
result of the updated Hazelcast version or the new synchronous CAS code remains 
to be seen.  

Is it oossible to downgrade Hazelcast version (say, to 3.6) on CAS 4.2.6, i.e. 
were any new Hazelcast version-specific changes made between roughly 4.2.[12] 
and 4.2.6?  

Thanks.  
Tom.  

> On Oct 13, 2016, at 2:18 PM, Tom Poage  wrote:  
>  
> Afternoon,  
>  
> On moving from 4.2.1 to 4.2.6, our apparent system load increased 
> dramatically.  
>  
> Run queue went from as high as 4 to nearly 30, with (Linux) load average 
> jumping from a max of 0.2 to about 15 for a user base (TGT count) of 46k.  
>  
> A code diff doesn’t seem to show much, except perhaps for the addition of a 
> synchronous ticketTransactionManager. The only other likely candidate is 
> either the bump in Hazelcast version, or that we went from 3 to 4 (single 
> CPU) VMs in the cluster (point-to-point instead of multicast). CPU increased 
> from a high of about 20% (usually 5-8%) to the 50% range. This is on all 
> nodes. Ironically, response time doesn’t seem all that bad, though is a bit 
> sluggish.  
>  
> Anyone else experience something similar?  
>  
> Thanks!  
> Tom.  
>  
> --  
> CAS gitter chatroom: https://gitter.im/apereo/cas  
> CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html  
> CAS documentation website: https://apereo.github.io/cas  
> CAS project website: https://github.com/apereo/cas  
> ---  
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.  
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.  
> To post to this group, send email to cas-user@apereo.org.  
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.  
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/F67D31AA-2CFC-4DDA-8C5D-922E0B87798F%40ucdavis.edu.
>   
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.  

--  
CAS gitter chatroom: https://gitter.im/apereo/cas  
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html  
CAS documentation website: https://apereo.github.io/cas  
CAS project website: https://github.com/apereo/cas  
---  
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.  
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.  
To post to this group, send email to cas-user@apereo.org.  
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.  
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4FAA8E69-3C2E-46E4-9BB5-9C48E5D40A31%40ucdavis.edu.
  
For more options, visit https://groups.google.com/a/apereo.org/d/optout.  

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5801198c.5a84c4be.2a59%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] How does CAS 4.1.X behave like SAML IdP?

2016-10-14 Thread Dmitriy Kopylenko

Short answer: CAS < v5 cannot act like a standalone SAML IDP. CAS 5 can -> 
https://apereo.github.io/cas/development/installation/Configuring-SAML2-Authentication.html
 


Cheers,
D.



> On Oct 13, 2016, at 12:56 PM, Yan Zhou  wrote:
> 
> Hi there, 
> 
> I am a little confused on SAML support on CAS 4.1.x.  It maybe my 
> understanding of SAML is very beginning, too.
> 
> I have viewed CAS as an Enterprise SSO solution, rather than a Federated SSO 
> solution (across enterprises). But, I hear different things about SAML 
> support in CAS. 
> 
> CAS 4.1.x doc says:  The CAS server implements the CAS protocol on server 
> side and may even behave like  SAML IdP.How does CAS 4.1.X behave 
> like  SAML IdP?  
> 
> The doc says that CAS supports the standardized SAML 1.1 protocol primarily 
> to:  1)Support a method of attribute release  2) Single Logout.  It seems 
> suggesting that it does _not_ act like SAML IdP?
> 
> The doc. also says that CAS can serve as the authentication provider for 
> Shibboleth.   If CAS 4.1.X can behave like SAML IdP, why would it need 
> Shibboleth?
> 
> Thanks,
> 
> -- 
> CAS gitter chatroom: https://gitter.im/apereo/cas 
> 
> CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
> 
> CAS documentation website: https://apereo.github.io/cas 
> 
> CAS project website: https://github.com/apereo/cas 
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To post to this group, send email to cas-user@apereo.org 
> .
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fbcd45d-6f03-4b57-a108-6045a3004132%40apereo.org
>  
> .
> For more options, visit https://groups.google.com/a/apereo.org/d/optout 
> .

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/E580CCE6-2351-436F-AB81-D9746BE716A1%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] AcceptUsersAuthenticationHandler#0 class not found error

2016-10-14 Thread Dmitriy Kopylenko

https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html 


Cheers,
D.

