Re: [cas-user] CAS 5.0 SAML2 Response Decryption

2017-02-25 Thread RJ 
Todd,

We see similar issue with 5.0.3. Our SP says, assertion cannot be 
validated. 

I've tried to generate signing and encryption keys in different ways but no 
luck. 

Here is what I am using (same options for the encryption keys as well): 
openssl req -new -x509 -sha256 -nodes -newkey rsa:2048  -keyout signing.key 
-out signing.crt -days 3650

Thanks!



On Thursday, February 2, 2017 at 6:51:58 PM UTC-5, Todd Pratt wrote:
>
> I found the issue was in the SamlObjectEncrypter class.  The resolveSingle 
> method call didn't find my encryption certificate that I have defined in my 
> metadata file.  The signing part works so I'm not sure if there is an issue 
> with my metadata file or the code.  If I hardcode it to return my public 
> cert from my keystore the encryption all works correctly.
>
> https://github.com/ap 
> 
> ereo/cas/blob/6f30a825e9fb3dbc3fc75e794e17373746edb48a/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/web/idp/profile/builders/enc/SamlObjectEncrypter.java#L227
>  
> 
>
> On Tue, Jan 17, 2017 at 9:31 PM, Todd Pratt  > wrote:
>
>> Thank you, I will look at the code and submit an issue if I find anything.
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "CAS Community" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/a/apereo.org/d/topic/cas-user/7wXXm3xE-X4/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to 
>> cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6f07ceb-0f27-4d33-b9e7-934aa95ef90e%40apereo.org
>> .
>>
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c08fbc4a-d8c3-49da-95d1-4e7dd15fc0e2%40apereo.org.

[cas-user] For fun can you beat this? CAS Logins per day.

2017-02-25 Thread Bryan Wooten 
We have two CAS 3.6.x servers behind a Netscaler running on Tomcat 8.
Hazelcast Ticket Registry. JSON Service Registry with 500+ entries (all
wild carded for urls). Duo for all employees. (30k)

CAS1

grep AUTHENTICATION_SUCCESS cas.log.2017-02-24* | wc -l

215743

CAS2

grep AUTHENTICATION_SUCCESS cas.log.2017-02-24* | wc -l

207414

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GUx6mJMBcvu09ru_9f5LO4eqRLhYeeY99aq2YZ25PB0gQ%40mail.gmail.com.

[cas-user] oAuth authentification and tomcat preventing encoded slashes

2017-02-25 Thread Emmanuel Cervetti 
Hello
Tomcat prevent using encoded slashes in url. It was a blank page when try 
to use the oAuth server:

https://globalsso.orupaca.fr:8443/oauth2.0/authorize_type=code_id=leclient_uri=http%3A%2F%2F10.211.55.3
=>blank page

So I set the tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true , the only 
answer I could find for such a problem.

Then the issue is different.
https://globalsso.orupaca.fr:8443/oauth2.0/authorize_type=code_id=leclient_uri=http%3A%2F%2F10.211.55.3
=>Redirection to the cas login page (without the oAuth context pararmeters)

I've set a breakpoint in OAuth20WrapperController to see if it was a CAS 
installation problem, and I have the folowing behaviour :

https://globalsso.orupaca.fr:8443/oauth2.0/authorize_type=code_id=leclient_uri=http%3A%2F%2F10.211.55.3
=>no breakpoint stops, it go straight forward the cas home page

https://globalsso.orupaca.fr:8443/oauth2.0/authorize_type=code_id=leclient_uri=
*hereAUnselessString*
=>breakpoint stops in OAuth20WrapperController, so it seems ok

What could I do to the oAuth client request be handled by cas server ?

My tomcat is 8.5.11
Thank you very much for your answer

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/93143320-debe-4892-bbe4-e3b9cc0f69fa%40apereo.org.