RE: [cas-user] CASAuthNHeader to return user

[Neil Sabol]

Hello Pouria, All,

To build on David's response, you should be able to echo out the HTTP Headers 
on the server side with whatever language you are using.

For example, in PHP see http://php.net/manual/en/function.getallheaders.php 
(Example #1) - just create a test page in your DocumentRoot, place that code in 
it, and navigate to its URL in your browser.

You could also use phpinfo() in PHP. Similar functionality is available in 
other languages (Java, etc.) as well.

Hope that helps.

Thank you,
-Neil

-Original Message-
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David Hawes
Sent: Monday, November 21, 2016 2:41 PM
To: CAS Community 
Subject: Re: [cas-user] CASAuthNHeader to return user

On 21 November 2016 at 16:13, pouria Mahmoudi  wrote:
...
> Description: If enabled, this will store the user returned by CAS in 
> an HTTP header accessible to your web applications.
...
> but it doesn't look like I have an http header. At least by doing 
> Inspect Element on my browser I cannot see it.
>
> Any help would be appreciated.

These headers are not sent to your browser, so you will not see it there. They 
are only set on the server.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wD%3D%2BShy_gPkRfz3UnJcLEfhjNYFMg-B3w8VUZjAGP-9ag%40mail.gmail.com.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN6PR07MB2962A8CE15415F4AFA583073B8B50%40BN6PR07MB2962.namprd07.prod.outlook.com.

Re: [cas-user] CASAuthNHeader to return user

[pouria Mahmoudi]

Excellent. Thanks That was it.


On Monday, November 21, 2016 at 1:41:30 PM UTC-8, dhawes wrote:
>
> On 21 November 2016 at 16:13, pouria Mahmoudi  > wrote: 
> ... 
> > Description: If enabled, this will store the user returned by CAS in an 
> HTTP 
> > header 
> > accessible to your web applications. 
> ... 
> > but it doesn't look like I have an http header. At least by doing 
> Inspect 
> > Element on my browser I cannot see it. 
> > 
> > Any help would be appreciated. 
>
> These headers are not sent to your browser, so you will not see it 
> there. They are only set on the server. 
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7734f1e2-2902-4cb6-b1ca-05b4bf2a4f52%40apereo.org.

[cas-user] Securing CAS 5.0 Management Webapp

[Richard Frovarp]

I'm having difficulty understanding how to configure the security layer 
for the CAS management webapp, if I don't want to use a static list.


If I provide cas.mgmt.authzAttributes=memberOf, then it would seem that 
I should set cas.mgmt.adminRoles to the group.


In theory this might seem like it should work. However, AD groups have 
commas in them, and the code is splitting on commas. The Spring 
documentation for the method is a bit vague, but it appears that quoting 
the string that you don't want split, doesn't work. This is despite 
StringUtils in Spring referring to CSV. So there is no way for the whole 
to be equal to the first bit.


Is this a bug, or am I just doing it wrong?

Documentation for the LDAP module is lacking, and I can't quite guess 
what I'm supposed to do there. I was thinking about using the 
userPropertiesFile, but that doesn't appear to be read after startup. So 
I'd have to have Puppet update the static file, then manually restart 
the management application (via Tomcat Manager, which is protected by CAS).


Thanks,

Richard

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/75874cc7-09a5-6050-88a9-57659a15997b%40ndsu.edu.

Re: [cas-user] CASAuthNHeader to return user

[David Hawes]

On 21 November 2016 at 16:13, pouria Mahmoudi  wrote:
...
> Description: If enabled, this will store the user returned by CAS in an HTTP
> header
> accessible to your web applications.
...
> but it doesn't look like I have an http header. At least by doing Inspect
> Element on my browser I cannot see it.
>
> Any help would be appreciated.

These headers are not sent to your browser, so you will not see it
there. They are only set on the server.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wD%3D%2BShy_gPkRfz3UnJcLEfhjNYFMg-B3w8VUZjAGP-9ag%40mail.gmail.com.

[cas-user] CASAuthNHeader to return user

[pouria Mahmoudi]

Hi Everyone,
In the documentation, there is a part said:

Directive: CASAuthNHeader
Default: None
Description: If enabled, this will store the user returned by CAS in an 
HTTP header
accessible to your web applications.


And this is the CAS configuration:

*LoadModule auth_cas_module /usr/lib64/apache2/mod_auth_cas.so*
*CASSSOEnabled On*
*CASCookiePath /var/cache/apache2/mod_auth_cas/*
*CASLoginURL https://cas.server:443/cas/login*
*CASValidateURL  https://cas.server:443/cas/serviceValidate*
*CASDebug on*
*LogLevel debug*

**
*Authtype CAS*
*CASAuthNHeader cas_user*
*require valid-user*
**


but it doesn't look like I have an http header. At least by doing Inspect 
Element on my browser I cannot see it.

Any help would be appreciated.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/340860c2-ed99-42ba-b91c-a2b78def4961%40apereo.org.

[cas-user] Re: Custom Authentication Handler in version 5.0.0

[Raghavendra Chary B]

I had to implement custom Authentication handler where user creds are 
stored in Cassandra db. 

Followed below steps, not sure whether this is recommneded approach or not:
1. Created package org.apereo.cas..adaptors.cassandra
2. CassandraAuthenticationHandler

> public class CassandraAuthenticationHandler implements 
> AuthenticationHandler {
>
> }
>
3. Created 
org.apereo.cas..adaptors.cassandra.config.CasCassandraConfiguration 
similar to org.apereo.cas.adaptors.generic.config.CasGenericConfiguration.