> On Oct 14, 2016, at 9:21 AM, Xin Gong  wrote:
> 
> Hi Dmitriy,
> 
> Thank you so much for your quick reply. I have tried CAS 4.2.6. I got a 
> different error. I believe it is because I added the following whitelist in 
> [/WEB-INF/deployerConfigContext.xml file. 
> 
> 
> 
>
> 
> 
> 
> I followed the example in 
> https://apereo.github.io/cas/4.0.x/installation/Whitelist-Authentication.html 
> .
>  it is probably too old. not sure how to add whitelist in the new CAS module.
> 
> Best regards,
> 
> Xin
> 
> 
> On Thu, Oct 13, 2016 at 3:30 PM, Dmitriy Kopylenko  > wrote:
> Wrong module and package. v 4.0.0 has the 
> org.jasig.cas.authentication.AcceptUsersAuthenticationHandler in the 
> 'cas-server-core’ module. But more generally, v 4.0,0 is pretty old, so I’d 
> suggest moving into the latest version of CAS.
> 
> Cheers,
> D.
> 
>> On Oct 13, 2016, at 3:14 PM, Xin Gong > > wrote:
>> 
>> Hi,
>> 
>> I have tried to set up cas server. I have added this for 
>> AcceptUsersAuthenticationHandler to pom.xml 
>> 
>>   org.jasig.cas
>>   cas-server-support-generic
>>   4.0.0
>> 
>> 
>> After I reboot tomcat container, I see cas-server-support-generic-4.0.0.jar 
>> under $TOMCAT_HOME/webapps/cas-server-webapp-4.0.0/WEB-INF/lib.
>> 
>> However, there is an error in catalina.out;
>> 
>> org.springframework.beans.factory.BeanCreationException: Error creating bean 
>> with name 'scheduler' defined in ServletContext resource 
>> [/WEB-INF/spring-configuration/applicationContext.xml]: Invocation of init 
>> method failed; nested exception is 
>> org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find 
>> class [org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler] for 
>> bean with name 
>> 'org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler#0' defined 
>> in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested 
>> exception is java.lang.ClassNotFoundException: 
>> org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler
>> 
>> Thank you for help!
>> 
>> Xin
>> 
>> -- 
>> CAS gitter chatroom: https://gitter.im/apereo/cas 
>> 
>> CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
>> 
>> CAS documentation website: https://apereo.github.io/cas 
>> 
>> CAS project website: https://github.com/apereo/cas 
>> 
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org 
>> .
>> To post to this group, send email to cas-user@apereo.org 
>> .
>> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca2f8002-57a1-40cd-acac-173fea1c6264%40apereo.org
>>  
>> .
>> For more options, visit https://groups.google.com/a/apereo.org/d/optout 
>> .
> 
> 
> 
> 
> -- 
> Xin

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/175E504D-FE69-4C44-97D7-4E11087B3AC0%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] AcceptUsersAuthenticationHandler#0 class not found error

2016-10-14 Thread Dmitriy Kopylenko

Wrong module and package. v 4.0.0 has the 
org.jasig.cas.authentication.AcceptUsersAuthenticationHandler in the 
'cas-server-core’ module. But more generally, v 4.0,0 is pretty old, so I’d 
suggest moving into the latest version of CAS.

Cheers,
D.

> On Oct 13, 2016, at 3:14 PM, Xin Gong  wrote:
> 
> Hi,
> 
> I have tried to set up cas server. I have added this for 
> AcceptUsersAuthenticationHandler to pom.xml 
> 
>   org.jasig.cas
>   cas-server-support-generic
>   4.0.0
> 
> 
> After I reboot tomcat container, I see cas-server-support-generic-4.0.0.jar 
> under $TOMCAT_HOME/webapps/cas-server-webapp-4.0.0/WEB-INF/lib.
> 
> However, there is an error in catalina.out;
> 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'scheduler' defined in ServletContext resource 
> [/WEB-INF/spring-configuration/applicationContext.xml]: Invocation of init 
> method failed; nested exception is 
> org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find 
> class [org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler] for 
> bean with name 
> 'org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler#0' defined 
> in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested 
> exception is java.lang.ClassNotFoundException: 
> org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler
> 
> Thank you for help!
> 
> Xin
> 
> -- 
> CAS gitter chatroom: https://gitter.im/apereo/cas 
> 
> CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
> 
> CAS documentation website: https://apereo.github.io/cas 
> 
> CAS project website: https://github.com/apereo/cas 
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To post to this group, send email to cas-user@apereo.org 
> .
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca2f8002-57a1-40cd-acac-173fea1c6264%40apereo.org
>  
> .
> For more options, visit https://groups.google.com/a/apereo.org/d/optout 
> .

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78915F83-49EA-45D5-B5D3-1A35F169B489%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 4.1.x, use a different authentication provider based on the theme of Login page

2016-10-14 Thread Dmitriy Kopylenko

On the other hand, CAS v5 has this functionality built-in! See the 
‘requiredHandlers’ property: 
https://apereo.github.io/cas/development/installation/Service-Management.html 


Could be another reason to consider CAS5 ;-)

Cheers,
D.

> On Oct 13, 2016, at 2:02 PM, Dmitriy Kopylenko  wrote:
> 
> Off the top of my head - you’d need to somehow make the current “Service” 
> instance available to the authn handler - perhaps a SWF state to bind it to 
> ThreadLocal and then use the ServicesManager instance to look up the 
> Registered service based on the current Service requesting authentication 
> transaction from CAS: 
> https://github.com/apereo/cas/blob/4.1.x/cas-server-core-api/src/main/java/org/jasig/cas/services/ServicesManager.java#L57
>  
> 
> 
> In any case, you’d need to do some “gymnastics” there…
> 
> D.
> 
>> On Oct 13, 2016, at 1:55 PM, Zhou, Yan > > wrote:
>> 
>> Good idea, can you elaborate how I can get this data in authentication 
>> handler?
>> 
>> the data is at entity:  RegexRegisteredService.properties.values,  but how 
>> do I get it?  If I have to look up database, I would need a key to look up 
>> for.  If it is somewhere populated for the particular service user is 
>> logging into, how do I get to it from authentication handler?
>> 
>> Thx!
>> 
>> 
>> On 10/13/2016 1:32 PM, Dmitriy Kopylenko wrote:
>>> The quick way to implement this would be to utilize Registered services 
>>> custom properties: 
>>> https://apereo.github.io/cas/4.1.x/installation/Configuring-Service-Custom-Properties.html
>>>  
>>> 
>>>  and set which authentication source to use for each defined service. Then 
>>> you’ll have access to this data at runtime via the ServicesManager, etc.
>>> 
>>> D.
>>> 
 On Oct 13, 2016, at 1:25 PM, Yan Zhou > wrote:
 
 Hello,
 
 We have several data source of user credentials, they come from different 
 applications and we are unable to merge them into one single source.  
 
