[cas-user] Re: CAS 5 Logout Shows Error in Logs but Browser Shows Logout Success

2017-04-21 Thread Matt S. 
After reverting back to using the embedded Tomcat in CAS 5.0.4, this error 
still shows in the logs, so this seems to be an issue in CAS (pac4j) itself.

It seems to occur during ticket cleanup, such as after the TGT is destroyed 
for a user.

Has anyone else noticed this and is it something that we need to worry 
about, considering that the logout functionality seems to be working fine 
otherwise?



On Thursday, April 13, 2017 at 9:46:54 AM UTC-4, Matt S. wrote:
>
> Hi,
>
> When I access the CAS logout URL, the browser seems to show a successful 
> logout but the CAS log shows the following error:
>
> ERROR [org.pac4j.cas.client.direct.DirectCasClient] -  or validate CAS credentials>
> org.pac4j.core.exception.CredentialsException: POST requests not supported
>
> We're using an external Tomcat, not the embedded Tomcat, so I'm not sure 
> if this is related to the issue.
>
> Any suggestions?
>
> Thanks,
> Matt
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6088d647-991d-484c-a02d-177e5c0703b0%40apereo.org.

Re: [cas-user] LDAP and CAS 5

2017-04-21 Thread Vibhor Sharma 

>
> Try to change following settings
>
cas.authn.ldap[0].type=AUTHENTICATED 

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b95f5358-60f1-4c5c-8e9b-790c4a3a5686%40apereo.org.

Re: [cas-user] CAS, 4.1.7, JoseException: A JWS Compact Serialization must have exactly 3 parts separated by period ('.') characters

2017-04-21 Thread 'rheman puewe' via CAS Community 
Hi.

I have the same problem with the same version of cas. Please what can I do 
in order to solve this problem ???

Le mercredi 27 avril 2016 03:26:53 UTC+3, Misagh Moayyed a écrit :
>
> The cookie value is signed and linked to the remote ip, browser agent and 
> and the TGT. If there is a mismatch, you will see that entry. 
>
>  
>
> *From:* cas-...@apereo.org  [mailto:cas-...@apereo.org 
> ] *On Behalf Of *Yan Zhou
> *Sent:* Friday, April 22, 2016 7:27 PM
> *To:* Misagh Moayyed 
> *Cc:* CAS Community 
> *Subject:* Re: [cas-user] CAS, 4.1.7, JoseException: A JWS Compact 
> Serialization must have exactly 3 parts separated by period ('.') characters
>
>  
>
> Can you point me to the right direction as to where this problem can be 
> fixed?  Is this some configuration issue I missed?  Or, it this outside of 
> CAS, such as a browser issue?
>
>  
>
> Yan
>
>  
>
> On Fri, Apr 22, 2016 at 9:23 PM, Misagh Moayyed  > wrote:
>
> It refers to the ticket-granting cookie. Its value cannot be parsed. 
>
>  
>
> *From:* cas-...@apereo.org  [mailto:cas-...@apereo.org 
> ] *On Behalf Of *Yan Zhou
> *Sent:* Friday, April 22, 2016 2:11 PM
> *To:* CAS Community 
> *Subject:* [cas-user] CAS, 4.1.7, JoseException: A JWS Compact 
> Serialization must have exactly 3 parts separated by period ('.') characters
>
>  
>
> Hi there,
>
>  
>
> With my CAS 4.1.7 overlay, getting this exception intermittently. I do not 
> know which value this exception is referring to.
>
>  
>
> The host.name entry in cas.properties is correctly specified. 
>
>  
>
> Any suggestions?
>
>  
>
> Yan
>
>  
>
> My cas.properties look like this,  host.name does have the FQDN.
>
>  
>
>  
>
> server.name=http://qacas01:8443
>
> server.prefix=${server.name}/cas
>
> cas.securityContext.status.access=hasIpAddress('127.0.0.1')
>
> cas.securityContext.statistics.access=hasIpAddress('127.0.0.1')
>
> host.name=qacas01.qa.medplus.com
>
>  
>
>  
>
> Here is the error.
>
>  
>
>  
>
> 2016-04-22 20:58:40,590 INFO 
> [org.jasig.cas.services.DefaultServicesManagerImpl] - 
>
> 2016-04-22 20:59:42,048 DEBUG 
> [org.jasig.cas.web.flow.InitialFlowSetupAction] -  set to null and path /cas/>
>
> 2016-04-22 20:59:42,048 DEBUG 
> [org.jasig.cas.web.flow.InitialFlowSetupAction] -  to null and path /cas/>
>
> 2016-04-22 20:59:42,050 DEBUG 
> [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - 
>  exactly 3 parts separated by period ('.') characters
>
> java.lang.RuntimeException: org.jose4j.lang.JoseException: A JWS Compact 
> Serialization must have exactly 3 parts separated by period ('.') characters
>
> at 
> org.jasig.cas.util.AbstractCipherExecutor.verifySignature(AbstractCipherExecutor.java:100)
>
> at 
> org.jasig.cas.util.BaseStringCipherExecutor.decode(BaseStringCipherExecutor.java:124)
>
> at 
> org.jasig.cas.util.BaseStringCipherExecutor.decode(BaseStringCipherExecutor.java:42)
>
> at 
> org.jasig.cas.web.support.DefaultCasCookieValueManager.obtainCookieValue(DefaultCasCookieValueManager.java:89)
>
> at 
> org.jasig.cas.web.support.CookieRetrievingCookieGenerator.retrieveCookieValue(CookieRetrievingCookieGenerator.java:116)
>
> at 
> org.jasig.cas.web.flow.InitialFlowSetupAction.doExecute(InitialFlowSetupAction.java:98)
>
> at 
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>
> at 
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>
> at 
> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
>
> at 
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
>
> at 
> org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
>
> at 
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
>
> at 
> org.springframework.webflow.engine.ActionList.execute(ActionList.java:154)
>
> at org.springframework.webflow.engine.Flow.start(Flow.java:526)
>
> at 
> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
>
> at 
> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
>
> at 
> org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
>
> at 
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238)
>
>  
>
>  
>
>  
>
> at 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Unknown 
> Source)
>
> at 
> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(Unknown Source)
>
> at 
> org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(Unknown Source)
>
> at 
>

