[cas-user] Re: SQL Exception with SingleRowJdbcPersonAttributeDao (probably configuration error)

['Mate Gabri' via CAS Community]

Figured it out. Stupid me. I am using MariaDB as the SQL backend and 
configured the MySQL driver instead of the MariDB one. After cleaning this 
up everything started to work.

On Monday, December 5, 2016 at 11:32:26 AM UTC+10:30, Mate Gabri wrote:
>
> Hi,
>
> since I am just getting acquainted with CAS I am certain that my issue is 
> configuration or concept related, so first of all I would like to seek the 
> guidance of the community on how to properly configure the stack the way I 
> thought so, if that is possible at all.
>
> I started out with CAS 5.0.0 using the Maven overlay and configured the 
> Trusted authentication webflow, since Apache handles the authentication in 
> a standardized way throughout the company. The username gets resolved, the 
> login works on the /cas-login page.
>
> Next I wanted to extend the platform with attribute resolution, but 
> apparently this part is not working. 
>
> I created a simple MySQL *users *table in the *cas* database like the 
> following:
>
> +++---++
> | uid| first_name | last_name | email  |
> +++---++
> | mgabri | Mate   | Gabri | mate.gabri@[obscured]  |
> +++---++
>
> The relecant cas.properties settings are the following, which may be the 
> first source of error:
>
> cas.authn.attributeRepository.jdbc.singleRow=true
> cas.authn.attributeRepository.jdbc.requireAllAttributes=true
>
> cas.authn.attributeRepository.jdbc.sql=SELECT * FROM users WHERE {0}
> cas.authn.attributeRepository.jdbc.username=uid
> cas.authn.attributeRepository.jdbc.url=[obscured]
> cas.authn.attributeRepository.jdbc.driverClass=com.mysql.cj.jdbc.Driver
> cas.authn.attributeRepository.jdbc.user=[obscured]
> cas.authn.attributeRepository.jdbc.password=[obscured]
>
> In the logs I can catch the following lines:
>
> Dec  5 11:06:31 [obscured] CAS: 
> PrincipalBearingCredentialsAuthenticationHandler successfully authenticated 
> mgabri
> Dec  5 11:06:31 [obscured] CAS: Executing prepared SQL query
> Dec  5 11:06:31 [obscured] CAS: Executing prepared SQL statement [SELECT * 
> FROM users WHERE uid = ?]
> Dec  5 11:06:31 [obscured] CAS: Fetching JDBC Connection from DataSource
> Dec  5 11:06:32 [obscured] CAS: Recovering From Exception thrown by 
> 'org.apereo.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao@431b08dc'
> Dec  5 11:06:32 [obscured] CAS: Authenticated principal [mgabri] and 
> attributes {} with credentials [mgabri].
>
> As you can see the *SingleRowJdbcPersonAttributeDao *is recovering from 
> an exception, but I was not able to figure out a way to have more insight 
> in what is really happening. Unfortunately I am not familiar with Java 
> applications at all so it is a bit hard for me to even start to look for 
> solution.
>
> I would like to humbly ask the community to provide me some guidance on 
> how to proceed or enlighten me that what I want to achieve is possible at 
> all.
>
> I have attached the pom.xml since that is a bit long.
>
> Kind regards,
> Mate
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf51b0eb-fcde-41c3-9eea-8d310916dfaa%40apereo.org.

Re: [cas-user] Re: CAS and Windows 10

[Colin Wilkinson]

Hi Kartik,

Greatly appreciated there is an issue with top.jsp page that gets imported 
into casLoginView.jsp. We have custom JavaScript file being imported that 
is working fine in DEV but in all other regions its not coming through 
correct.

In DEV it shows up as


In TEST, UAT and PROD


As you can clearly see there has been inject of the jsessionid. The 
jsession Id also appears on the "standard.custom.css.file". I have tweaked 
our settings rather than pass the directory location pass the directory 
location and file, so that jsessionid appears at the end at least.