 Instead of configuring CAS to go through each authentication provider 
 until one returns SUCCESS, I wish to select the right provider based on 
 the application user is trying to login, i.e., the theme of login page.   
 Another way to explain this is that my login page has a "domain" field in 
 addition to username and password field. 
 
 This is not the best idea, but I cannot think of anything better.   
 
 I can extend AbstractUsernamePasswordAuthenticationHandler and implement  
 authenticateUsernamePasswordInternal()  to carry out the authentication. 
 
 1) How can I pass in an additional value (such as the CSS theme of login 
 page) into this method? it only supports user name and password. I need an 
 additional value to indicate which authentication provider I should use.
 
 2) any alternative solution?
 
 Thanks,
 Yan
 
 -- 
 CAS gitter chatroom: https://gitter.im/apereo/cas 
 
 CAS mailing list guidelines: 
 https://apereo.github.io/cas/Mailing-Lists.html 
 
 CAS documentation website: https://apereo.github.io/cas 
 
 CAS project website: https://github.com/apereo/cas 
 
 --- 
 You received this message because you are subscribed to the Google Groups 
 "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to cas-user+unsubscr...@apereo.org 
 .
 To post to this group, send email to cas-user@apereo.org 
 .
 Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ 
 .
 To view this discussion on the web visit 
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6dd16c1-ee2e-4bb6-8d46-6f44d1f891ed%40apereo.org
  
 .
 For more options, visit https://groups.google.com/a/apereo.org/d/optout 
 .
>>> 
>> 
>> 
>> -- 
>> CAS gitter chatroom: https://gitter.im/apereo/cas 
>> 
>> CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
>> 
>> CAS documentation

Re: [cas-user] ehcache replication issue between CAS 4.2.5 nodes.

2016-10-14 Thread Boris Pogrebitskiy

RESOLVED.
Found that old ehcache-replicated.xml file on servers had cache names that
didn't match cas.properties

*Thank you,*

*Boris Pogrebitskiy | IQNavigator | Sr. Java Developer*

(303) 731-6643 • bpogrebits...@iqn.com 
6465 Greenwood Plaza Blvd. • Suite 800 • Centennial, CO • 80111 • USA
* “If you have knowledge , let others light their candles in it.”* - Margaret
Fuller

On Thu, Oct 13, 2016 at 4:54 PM, Boris Pogrebitskiy 
wrote:

> Problem with Ehcache replication on Tomcat servers running 2 CAS 4.2.5
> nodes. Looks like ST replication isn't working between 2 nodes.
>
> Any help is appreciated.
>
> This is short version of log file showing that ST ticket was created on
> SecurityService02, but not found on SecurityService01 milliseconds later.
>
> 2016-10-13T22:22:06,503Z SecurityService02 null DEBUG
> org.jasig.cas.ticket.registry.EhCacheTicketRegistry [scheduler_Worker-5]
> [] : Ticket ST-10-IAhAyqLGE6eBJAnHCViP-dv01sec001.xxx.com is removed
> 2016-10-13T22:22:06,496Z SecurityService02 null DEBUG
> org.jasig.cas.ticket.registry.TicketRegistryCleaner [scheduler_Worker-5]
> [] : Cleaning up expired service ticket [ST-10-IAhAyqLGE6eBJAnHCViP-dv
> 01sec001.xxx.com]
> 2016-10-13T22:21:21,482Z SecurityService01 null ERROR
> org.jasig.cas.web.ServiceValidateController [http-bio-18180-exec-13]
> [] : Failed to create proxy granting ticket for https://
> dv01.xxx.com/falcon/secure/receptororg.jasig.cas.ticket.
> InvalidTicketException: ST-10-IAhAyqLGE6eBJAnHCViP-dv01sec001.xxx.com
> 2016-10-13T22:21:21,481Z SecurityService01 null DEBUG
> org.jasig.cas.CentralAuthenticationServiceImpl [http-bio-18180-exec-13]
> [] : Ticket [ST-10-IAhAyqLGE6eBJAnHCViP-dv01sec001.xxx.com] by type [
> ServiceTicket] cannot be foundin the ticket registry.
> 2016-10-13T22:21:21,481Z SecurityService01 null DEBUG
> org.jasig.cas.ticket.registry.EhCacheTicketRegistry
> [http-bio-18180-exec-13] [] : No ticket by id [
> ST-10-IAhAyqLGE6eBJAnHCViP-dv01sec001.xxx.com
> ] is found in the
> registry
> 2016-10-13T22:21:21,419Z SecurityService02 null DEBUG
> org.jasig.cas.CentralAuthenticationServiceImpl [http-bio-18280-exec-18]
> [] : Publishing org.jasig.cas.support.events.C
> asServiceTicketGrantedEvent@57d7da6a[ticketGrantingTicket=or
> g.jasig.cas.ticket.registry.TicketGrantingTicketDelegator@9a
> aeddec,serviceTicket=ST-10-IAhAyqLGE6eBJAnHCViP-dv01sec001.xxx.com
> ]
> 2016-10-13T22:21:21,419Z SecurityService02 null INFO
>  org.jasig.cas.CentralAuthenticationServiceImpl [http-bio-18280-exec-18]
> [] : Granted ticket [ST-10-IAhAyqLGE6eBJAnHCViP-dv01sec001.xxx.com
> ] for service [
> https://dv01.xxx.com/falcon/j_spring_cas_security_check] and principal
> [ELUX/dummytest]
>
> BUT i also see following messages in the log:
> ---
> 2016-10-13T21:59:27,865Z SecurityService01 null DEBUG
> net.sf.ehcache.distribution.RMIBootstrapCacheLoader [Bootstrap Thread for
> cache iqn_ServiceTicket] [] : Empty list of cache peers for cache
> iqn_ServiceTicket. No cache peer to bootstrap from.
> 2016-10-13T21:59:27,865Z SecurityService01 null DEBUG
> net.sf.ehcache.distribution.RMIBootstrapCacheLoader [
> Bootstrap Thread for cache iqn_ServiceTicket] [] : cache peers: []
> ---
> 2016-10-13T21:59:36,508Z SecurityService02 null DEBUG
> net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory
> [localhost-startStop-1] [] : Registering peer //
> dv01sec001.xxx.com:41001/cas_st
> 2016-10-13T21:59:36,508Z SecurityService02 null DEBUG
> net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory
> [localhost-startStop-1] [] : Registering peer //
> dv01sec001.xxx.com:41001/cas_tgt
> 2016-10-13T21:59:25,834Z SecurityService01 null DEBUG
> net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory
> [localhost-startStop-1] [] : Registering peer //
> dv01sec001.xxx.com:41002/cas_tgt
> 2016-10-13T21:59:25,834Z SecurityService01 null DEBUG
> net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory
> [localhost-startStop-1] [] : Registering peer //
> dv01sec001.xxx.com:41002/cas_st
>
> CAS Ehcache configuration:
> ##
> # Ehcache Ticket Registry settings required until we can completly remove
> Ehcache
> # can skip some of these properties to use default defined in
> WEB-INF/spring-configuration/ehcache-ticket-registry.xml
> #
> ehcache.config.file=classpath:ehcache-replicated.xml
> ehcache.cachemanager.shared=true
> ehcache.cachemanager.name=iqn_ticketRegistryCacheManager
> ehcache.disk.expiry.interval.seconds=0
> ehcache.disk.persistent=false
> ehcache.eternal=false
> ehcache.max.elements.memory=1
> ehcache.max.elements.disk=2
> ehcache.eviction.policy=LRU
> ehcache.overflow.disk=true
> ehcache.cache.st.name=iqn_ServiceTicket
> ehcache.cache.st.timeIdle=0
> ehcache.cache.st.timeAlive=300
>