Re: [cas-user] CAS as a OAuth server

2017-04-21 Thread Michael McDermott 
What do your properties and such look like?

If it helps any, I have a quick and dirty sample I've been fiddling with at
https://github.com/michaeljmcd/angular-sso-experiments/tree/master/cas-example/cas-overlay-template-master.
It has OAuth 2.0 and Open ID Connect enabled and runs on Tomcat 8.5.12.

On Thu, Apr 20, 2017 at 3:46 AM, Paul Mitchell 
wrote:

> Hi,
>
> I'm trying to get CAS running as an OAuth server. It running fine as a CAS
> server.
>
> I've included 'compile 
> "org.apereo.cas:cas-server-support-oauth-webflow:${project.'cas.version'}"'
> in the build.gradle file for cas.version 5.0.4.
>
> Breaking open the war file I can see the relevant jars have been
> included.  I've include a service registry entry based on the JSON example
> and am loading the services from a directory.
>
> When I start cas within Tomcat 8.5 I get the following error:
>
> Caused by: com.fasterxml.jackson.databind.exc.InvalidTypeIdException:
> Could not resolve type id 
> 'org.apereo.cas.support.oauth.services.OAuthRegisteredService'
> into a subtype of [simple type, class 
> org.apereo.cas.services.RegisteredService]:
> no such class found
>  at [Source: {"@class":"org.apereo.cas.support.oauth.services.
> OAuthRegisteredService","clientId":"clientid","
> clientSecret":"clientSecret","bypassApprovalPrompt":false,"
> serviceId":"^(https|imaps)://hello.*","name":"HTTPS and IMAPS","id":105};
> line: 1, column: 11]
>
> Again, I've confirmed that the class is present with the OAuth-core jar
> within the war.
>
> I'm not sure what to do from here and advice will be gratefully received.
>
> Paul.
>
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAGvhSLRNnWkvN%2BEBcYZVSj685Q7js-
> Yf2zsYioiW2kt%3DTaOaaQ%40mail.gmail.com
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEC-AL3c_YvQJKKh-_UnkJzjK-wV_sVS-Gm-8UgZZr3ZX9CEzA%40mail.gmail.com.

[cas-user] Request is not getting redirected to the service which accesed cas for login , even after successful login.