@Configuration("casCassandraConfiguration")
> @EnableConfigurationProperties(CasConfigurationProperties.class)
> public class CasCassandraConfiguration {
>
> @RefreshScope
> @Bean
> public AuthenticationHandler cassandraAuthenticationHandler() {
> final CassandraAuthenticationHandler h = new 
> CassandraAuthenticationHandler();
> return h;
> }
>
>
> @PostConstruct
> public void initializeAuthenticationHandler() {
> System.out.println("1755");
> 
> this.authenticationHandlersResolvers.put(cassandraAuthenticationHandler(), 
> personDirectoryPrincipalResolver);
> }
>


On Thursday, 8 September 2016 14:17:25 UTC+5:30, Gokhan Mansuroglu wrote:
>
> Hi, 
>
> Let's say I have a custom AbcAuthencticationHandler and AbcCredentials. 
> How can i configure this custom auhtentication handler ? In previous 
> versions this can be handled in deployerConfigContext.xml, but how it is 
> done in version 5.0.0 ?
>
> Thanks.
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f6e3829e-1b46-4118-aa36-65b3ba1aa669%40apereo.org.

[cas-user] RE: CAS 5 not reading cas.properties file

[Maxwell, Gary]

The issue was resolved.
I was modifying cas.properties within the overlay project and then compiling 
the project. Actually you need to copy the updated cas.properties  into a new  
“etc/cas/config/” folder. That is located in the root of the drive where Tomcat 
is located.

From: Maxwell, Gary
Sent: Friday, November 18, 2016 3:50 PM
To: cas-user@apereo.org
Subject: CAS 5 not reading cas.properties file

Hi,

I am starting to convert to CAS 5 and apparently we are missing something. We 
make a  configuration change however it doesn’t get reflected in the 
application.
We are using the maven overlay method on Windows and it seems that our version 
of the cas.properties file does not overlay the original.
Do we need to copy the file to another location within the cas-overlay-template 
project before building the war file?

Any other thoughts would be great!

-Gary



-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/81cf6abf3dca46c79c9cf6facd4e02d9%40mbx2.fortlewis.edu.

Re: [cas-user] CAS-5.1.0-SNAP MFA Bypass configuration property is confusing

['Philippe MARASSE' via CAS Community]

Done : https://github.com/apereo/cas/issues/2138

Let's switch to cas-dev.

Regards.

Le 18/11/2016 à 16:31, Misagh Moayyed a écrit :
>
> That’s an excellent find. I suspect bypass rules don’t account for
> non-interactive AuthN somehow. If you can change your config to bypass
> MFA based on the Ldap handler, that pretty much confirms my theory.
>
>  
>
> File an issue either way please. (And since you’re on SNAPSHOT, let’s
> move this to dev)
>
>  
>
> --Misagh
>
>  
>
> *From:*'Philippe MARASSE' via CAS Community [mailto:cas-user@apereo.org]
> *Sent:* Friday, November 18, 2016 4:25 AM
> *To:* CAS Community 
> *Subject:* [cas-user] CAS-5.1.0-SNAP MFA Bypass configuration property
> is confusing
>
>  
>
> Hello,
>
> As issues #2126 & #2127 are solved, this morning, another issue arises
> : Yubikey MFA is bypassed when I use LdapAuthenticationHandler (via
> login form), but not when I use Spnego ?? relevant cas.properties line
> is :
>
> cas.authn.mfa.yubikey.bypass.authenticationHandlerName=JcifsSpnegoAuthenticationHandler
>
> As far as I understand it should bypass MFA-Yubikey when the first
> auth is done via SPNEGO, and enforce MFA with another type of auth.
> That's what I need.
>
> But on my test page, with login form I get this attribute :
> successfulAuthenticationHandlers: *LdapAuthenticationHandler*
>
> with SPNEGO : successfulAuthenticationHandlers:
> JcifsSpnegoAuthenticationHandler, YubiKeyAuthenticationHandler
>
> Then I modified the property to :
>
> cas.authn.mfa.yubikey.bypass.authenticationHandlerName=LdapAuthenticationHandler
>
> Now I have successfulAuthenticationHandlers: 
> YubiKeyAuthenticationHandler, LdapAuthenticationHandler whe I use
> login form, fine.
> and successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler
> with SPNEGO, perfect :-).
>
> but IMHO, bypass configuration option behavior is inverted.
>
> Regards.
>
> -- 
> Philippe MARASSE
>  
> Responsable pôle Infrastructures - DSIO
> Centre Hospitalier Henri Laborit
> CS 10587 - 370 avenue Jacques Cœur 
> 86021 Poitiers Cedex
> Tel : 05.49.44.57.19
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+unsubscr...@apereo.org
> .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/48552979-800b-f552-1189-db88268723d2%40ch-poitiers.fr
> .
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+unsubscr...@apereo.org
> .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/012501d241b0%24ccd44a80%24667cdf80%24%40unicon.net
> .

-- 
Philippe MARASSE

Responsable pôle Infrastructures - DSIO
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Cœur 
86021 Poitiers Cedex
Tel : 05.49.44.57.19

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42fa0838-f84e-2ca7-5f09-1e9c69d01d70%40ch-poitiers.fr.


smime.p7s
Description: Signature cryptographique S/MIME

[cas-user] CAS Management Webapp v5 + LDAP Authorization

[Ludovic Senecaux]

Hy,

I would like to configure the new mgmt webapp (v5) authorization through 
LDAP like in CAS v4.2.x.
I have a LDAP group (groupOfNames) with many members (member attribute).
In CAS 4.x, this was possible through ldaptive:AuthorizationGenerator.
In CAS 5.x, I didn't find any doc to configure authz through LDAP groups.

Thanks in advance

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9507f54b-0fb2-4c81-881e-7df63569d541%40apereo.org.