Re: [cas-user] Server load w/ 4.2.6

2016-10-14 Thread Tom Poage

Disabling the fourth node doesn't change anything.

Profiling shows the highest CPU/time is spent in Hazelcast. Whether this is a 
result of the updated Hazelcast version or the new synchronous CAS code remains 
to be seen.

Is it oossible to downgrade Hazelcast version (say, to 3.6) on CAS 4.2.6, i.e. 
were any new Hazelcast version-specific changes made between roughly 4.2.[12] 
and 4.2.6?

Thanks.
Tom.

> On Oct 13, 2016, at 2:18 PM, Tom Poage  wrote:
> 
> Afternoon,
> 
> On moving from 4.2.1 to 4.2.6, our apparent system load increased 
> dramatically.
> 
> Run queue went from as high as 4 to nearly 30, with (Linux) load average 
> jumping from a max of 0.2 to about 15 for a user base (TGT count) of 46k.
> 
> A code diff doesn’t seem to show much, except perhaps for the addition of a 
> synchronous ticketTransactionManager. The only other likely candidate is 
> either the bump in Hazelcast version, or that we went from 3 to 4 (single 
> CPU) VMs in the cluster (point-to-point instead of multicast). CPU increased 
> from a high of about 20% (usually 5-8%) to the 50% range. This is on all 
> nodes. Ironically, response time doesn’t seem all that bad, though is a bit 
> sluggish.
> 
> Anyone else experience something similar?
> 
> Thanks!
> Tom.
> 
> -- 
> CAS gitter chatroom: https://gitter.im/apereo/cas
> CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> CAS documentation website: https://apereo.github.io/cas
> CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/F67D31AA-2CFC-4DDA-8C5D-922E0B87798F%40ucdavis.edu.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4FAA8E69-3C2E-46E4-9BB5-9C48E5D40A31%40ucdavis.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] AcceptUsersAuthenticationHandler#0 class not found error

2016-10-14 Thread Dmitriy Kopylenko

Note that this: accept.authn.users=casuser::Mellon should go to your 
cas.properties file