2017-04-21 Thread Ankur Verma 
Hi there ,

I am using cas4.1 as a cas server and java cas client 3.1 ,

https://cas_server:8443/cas41/login?TARGET=http%3A%2F%2Fcas_server%3A9080%2Fclient3%2Fprotected%2Fhome.jsp%3Fticket%3DST-5-eIVcNRQuF2EopDX3mbow-TMSCas





Now every thing was working fine when i was using cas2.0 for ticket 
validation. But since I have turned to SAML , this problem is  persisting.

checked out another thread referring to same problem , 
https://groups.google.com/forum/#!topic/jasig-cas-user/4P-q5fNdZAE , but 
there as well this issue was though discussed , but un-conclusively. 


Please someone help me with this .


web.xml of the client :

> 
>
> http://www.w3.org/2001/XMLSchema-instance; 
>> xmlns="http://xmlns.jcp.org/xml/ns/javaee; 
>> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
>> http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd; id="WebApp_ID" 
>> version="3.1">
>
>   client3
>
>   
>
> Index.jsp
>
>   
>
>   
>
> CAS Authentication Filter
>
> 
>
> 
>> org.jasig.cas.client.authentication.Saml11AuthenticationFilter
>
> 
>
>   casServerLoginUrl
>
>   https://cas_server:8443/cas41/login
>
> 
>
> 
>
>   serverName
>
>   http://cas_server:9080/client3/
>
> 
>
>   
>
>   
>
> CAS Validation Filter
>
> 
>
>
>> org.jasig.cas.client.validation.Saml11TicketValidationFilter
>
> 
>
>   casServerUrlPrefix
>
>   https://cas_server:8443/cas41/
>
> 
>
> 
>
>   serverName
>
>   http://cas_server:9080/client3/
>
> 
>
> 
>
>  
>
> redirectAfterValidation
>
> true
>
> 
>
> 
>
>
>> 
>
> useSession
>
> true
>
> 
>
> 
>
> 
>
> acceptAnyProxy
>
> true
>
> 
>
> 
>
> proxyReceptorUrl
>
> /client3/proxyUrl
>
> 
>
> 
>
> proxyCallbackUrl
>
> 
>> http://cas_server:9080/client3/proxyUrl
>
> 
>
> 
>
>   
>
>   
>
> CAS HttpServletRequest Wrapper Filter
>
> 
>> org.jasig.cas.client.util.HttpServletRequestWrapperFilter
>
>   
>
>   
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
>
>>
>> 
>
> 
>
> 
>
>  
>
>   
>
> CAS Authentication Filter
>
> /protected/*
>
>   
>
>   
>
> CAS Validation Filter
>
> /*
>
>   
>
>   
>
> CAS HttpServletRequest Wrapper Filter
>
> /*
>
>   
>
>   
>
> CAS Assertion Thread Local Filter
>
> /*
>
>   
>
>   
>
> CAS Validation Filter
>
> /proxyCallback
>
>   
>
> 
>
>

 


Thanks and Regards 
--Ankur Verma

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8463aa08-b9af-4e28-9e3f-aa1609a286dc%40apereo.org.

Re: [cas-user] Supporting SAML 2.0 using CAS 3.4

2017-04-21 Thread Uxío Prego 
Hi good UTC morning,

CAS 3 is obsolete. It is not nor its documentation longer provided by
anyone in this mailing list (Apereo CAS) though ther many documents exist
hanging from jasig.org about CAS 3 and 4 as you may have probably noticed.

IINM depending the nature of your CASified applications you might be able
to upgrade your production system to CAS 5 without impacting the existing
applications that are currently integrated.

I would encourage you to give some more details about your platform
architecture.

Uxío Prego



The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-04-18 3:54 GMT+02:00 Antony Sunny :

> Hi Team,
>
> We have a requirement for integrating Saleforce in CAS 3.4.10 using SAML
> 2.0 and since 3.4 doesn't support saml 2,we would like to know tthe options
> without upgrading CAS because we dont want to impact the existing
> applications that are currently integrated.
>
> Also would like to know,from where can I download the CAS 3.4.10
> documentation.
>
> Thanks in Advance,
>
> Regards,
> Antony Sunny
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c4f9e822-a0b2-4a9d-8552-
> 45bbed1c9a3d%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbYkTeOCTiu_AfC%2BsgdwaWyHH9iQ__9CX0TZW-dn0oVAQ%40mail.gmail.com.