On Tuesday, 6 December 2016 07:23:38 UTC+11, Colin Wilkinson wrote:
>
> Hi Kartik,
>
> Thanks for the Help information we have noticed dev server is working 
> correctly, but test, uat and prod and working incorrect. May be something 
> is missing.
>
> Regards,
> Colin
>
> On Tuesday, 6 December 2016 01:51:53 UTC+11, Kartik Mehta wrote:
>>
>> I recently faced the same issue, and traced it to our customized 
>> casLoginView.jsp. It had an img tag pointing to a non-existent image file. 
>> This caused the image tag to reload the page (similar to what is pointed 
>> out here - 
>> https://www.bennadel.com/blog/2236-empty-src-and-url-values-can-cause-duplicate-page-requests.htm
>>  
>> )
>> Any chance of a missing image file in your Windows 10 environment, in 
>> case you have customized casLoginView.jsp (or any of the jsps it includes)
>>
>> On Mon, Dec 5, 2016 at 2:01 AM, Colin Wilkinson  
>> wrote:
>>
>>> There are some customisations to the login flow, but we striped the 
>>> login flow back to what is working in production and noticed it was running 
>>> the login flow effectively twice. The second running is a problem because 
>>> the URL does not including any of the query parameters.
>>>
>>> The login has been customised with the following customisations
>>>
>>>1. Enabled CAS Spnego
>>>2. Enable IP based range check
>>>3. Added a query parameter filter check to force to login page if 
>>>provided. A second button has been added to the uPortal page to provide 
>>>this parameter. Currently for students spnego is not enabled.
>>>
>>> As stated this is only an issue with connections coming from Windows 10. 
>>> We have been using this setup through out our development, testing and UAT 
>>> environment through Windows 7 with out any hassles.
>>>
>>> CAS software version CAS 4.1.7
>>>
>>> Browser version are the following and all do the same thing,
>>> Internet Explorer 11
>>> Edge 14
>>> Chrome 54
>>> Firefox 50.0.2
>>>
>>> On Sunday, 4 December 2016 18:50:57 UTC+11, Jeffrey Wong wrote:

 Probably best to also note your browser version(s), CAS version, and if 
 you have any customizations. I've hit some really interesting things on 
 IE, 
 in which the login flow fails to execute if there's a malformed HTML 
 element.

 On Saturday, December 3, 2016 at 11:22:41 PM UTC-8, Colin Wilkinson 
 wrote:
>
> Guys,
>
> We have had a strange problem that took us most of the week to realise 
> that there looks to be a real weird issue with access CAS from a windows 
> 10 
> device. When accessing CAS from a Windows 10 devices through a browser it 
> executes the login flow twice. This means you loose all attributes 
> including service.
>
> The problem only exists when you open the browser from fresh, no other 
> instances of the browser running. Once you have access CAS once the flow 
> works as expected only runs once. From a fresh instances the flow runs 
> twice.
>
> Has any else experienced this. From windows 7 it works as expected.
>
> Regards,
> Colin
>
 -- 
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines: 
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ae8f8950-e41f-486a-a3ff-dd49120e7a0d%40apereo.org
>>>  
>>> 
>>> .
>>>
>>
>>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 

Re: [cas-user] Re: CAS and Windows 10

[Colin Wilkinson]

Hi Kartik,

Thanks for the Help information we have noticed dev server is working 
correctly, but test, uat and prod and working incorrect. May be something 
is missing.

Regards,
Colin

On Tuesday, 6 December 2016 01:51:53 UTC+11, Kartik Mehta wrote:
>
> I recently faced the same issue, and traced it to our customized 
> casLoginView.jsp. It had an img tag pointing to a non-existent image file. 
> This caused the image tag to reload the page (similar to what is pointed 
> out here - 
> https://www.bennadel.com/blog/2236-empty-src-and-url-values-can-cause-duplicate-page-requests.htm
>  
> )
> Any chance of a missing image file in your Windows 10 environment, in case 
> you have customized casLoginView.jsp (or any of the jsps it includes)
>
> On Mon, Dec 5, 2016 at 2:01 AM, Colin Wilkinson  > wrote:
>
>> There are some customisations to the login flow, but we striped the login 
>> flow back to what is working in production and noticed it was running the 
>> login flow effectively twice. The second running is a problem because the 
>> URL does not including any of the query parameters.
>>
>> The login has been customised with the following customisations
>>
>>1. Enabled CAS Spnego
>>2. Enable IP based range check
>>3. Added a query parameter filter check to force to login page if 
>>provided. A second button has been added to the uPortal page to provide 
>>this parameter. Currently for students spnego is not enabled.
>>
>> As stated this is only an issue with connections coming from Windows 10. 
>> We have been using this setup through out our development, testing and UAT 
>> environment through Windows 7 with out any hassles.
>>
>> CAS software version CAS 4.1.7
>>
>> Browser version are the following and all do the same thing,
>> Internet Explorer 11
>> Edge 14
>> Chrome 54
>> Firefox 50.0.2
>>
>> On Sunday, 4 December 2016 18:50:57 UTC+11, Jeffrey Wong wrote:
>>>
>>> Probably best to also note your browser version(s), CAS version, and if 
>>> you have any customizations. I've hit some really interesting things on IE, 
>>> in which the login flow fails to execute if there's a malformed HTML 
>>> element.
>>>
>>> On Saturday, December 3, 2016 at 11:22:41 PM UTC-8, Colin Wilkinson 
>>> wrote:

 Guys,

 We have had a strange problem that took us most of the week to realise 
 that there looks to be a real weird issue with access CAS from a windows 
 10 
 device. When accessing CAS from a Windows 10 devices through a browser it 
 executes the login flow twice. This means you loose all attributes 
 including service.