> On Oct 14, 2016, at 10:41 AM, Dmitriy Kopylenko  wrote:
> 
> https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html 
> 
> 
> Cheers,
> D.
> 
>> On Oct 14, 2016, at 9:21 AM, Xin Gong > > wrote:
>> 
>> Hi Dmitriy,
>> 
>> Thank you so much for your quick reply. I have tried CAS 4.2.6. I got a 
>> different error. I believe it is because I added the following whitelist in 
>> [/WEB-INF/deployerConfigContext.xml file. 
>> 
>> > class="org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler">
>> 
>>
>> 
>> 
>> 
>> I followed the example in 
>> https://apereo.github.io/cas/4.0.x/installation/Whitelist-Authentication.html
>>  
>> .
>>  it is probably too old. not sure how to add whitelist in the new CAS module.
>> 
>> Best regards,
>> 
>> Xin
>> 
>> 
>> On Thu, Oct 13, 2016 at 3:30 PM, Dmitriy Kopylenko > > wrote:
>> Wrong module and package. v 4.0.0 has the 
>> org.jasig.cas.authentication.AcceptUsersAuthenticationHandler in the 
>> 'cas-server-core’ module. But more generally, v 4.0,0 is pretty old, so I’d 
>> suggest moving into the latest version of CAS.
>> 
>> Cheers,
>> D.
>> 
>>> On Oct 13, 2016, at 3:14 PM, Xin Gong >> > wrote:
>>> 
>>> Hi,
>>> 
>>> I have tried to set up cas server. I have added this for 
>>> AcceptUsersAuthenticationHandler to pom.xml 
>>> 
>>>   org.jasig.cas
>>>   cas-server-support-generic
>>>   4.0.0
>>> 
>>> 
>>> After I reboot tomcat container, I see cas-server-support-generic-4.0.0.jar 
>>> under $TOMCAT_HOME/webapps/cas-server-webapp-4.0.0/WEB-INF/lib.
>>> 
>>> However, there is an error in catalina.out;
>>> 
>>> org.springframework.beans.factory.BeanCreationException: Error creating 
>>> bean with name 'scheduler' defined in ServletContext resource 
>>> [/WEB-INF/spring-configuration/applicationContext.xml]: Invocation of init 
>>> method failed; nested exception is 
>>> org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find 
>>> class [org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler] for 
>>> bean with name 
>>> 'org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler#0' defined 
>>> in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested 
>>> exception is java.lang.ClassNotFoundException: 
>>> org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler
>>> 
>>> Thank you for help!
>>> 
>>> Xin
>>> 
>>> -- 
>>> CAS gitter chatroom: https://gitter.im/apereo/cas 
>>> 
>>> CAS mailing list guidelines: 
>>> https://apereo.github.io/cas/Mailing-Lists.html 
>>> 
>>> CAS documentation website: https://apereo.github.io/cas 
>>> 
>>> CAS project website: https://github.com/apereo/cas 
>>> 
>>> --- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to cas-user+unsubscr...@apereo.org 
>>> .
>>> To post to this group, send email to cas-user@apereo.org 
>>> .
>>> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ 
>>> .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca2f8002-57a1-40cd-acac-173fea1c6264%40apereo.org
>>>  
>>> .
>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout 
>>> .
>> 
>> 
>> 
>> 
>> -- 
>> Xin
> 

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/705DC4BA-F1C3-474D-A755-D39BB21EB46E%40unicon.net.
For more

Re: [cas-user] Server and client version mapping

2016-10-14 Thread Misagh Moayyed

Yes.

-- 
Misagh

From: Uxío Prego 
Reply: Uxío Prego 
Date: October 14, 2016 at 8:37:05 PM
To: CAS Community 
Subject:  [cas-user] Server and client version mapping  

Hi, am in the process of upgrading CAS 3.4.10, mainly using the Java client 
3.2.1, into 5.0.0.RC3, falling back to 4.2.6 in case PITA arises.

IINM am seeing 3.4.1 as the last version of the Java client. This means is 
compatible with all CAS 3 to 5 versions right?

Thanks, regards,
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d205e5e5-d216-45e1-9133-335188a2c93e%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.58011266.45c554ae.2a59%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 4.1.x, use a different authentication provider based on the theme of Login page

2016-10-14 Thread Dmitriy Kopylenko

Off the top of my head - you’d need to somehow make the current “Service” 
instance available to the authn handler - perhaps a SWF state to bind it to 
ThreadLocal and then use the ServicesManager instance to look up the Registered 
service based on the current Service requesting authentication transaction from 
CAS: 
https://github.com/apereo/cas/blob/4.1.x/cas-server-core-api/src/main/java/org/jasig/cas/services/ServicesManager.java#L57
 


In any case, you’d need to do some “gymnastics” there…

D.

> On Oct 13, 2016, at 1:55 PM, Zhou, Yan  wrote:
> 
> Good idea, can you elaborate how I can get this data in authentication 
> handler?
> 
> the data is at entity:  RegexRegisteredService.properties.values,  but how do 
> I get it?  If I have to look up database, I would need a key to look up for.  
> If it is somewhere populated for the particular service user is logging into, 
> how do I get to it from authentication handler?
> 
> Thx!
> 
> 
> On 10/13/2016 1:32 PM, Dmitriy Kopylenko wrote:
>> The quick way to implement this would be to utilize Registered services 
>> custom properties: 
>> https://apereo.github.io/cas/4.1.x/installation/Configuring-Service-Custom-Properties.html
>>  
>> 
>>  and set which authentication source to use for each defined service. Then 
>> you’ll have access to this data at runtime via the ServicesManager, etc.
>> 
>> D.
>> 
>>> On Oct 13, 2016, at 1:25 PM, Yan Zhou >> > wrote:
>>> 
>>> Hello,
>>> 
>>> We have several data source of user credentials, they come from different 
>>> applications and we are unable to merge them into one single source.  
>>> 
>>> Instead of configuring CAS to go through each authentication provider until 
>>> one returns SUCCESS, I wish to select the right provider based on the 
>>> application user is trying to login, i.e., the theme of login page.   
>>> Another way to explain this is that my login page has a "domain" field in 
>>> addition to username and password field. 
>>> 
>>> This is not the best idea, but I cannot think of anything better.   
>>> 
>>> I can extend AbstractUsernamePasswordAuthenticationHandler and implement  
>>> authenticateUsernamePasswordInternal()  to carry out the authentication. 
>>> 
>>> 1) How can I pass in an additional value (such as the CSS theme of login 
>>> page) into this method? it only supports user name and password. I need an 
>>> additional value to indicate which authentication provider I should use.
>>> 
>>> 2) any alternative solution?
>>> 
>>> Thanks,
>>> Yan
>>> 
>>> -- 
>>> CAS gitter chatroom: https://gitter.im/apereo/cas 
>>> 
>>> CAS mailing list guidelines: 
>>> https://apereo.github.io/cas/Mailing-Lists.html 
>>> 
>>> CAS documentation website: https://apereo.github.io/cas 
>>> 
>>> CAS project website: https://github.com/apereo/cas 
>>> 
>>> --- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to cas-user+unsubscr...@apereo.org 
>>> .
>>> To post to this group, send email to cas-user@apereo.org 
>>> .
>>> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ 
>>> .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6dd16c1-ee2e-4bb6-8d46-6f44d1f891ed%40apereo.org
>>>  
>>> .
>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout 
>>> .
>> 
> 
> 
> -- 
> CAS gitter chatroom: https://gitter.im/apereo/cas 
> 
> CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
> 
> CAS documentation website: https://apereo.github.io/cas 
> 
> CAS project website: https://github.com/apereo/cas 
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To post to this group, send email to cas-user@apereo.org 
> .
> Visit this group at

[cas-user] Server and client version mapping

2016-10-14 Thread Uxío Prego

Hi, am in the process of upgrading CAS 3.4.10, mainly using the Java client 
3.2.1, into 5.0.0.RC3, falling back to 4.2.6 in case PITA arises.

IINM am seeing 3.4.1 as the last version of the Java client. This means is 
compatible with all CAS 3 to 5 versions right?

Thanks, regards,

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d205e5e5-d216-45e1-9133-335188a2c93e%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] No principal was found in the response from the CAS server.

2016-10-14 Thread Chip Work

Patrick,

As you suggested, I did a search for the string value cas01.example.org in 
my project. Unfortunately, the only place I find this string is in the 
/js/test_data.json files.
Am I missing something here.
Thanx again for your help.

-Chip

On Friday, October 14, 2016 at 9:10:06 AM UTC-4, Patrick Gardella wrote:
>
> Take a look at the URL you are getting the 500 error on:
>
>
> https://shuauth01.sacredheart.edu:8443/mywebapp/?ticket=ST-4-cQ2Pw1U9c9rJgMDMTyR3-cas01.example.org
>  
>
> So you don't have the cas server configured correctly. Search for 
> cas01.example.org and replace it with shuauth01.sacredheart.edu
>
> The sample webapp is connecting to CAS correctly, but then it tries to 
> validate against the CAS server, but it has the wrong.  It can't validate 
> that ticket against example.org
>
> Patrick
>
> On Thu, Oct 13, 2016 at 3:56 PM, Chip Work  > wrote:
>
>> Yes Sir. the user is in my AD.
>> If I just browse to the cas server (e.g., 
>> https://shuauth01.sacredheart.edu:8443/cas/login), enter the same 
>> username and password. I get a proper authentication.
>> I get the error message when I try redirection.
>> For example, I browse to 
>> https://shuauth01.sacredheart.edu:8443/cas/login?service=https%3A%2F%2Fshuauth01.sacredheart.edu%3A8443%2Fmywebapp/
>>  
>> This gets me to the cas login page; but upon entering the username and 
>> password and clicking on login, I am redirected to:
>>
>> https://shuauth01.sacredheart.edu:8443/mywebapp/?ticket=ST-4-cQ2Pw1U9c9rJgMDMTyR3-cas01.example.org
>>  
>> and get the error 500 page.
>>
>> -Chip 
>>
>>
>> On Thursday, October 13, 2016 at 3:16:45 PM UTC-4, Patrick Gardella wrote:
>>>
>>> The user you are validating has a sAMAccountName in LDAP/AD, correct?
>>>
>>> On Thu, Oct 13, 2016 at 2:28 PM, Chip Work  wrote:
>>>
 Here is my deployConfigContext.xml file.
 Thanx for your assistance.

 -Chip

 On Thursday, October 13, 2016 at 1:22:09 PM UTC-4, Patrick Gardella 
 wrote:
>
> Can you post your deployerConfigContext.xml file? Specifically, 
> the ldapAuthenticationHandler bean section, if you don't want to post it 
> all.
>
> You are using old instructions.  Take a look at the new instructions 
> at: 
>
> https://apereo.github.io/cas/4.2.x/installation/Maven-Overlay-Installation.html
>
> Patrick+
>
> On Thu, Oct 13, 2016 at 1:08 PM, Chip Work  wrote:
>
>> I am using Tomcat 8 on Centos 7 with Java 8.
>> I have loaded the war file built with maven using CAS 4.2.5 including 
>> the ldap handler.
>> I have loaded the "mywebapp" war file built with maven as suggested 
>> in: 
>> https://wiki.jasig.org/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample
>> I start tomcat and do not any significant errors in the catalina.out 
>> file or the cas.log file.
>> However when I test my cas deployment with the test site I get the 
>> following error:
>>
>> HTTP Status 500 - 
>> org.jasig.cas.client.validation.TicketValidationException: No principal 
>> was 
>> found in the response from the CAS server.
>>
>> *type* Exception report
>>
>> *message* *org.jasig.cas.client.validation.TicketValidationException: 
>> No principal was found in the response from the CAS server.*
>>
>> *description* *The server encountered an internal error that 
>> prevented it from fulfilling this request.*
>>
>> *exception*
>>
>> javax.servlet.ServletException: 
>> org.jasig.cas.client.validation.TicketValidationException: No principal 
>> was found in the response from the CAS server.
>>  
>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
>>
>> *root cause*
>>
>> org.jasig.cas.client.validation.TicketValidationException: No principal 
>> was found in the response from the CAS server.
>>  
>> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:74)
>>  
>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165)
>>  
>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
>>  
>>
>> *note* *The full stack trace of the root cause is available in the 
>> Apache Tomcat/8.0.37 logs.*
>>
>> Pls advice me as to why I might get this message.
>> Thanx. 
>>
>> -- 
>> CAS gitter chatroom: https://gitter.im/apereo/cas
>> CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> CAS documentation website: https://apereo.github.io/cas
>> CAS project website: https://github.com/apereo/cas
>> --- 
>> You received this message because you are subscribed to the

[cas-user] Re: Problems congiguring cas 4.2.3 with LDAP

2016-10-14 Thread Brandon Martin

I am experiencing the same error with a similar deployersContextConfig.xml.

Were you ever able to get past this one?

On Wednesday, July 20, 2016 at 11:33:17 AM UTC-7, Sagar Kapadia wrote:
>
>
> Hi, I am trying to configure cas 4.2.3 with LDAP. I am gettiing the 
> following exceptoin
>  Error creating bean with name 'inspektrIpAddressUsernameThrottle': 
> Injection of autowired dependencies failed; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Could not autowire 
> field: private org.jasig.inspektr.audit.AuditTrailManager 
> org.jasig.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter.auditTrailManager;
>  
> nested exception is 
> org.springframework.beans.factory.NoSuchBeanDefinitionException: No 
> qualifying bean of type [org.jasig.inspektr.audit.AuditTrailManager] found 
> for dependency: expected at least 1 bean which qualifies as autowire 
> candidate for this dependency. Dependency annotations: 
> {@org.springframework.beans.factory.annotation.Autowired(required=true), 
> @org.springframework.beans.factory.annotation.Qualifier(value=auditTrailManager)}
>
>
>
> The documentation says 
> File-based Audits
> By default, audit messages appear in log files via the 
> Slf4jLoggingAuditTrailManager and are routed to a cas_audit.log file 
> defined in the log4j2.xml configuration as well as the usual cas.log file.
>
> I even  tried to explicitly define a bean with id ='auditTrailManager' 
>  and class="Slf4jLoggingAuditTrailManager"  but this did not work either.
>
>
> I have resolved a lot of other issues which came up, but seem to be unable 
> to resolve this one.I have been struggling with this integration [cas 
> +ldap] for 2 days now, and for last 4 hours with the above issue. Any help 
> would be appreciated
>
> Regards,
> Sagar R. Kapadia
>
>
>
> *deployerConfigContext.xml*
>
> 
> http://www.springframework.org/schema/beans;
>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
>xmlns:ldaptive="http://www.ldaptive.org/schema/spring-ext;
>xmlns:util="http://www.springframework.org/schema/util;
>xmlns:p="http://www.springframework.org/schema/p;
>xmlns:c="http://www.springframework.org/schema/c;
>xsi:schemaLocation="http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans.xsd
>http://www.ldaptive.org/schema/spring-ext
>http://www.ldaptive.org/schema/spring-ext.xsd
>http://www.springframework.org/schema/util  
> http://www.springframework.org/schema/util/spring-util.xsd;
>>
>
>
>class="org.jasig.cas.authentication.LdapAuthenticationHandler"
>   p:principalIdAttribute="mail"
>   c:authenticator-ref="authenticator">
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
>c:resolver-ref="dnResolver"
>   c:handler-ref="authHandler" />
>
>p:baseDn="ou=people,dc=cloudnine,dc=in"
>   p:subtreeSearch="true"
>   p:allowMultipleDns="false"
>   p:connectionFactory-ref="searchPooledLdapConnectionFactory"
>   p:userFilter="true" />
>
>class="org.ldaptive.pool.PooledConnectionFactory"
>   p:connectionPool-ref="searchConnectionPool" />
>
>p:connectionFactory-ref="searchConnectionFactory" />
>
>class="org.ldaptive.DefaultConnectionFactory"
>   p:connectionConfig-ref="searchConnectionConfig" />
>
>p:connectionInitializer-ref="bindConnectionInitializer" />
>
>class="org.ldaptive.BindConnectionInitializer"
>   p:bindDn="uid=admin,ou=system">
> 
>c:password="secret" />
> 
> 
>
>class="org.ldaptive.pool.BlockingConnectionPool"
>   init-method="initialize"
>   destroy-method="close"
>   p:poolConfig-ref="ldapPoolConfig"
>   p:blockWaitTime="5000"
>   p:validator-ref="searchValidator"
>   p:pruneStrategy-ref="pruneStrategy" />
>
>class="org.ldaptive.ConnectionConfig"
>   p:ldapUrl="ldap://localhost:10389;
>   p:connectTimeout="1"
>   p:useStartTLS="false"
>   p:sslConfig-ref="sslConfig" />
>
>p:minPoolSize="10"
>   p:maxPoolSize="100"
>   p:validateOnCheckOut="true"
>   p:validatePeriodically="true"
>   p:validatePeriod="5" />
>
> 
> 
>p:trustCertificates="server.crt" />
> 
> 
>
>p:prunePeriod="10"
>   p:idleTime="2" />
>
> 
>
>  class="org.ldaptive.auth.PooledBindAuthenticationHandler"
>   p:connectionFactory-ref="bindPooledLdapConnectionFactory" />
>
>class="org.ldaptive.pool.PooledConnectionFactory"
>   p:connectionPool-ref="bindConnectionPool" />
>
>p:connectionFactory-ref="bindConnectionFactory" />
>
>class="org.ldaptive.DefaultConnectionFactory"
>   p:connectionConfig-ref="bindConnectionConfig" />
>
> 
>
> 
> value-ref="primaryPrincipalResolver" />
> 
> 
>

Re: [cas-user] No principal was found in the response from the CAS server.