 The problem only exists when you open the browser from fresh, no other 
 instances of the browser running. Once you have access CAS once the flow 
 works as expected only runs once. From a fresh instances the flow runs 
 twice.

 Has any else experienced this. From windows 7 it works as expected.

 Regards,
 Colin

>>> -- 
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ae8f8950-e41f-486a-a3ff-dd49120e7a0d%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/af363b5b-3555-47c0-9900-5519cd38e934%40apereo.org.

[cas-user] How to configure CAS to recognize REST-Clients already authenticated via CAS RESTful API?

[mdottavi]

Hi, 
I have the following problem:
I already have several web apps already integrated with CAS and 
spring-security-cas-filter. It works fine for user (browser based) 
connections.

I now need to provide some of those webapps' REST Endpoints for 
machine-to-machine connection 
and I want to rely on CAS for Authentication of those REST calls.

So I want my REST-Clients to call the CAS-RESTful API (/cas/v1/tickets) to 
get authenticated  ...
This works fine and they get the TGT as result...

But when the REST-Clients call the webapps REST endpoint they get 
redirected (by the cas-spring-sec-filter) 
to the cas login page that does not recognize the client is already 
authenticated and sends the html page...

So how to configure CAS to set in the REST-Client the proper cookies after 
issuing the TGT so that next calls of such client will be recognized by CAS 
as authenticated and issue directly the service ticket for the required 
webapps?

Note: After the TGT Request the REST Clients don't call the CAS-REST API 
for ServiceTicket because I want a seamless integration (no special 
handling from REST-Clients: they get redirected if not Authenticated by the 
spring-sec-filter).

I'm currently using CAS 4.1.0 but plan to move to CAS 5.x

Thank you so much for your help.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/afae9b29-0ba3-4e37-ac88-a60516e1ed05%40apereo.org.

[cas-user] configuration in Ldap, xml or database

[Jiří]

Hi all,
I am new in CAS , i have a special task to explain to my boss what is best 
way how save configuration datas.
We want have 2 tomcat servers with reflexion.

Could somebody explain difference between local storage, LDAP or DB. Thx a 
lot  

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4722eef1-39c0-4c7a-9f72-845c9bbeb871%40apereo.org.

[cas-user] Re: Gradle overlay CAS 5.0.0 + cas-server-support-ehcache-ticket-registry: some libraries are doubled in WEB-INF/lib

[Yauheni Sidarenka]

Hi all,

I have realized after guessing game, that 

ext["HikariCP.version"] = ext["hikariVersion"]


does not help because it should be 

ext["hikaricp.version"] = ext["hikariVersion"]


Looks like it is a bug in spring-boot Gradle plugin.

By the way, variable hikariVersion is unnecessary in CAS Gradle overlay 
project, it is only used in full distribution repository in gradle
/dependencies.gradle file to create dependencies.

So, the solution can be either

ext["hikaricp.version"] = "2.5.1"


somewhere in the top of cas/build.gradle file or

compile "com.zaxxer:hikaricp:2.5.1"


in dependencies section in the file mentioned above.