2016-10-14 Thread 'Patrick Gardella' via CAS Community

Take a look at the URL you are getting the 500 error on:

https://shuauth01.sacredheart.edu:8443/mywebapp/?ticket=ST-
4-cQ2Pw1U9c9rJgMDMTyR3-cas01.example.org

So you don't have the cas server configured correctly. Search for
cas01.example.org and replace it with shuauth01.sacredheart.edu

The sample webapp is connecting to CAS correctly, but then it tries to
validate against the CAS server, but it has the wrong.  It can't validate
that ticket against example.org

Patrick

On Thu, Oct 13, 2016 at 3:56 PM, Chip Work  wrote:

> Yes Sir. the user is in my AD.
> If I just browse to the cas server (e.g., https://shuauth01.sacredheart.
> edu:8443/cas/login), enter the same username and password. I get a proper
> authentication.
> I get the error message when I try redirection.
> For example, I browse to https://shuauth01.sacredheart.
> edu:8443/cas/login?service=https%3A%2F%2Fshuauth01.sacredheart.edu%3A8443%
> 2Fmywebapp/
> This gets me to the cas login page; but upon entering the username and
> password and clicking on login, I am redirected to:
> https://shuauth01.sacredheart.edu:8443/mywebapp/?ticket=ST-
> 4-cQ2Pw1U9c9rJgMDMTyR3-cas01.example.org and get the error 500 page.
>
> -Chip
>
>
> On Thursday, October 13, 2016 at 3:16:45 PM UTC-4, Patrick Gardella wrote:
>>
>> The user you are validating has a sAMAccountName in LDAP/AD, correct?
>>
>> On Thu, Oct 13, 2016 at 2:28 PM, Chip Work  wrote:
>>
>>> Here is my deployConfigContext.xml file.
>>> Thanx for your assistance.
>>>
>>> -Chip
>>>
>>> On Thursday, October 13, 2016 at 1:22:09 PM UTC-4, Patrick Gardella
>>> wrote:

 Can you post your deployerConfigContext.xml file? Specifically,
 the ldapAuthenticationHandler bean section, if you don't want to post it
 all.

 You are using old instructions.  Take a look at the new instructions
 at:
 https://apereo.github.io/cas/4.2.x/installation/Maven-Overla
 y-Installation.html

 Patrick+

 On Thu, Oct 13, 2016 at 1:08 PM, Chip Work  wrote:

> I am using Tomcat 8 on Centos 7 with Java 8.
> I have loaded the war file built with maven using CAS 4.2.5 including
> the ldap handler.
> I have loaded the "mywebapp" war file built with maven as suggested
> in: https://wiki.jasig.org/display/CASC/JA-SIG+Java+Client+
> Simple+WebApp+Sample
> I start tomcat and do not any significant errors in the catalina.out
> file or the cas.log file.
> However when I test my cas deployment with the test site I get the
> following error:
>
> HTTP Status 500 - 
> org.jasig.cas.client.validation.TicketValidationException:
> No principal was found in the response from the CAS server.
>
> *type* Exception report
>
> *message* *org.jasig.cas.client.validation.TicketValidationException:
> No principal was found in the response from the CAS server.*
>
> *description* *The server encountered an internal error that
> prevented it from fulfilling this request.*
>
> *exception*
>
> javax.servlet.ServletException: 
> org.jasig.cas.client.validation.TicketValidationException: No principal 
> was found in the response from the CAS server.
>   
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
>
> *root cause*
>
> org.jasig.cas.client.validation.TicketValidationException: No principal 
> was found in the response from the CAS server.
>   
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:74)
>   
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165)
>   
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
>
> *note* *The full stack trace of the root cause is available in the
> Apache Tomcat/8.0.37 logs.*
>
> Pls advice me as to why I might get this message.
> Thanx.
>
> --
> CAS gitter chatroom: https://gitter.im/apereo/cas
> CAS mailing list guidelines: https://apereo.github.io/cas/M
> ailing-Lists.html
> CAS documentation website: https://apereo.github.io/cas
> CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org.
> To post to this group, send email to cas-...@apereo.org.
> Visit this group at https://groups.google.com/a/ap
> ereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ddf6
> 0f75-96da-4d88-9e90-85c3ded3b955%40apereo.org
>

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

Re: [cas-user] CAS 2.0 attribute return?

Re: [cas-user] CAS 5 RC3 attribute lookup

Re: [cas-user] CAS 2.0 attribute return?

Re: [cas-user] Server load w/ 4.2.6

Re: [cas-user] How does CAS 4.1.X behave like SAML IdP?

Re: [cas-user] AcceptUsersAuthenticationHandler#0 class not found error

Re: [cas-user] AcceptUsersAuthenticationHandler#0 class not found error

Re: [cas-user] CAS 4.1.x, use a different authentication provider based on the theme of Login page

Re: [cas-user] ehcache replication issue between CAS 4.2.5 nodes.

Re: [cas-user] Server load w/ 4.2.6

Re: [cas-user] AcceptUsersAuthenticationHandler#0 class not found error

Re: [cas-user] Server and client version mapping

Re: [cas-user] CAS 4.1.x, use a different authentication provider based on the theme of Login page

[cas-user] Server and client version mapping

Re: [cas-user] No principal was found in the response from the CAS server.

[cas-user] Re: Problems congiguring cas 4.2.3 with LDAP

Re: [cas-user] No principal was found in the response from the CAS server.

18 matches

Site Navigation

Mail list logo

Footer information