Regards,
Yauheni 

On Tuesday, November 29, 2016 at 7:42:01 PM UTC+3, Yauheni Sidarenka wrote:
>
> I have solved this problem.
>
> Instead of writing this
>
> ext["hikariVersion"] = "2.5.1"
> ext["HikariCP.version"] = ext["hikariVersion"]
>
> in the top of cas/build.gradle file, I have added this
>
> compile "com.zaxxer:HikariCP:2.5.1"
>
> to dependencies section.
>
> The solution is pretty straightforward but it saves my time.
>
> Many thanks to everyone!
>
> On Tuesday, November 29, 2016 at 7:28:15 PM UTC+3, Yauheni Sidarenka wrote:
>>
>> There is a partial solution for this.
>>
>> When I replace this 
>> 
>>  
>> line:
>>
>> apply from: '
>> https://raw.githubusercontent.com/apereo/cas/master/gradle/overrides.gradle
>> '
>>
>> in cas/build.gradle file with the following line:
>>
>> apply from: '
>> https://raw.githubusercontent.com/apereo/cas/5.0.x/gradle/overrides.gradle
>> '
>>
>> only one library is still doubled and it is HikariCP.
>> Even if I write:
>>
>> apply from: '
>> https://raw.githubusercontent.com/apereo/cas/5.0.x/gradle/overrides.gradle
>> '
>> ext["hikariVersion"] = "2.5.1"
>> ext["HikariCP.version"] = ext["hikariVersion"]
>>
>> to make something like in that overrides.gradle file, mentioned library 
>> is doubled again.
>>
>> By the way, I have noticed that "yellow" version of HikariCP comes in 
>> from Spring Boot 
>> 
>> .
>>
>> Any ideas?
>>
>> On Monday, November 28, 2016 at 7:41:49 PM UTC+3, Yauheni Sidarenka wrote:
>>>
>>> I have bare Gradle Overlay Git repo of CAS 5.0.0, master branch, latest 
>>> commit - 426847c1690723401a82f1c274c10d7a4a210107.
>>> OS: Windows 7 Pro x64
>>> JDK: Oracle 8u60
>>>
>>> When I add in cas/build.gradle line 
>>>
>>> compile 
>>> "org.apereo.cas:cas-server-support-ehcache-ticket-registry:${project.'cas.version'}"
>>>
>>> after executing gradlew clean build these libraries will appear twice 
>>> (two versions) in WEB-INF/lib  in resulted war file (version of library 
>>> that was added by this dependency is in yellow):
>>>
>>> attoparser-2.0.0.RELEASE.jar
>>> attoparser-2.0.1.RELEASE.jar
>>> hibernate-core-5.2.2.Final.jar
>>> hibernate-core-5.2.4.Final.jar
>>> hibernate-entitymanager-5.2.2.Final.jar
>>> hibernate-entitymanager-5.2.4.Final.jar
>>> HikariCP-2.4.7.jar
>>> HikariCP-2.5.1.jar
>>> jackson-annotations-2.8.3.jar
>>> jackson-annotations-2.8.4.jar
>>> jackson-core-2.8.3.jar
>>> jackson-core-2.8.4.jar
>>> jackson-databind-2.8.3.jar
>>> jackson-databind-2.8.4.jar
>>> jackson-dataformat-yaml-2.8.3.jar
>>> jackson-dataformat-yaml-2.8.4.jar
>>> jackson-datatype-guava-2.8.3.jar
>>> jackson-datatype-guava-2.8.4.jar
>>> jackson-datatype-jsr310-2.8.3.jar
>>> jackson-datatype-jsr310-2.8.4.jar
>>> spring-aop-4.3.3.RELEASE.jar
>>> spring-aop-4.3.4.RELEASE.jar
>>> spring-beans-4.3.3.RELEASE.jar
>>> spring-beans-4.3.4.RELEASE.jar
>>> spring-context-4.3.3.RELEASE.jar
>>> spring-context-4.3.4.RELEASE.jar
>>> spring-context-support-4.3.3.RELEASE.jar
>>> spring-context-support-4.3.4.RELEASE.jar
>>> spring-core-4.3.3.RELEASE.jar
>>> spring-core-4.3.4.RELEASE.jar
>>> spring-expression-4.3.3.RELEASE.jar
>>> spring-expression-4.3.4.RELEASE.jar
>>> spring-jdbc-4.3.3.RELEASE.jar
>>> spring-jdbc-4.3.4.RELEASE.jar
>>> spring-jms-4.3.3.RELEASE.jar
>>> spring-jms-4.3.4.RELEASE.jar
>>> spring-messaging-4.3.3.RELEASE.jar
>>> spring-messaging-4.3.4.RELEASE.jar
>>> spring-orm-4.3.3.RELEASE.jar
>>> spring-orm-4.3.4.RELEASE.jar
>>> spring-tx-4.3.3.RELEASE.jar
>>> spring-tx-4.3.4.RELEASE.jar
>>> spring-web-4.3.3.RELEASE.jar
>>> spring-web-4.3.4.RELEASE.jar
>>> spring-webmvc-4.3.3.RELEASE.jar
>>> spring-webmvc-4.3.4.RELEASE.jar
>>> spring-websocket-4.3.3.RELEASE.jar
>>> spring-websocket-4.3.4.RELEASE.jar
>>> thymeleaf-3.0.1.RELEASE.jar
>>> thymeleaf-3.0.2.RELEASE.jar
>>> thymeleaf-spring4-3.0.1.RELEASE.jar
>>> thymeleaf-spring4-3.0.2.RELEASE.jar
>>> unbescape-1.1.3.RELEASE.jar
>>> unbescape-1.1.4.RELEASE.jar
>>>
>>> How to disable extra libraries and which are correct ones?
>>>
>>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS