RE: [cas-user] Integrating with Okta SAML IDP

[Song, Doe-Hyun]

Hello,

I am trying to understand use cases for the Shibbolizing Apereo CAS.
https://apereo.github.io/2017/05/26/cas-shibsp-samlidp/

My use case,
CAS supports multiple clients with CAS protocol.
CAS supports one client with its own security domain. CAS is working as SP 
Federated server while the client’s authentication system becomes Idp. CAS 
delegates authentication to IdP through SAML2. For this we need to provide SP 
initiated SSO.


Current Setting:
Mod_auth_cas is installed at Apache
CAS Server is running at standalone tomcat8.5 (not embedded)
Many client uses our CAS to access applications protected through Mod_Auth_CAS.
One client wants to use their own security domain.  The client’s security 
domain will have IdP and our CAS server is SP federated server.

Questions from Blog,
Per blog, “Step 2. Requests to CAS /login endpoint are intercepted by the SP 
and Apache.”
Does it mean all requests will be intercept by the SP and Apache?
My use case is that except users at one client, every user should be 
authenticated through normal CAS login screen.

Per blog, “Ensure CAS could easily lend itself to be intercepted by Apache when 
running in embedded mode.”
Does it mean patch is not applied when CAS is running in standalone Tomcat mode?


Does Shibbolizing CAS support my use case?




From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Soumya 
Tripathy
Sent: Monday, July 17, 2017 1:16 AM
To: CAS Community
Subject: [cas-user] Integrating with Okta SAML IDP

Hi all,
I was going through the https://apereo.github.io/2017/05/26/cas-shibsp-samlidp/ 
blog and implemented upto step 5 where /logon endpoint is intercepted by Apache 
Shibboleth SP and was successfully redirected to okta 
IDP. I'm using CAS-5.1.0.

Following are my Okta configuration:

Single Sign On URL: https://cas.sample-app/Shibboleth.sso/SAML2/POST
Recipient UR: https://cas.sample-app/Shibboleth.sso/SAML2/POST
Destination URL: https://cas.sample-app/Shibboleth.sso/SAML2/POST
Audience Restriction: https://cas.sample-app/sp/shibboleth (My SP entityId)
Default Relay State: https://cas.sample-app:8443/cas/login

ATTRIBUTE STATEMENTS
Name  Name Format  Value

Email Unspecified  ${user.email}

And in CAS I have turned on the trusted authentication with the following 
configuration:

cas.authn.trusted.principalAttribute=Email

Issue is though I have provided the Default Relay State in my IDP 
configuration, post authentication SP is not redirecting the response to my CAS 
server. Rather it is redirected tohttp://localhost/cas/login

Any help will be appreciated.

Thanks
Soumya
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8a62619-cfc9-4f18-9381-cce14f2b5ce2%40apereo.org.



The information contained in this e-mail and any attachments is confidential and
intended only for the recipient. If you are not the intended recipient, the
information contained in this message may not be used, copied, or forwarded to
third parties or otherwise distributed for any other purpose. Please notify the
sender if you received this e-mail in error and delete the e-mail and its
attachments promptly.  Nothing in this e-mail may be used or deemed to form the
basis of a contractual or any other legally binding obligation unless separately
confirmed in writing by an authorized representative of ARMADA.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7C27C94EB0F1AD41BB2FA62533E661E201DA813518%40MailS01P.hub1.com.

[cas-user] Re: Unable to build maven package for cas-services-management-overlay - "Failed to execute goal com.github.s4u.plugins:pgpverify-maven-plugin:1.1.0:check (default) on project cas-overlay: C

[crdaudt]

I am still having difficulty with this.  Any pointers from anybody?
Thanks in advance for your assistance.
Carl

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8eb5c2f7-804b-442a-998f-780d2d15b7fb%40apereo.org.

Re: [cas-user] Where exactly can views be found?

[Toby Archer]

Now I'm back to nothing appears to be happening. I have:

cas-gradle-overlay-templates/src/main/resources/templates/casLoginView.html
and
etc/cas/config/templates/casLoginView.html

In both of these files I removed the fragment that contains "Links to CAS 
Resources", specifically this "" that should mean that on the 
default login screen the panel on the right with the list of links 
disappears. Nothing happens, my alteration is completely ignored. if I set

spring.thymeleaf.prefix=file:/etc/cas/config/templates/

It's buggy, but at least the change is there. 

On Thursday, July 20, 2017 at 12:00:26 PM UTC-5, Dmitriy Kopylenko wrote:
>
> No need to set any properties. Get rid of these:
>
> spring.thymeleaf.prefix=classpath:/templates/
> cas.view.cas2.success=protocol/2.0/casServiceValidationSuccess
> cas.view.cas3.success=protocol/3.0/casServiceValidationSuccess
>
> D.
>
>
> From: Toby Archer  
> Reply: Toby Archer  
> Date: July 20, 2017 at 12:56:46 PM
> To: CAS Community  
> Cc: sand...@gmail.com   , 
> dkopy...@unicon.net   
> Subject:  Re: [cas-user] Where exactly can views be found? 
>
> Thanks! but alas, I am not quite off the ground yet. But I feel like it is 
> just a little detail somewhere I'm missing. So in 
> cas-gradle-overlay-template I made src/main/resources/templates. Just to be 
> quick and easy I copied the entire templates directory from the repo 
> listed. So I should have every possible template. I added what appeared to 
> be the appropriate settings:
>
> spring.thymeleaf.prefix=classpath:/templates/
>> cas.view.cas2.success=protocol/2.0/casServiceValidationSuccess
>> cas.view.cas3.success=protocol/3.0/casServiceValidationSuccess
>>
>
> I added  to the two views listed above, but my change 
> didn't show up so far as I could tell.
>
> I tried classpath:/templates, and that didn't seem to do anything. When I 
> was working with the service registry and the associated json files it 
> copied the /services/ directory over in the process of building, but that 
> was because it was in etc/cas/config. Incidentally I tried adding the 
> templates directory to that directory. This also didn't appear to have any 
> effect. So I changed the property to 
> spring.thymeleaf.prefix=file:/etc/cas/config/templates, this seems to have 
> worked, but now if I don't include every template blows up instead of using 
> the default one.
>
> On Thursday, July 20, 2017 at 10:59:33 AM UTC-5, Dmitriy Kopylenko wrote: 
>>
>> There is no such directory in the overlay. You need to create one i.e. 
>> src/main/resources/templates and then copy the default templates that you 
>> are going to be modifying from here: 
>> https://github.com/apereo/cas/tree/master/webapp/resources/templates and 
>> off you go.
>>
>> Cheers,
>> D.
>>
>>
>> From: Toby Archer 
>> Reply: cas-...@apereo.org 
>> Date: July 20, 2017 at 11:53:03 AM
>> To: CAS Community 
>> Subject:  [cas-user] Where exactly can views be found?
>>
>> Here in the documentation: 
>> https://apereo.github.io/cas/5.1.x/installation/User-Interface-Customization-Views.html
>>
>> The first line says:
>>
>> The views are found at src/main/resources/templates.
>>
>>
>> Where exactly is that directory?  I have no such directory in my clone of 
>> cas-gradle-overlay-template, I checked the github page, 
>> https://github.com/apereo/cas, and couldn't find anything that really 
>> made much sense. Theming is my last major hurtle. Any advice is quite 
>> welcome.
>>
>> ~TA
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/725eb3fb-fd9e-4186-b133-f427fd28666b%40apereo.org
>>  
>> 
>> .
>>
>>
>  
> --
>
> This email has been scanned for spam and viruses by Proofpoint Essentials. 
> Click here 
> 
>  
> to report this email as spam.
>
> = 
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 

Re: [cas-user] Where exactly can views be found?

[Dmitriy Kopylenko]

No need to set any properties. Get rid of these:

spring.thymeleaf.prefix=classpath:/templates/
cas.view.cas2.success=protocol/2.0/casServiceValidationSuccess
cas.view.cas3.success=protocol/3.0/casServiceValidationSuccess

D.


From: Toby Archer 
Reply: Toby Archer 
Date: July 20, 2017 at 12:56:46 PM
To: CAS Community 
Cc: sandsl...@gmail.com , dkopyle...@unicon.net 

Subject:  Re: [cas-user] Where exactly can views be found?  

Thanks! but alas, I am not quite off the ground yet. But I feel like it is just 
a little detail somewhere I'm missing. So in cas-gradle-overlay-template I made 
src/main/resources/templates. Just to be quick and easy I copied the entire 
templates directory from the repo listed. So I should have every possible 
template. I added what appeared to be the appropriate settings:

spring.thymeleaf.prefix=classpath:/templates/
cas.view.cas2.success=protocol/2.0/casServiceValidationSuccess
cas.view.cas3.success=protocol/3.0/casServiceValidationSuccess

I added  to the two views listed above, but my change didn't 
show up so far as I could tell.

I tried classpath:/templates, and that didn't seem to do anything. When I was 
working with the service registry and the associated json files it copied the 
/services/ directory over in the process of building, but that was because it 
was in etc/cas/config. Incidentally I tried adding the templates directory to 
that directory. This also didn't appear to have any effect. So I changed the 
property to spring.thymeleaf.prefix=file:/etc/cas/config/templates, this seems 
to have worked, but now if I don't include every template blows up instead of 
using the default one.

On Thursday, July 20, 2017 at 10:59:33 AM UTC-5, Dmitriy Kopylenko wrote:
There is no such directory in the overlay. You need to create one i.e. 
src/main/resources/templates and then copy the default templates that you are 
going to be modifying from here: 
https://github.com/apereo/cas/tree/master/webapp/resources/templates and off 
you go.

Cheers,
D.


From: Toby Archer 
Reply: cas-...@apereo.org 
Date: July 20, 2017 at 11:53:03 AM
To: CAS Community 
Subject:  [cas-user] Where exactly can views be found?

Here in the documentation: 
https://apereo.github.io/cas/5.1.x/installation/User-Interface-Customization-Views.html

The first line says:

The views are found at src/main/resources/templates.

Where exactly is that directory?  I have no such directory in my clone of 
cas-gradle-overlay-template, I checked the github page, 
https://github.com/apereo/cas, and couldn't find anything that really made much 
sense. Theming is my last major hurtle. Any advice is quite welcome.

~TA
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+u...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/725eb3fb-fd9e-4186-b133-f427fd28666b%40apereo.org.

 

This email has been scanned for spam and viruses by Proofpoint Essentials. 
Click here to report this email as spam.


=

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5970e1a5.4c209693.21e%40unicon.net.

Re: [cas-user] Where exactly can views be found?

[Toby Archer]

Thanks! but alas, I am not quite off the ground yet. But I feel like it is 
just a little detail somewhere I'm missing. So in 
cas-gradle-overlay-template I made src/main/resources/templates. Just to be 
quick and easy I copied the entire templates directory from the repo 
listed. So I should have every possible template. I added what appeared to 
be the appropriate settings:

spring.thymeleaf.prefix=classpath:/templates/
> cas.view.cas2.success=protocol/2.0/casServiceValidationSuccess
> cas.view.cas3.success=protocol/3.0/casServiceValidationSuccess
>

I added  to the two views listed above, but my change 
didn't show up so far as I could tell.

I tried classpath:/templates, and that didn't seem to do anything. When I 
was working with the service registry and the associated json files it 
copied the /services/ directory over in the process of building, but that 
was because it was in etc/cas/config. Incidentally I tried adding the 
templates directory to that directory. This also didn't appear to have any 
effect. So I changed the property to 
spring.thymeleaf.prefix=file:/etc/cas/config/templates, this seems to have 
worked, but now if I don't include every template blows up instead of using 
the default one. 

On Thursday, July 20, 2017 at 10:59:33 AM UTC-5, Dmitriy Kopylenko wrote:
>
> There is no such directory in the overlay. You need to create one i.e. 
> src/main/resources/templates and then copy the default templates that you 
> are going to be modifying from here: 
> https://github.com/apereo/cas/tree/master/webapp/resources/templates and 
> off you go.
>
> Cheers,
> D.
>
>
> From: Toby Archer  
> Reply: cas-...@apereo.org   
> Date: July 20, 2017 at 11:53:03 AM
> To: CAS Community  
> Subject:  [cas-user] Where exactly can views be found? 
>
> Here in the documentation: 
> https://apereo.github.io/cas/5.1.x/installation/User-Interface-Customization-Views.html
>
> The first line says:
>
> The views are found at src/main/resources/templates.
>
>
> Where exactly is that directory?  I have no such directory in my clone of 
> cas-gradle-overlay-template, I checked the github page, 
> https://github.com/apereo/cas, and couldn't find anything that really 
> made much sense. Theming is my last major hurtle. Any advice is quite 
> welcome.
>
> ~TA
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/725eb3fb-fd9e-4186-b133-f427fd28666b%40apereo.org
>  
> 
> .
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/835903ba-de39-46c1-83cd-2f087525726f%40apereo.org.

[cas-user] Where exactly can views be found?

[Toby Archer]

Here in the documentation: 
https://apereo.github.io/cas/5.1.x/installation/User-Interface-Customization-Views.html

The first line says:

The views are found at src/main/resources/templates. 


Where exactly is that directory?  I have no such directory in my clone of 
cas-gradle-overlay-template, I checked the github page, 
https://github.com/apereo/cas, and couldn't find anything that really made 
much sense. Theming is my last major hurtle. Any advice is quite welcome.

~TA

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/725eb3fb-fd9e-4186-b133-f427fd28666b%40apereo.org.

[cas-user] MFA Gauth registry fails to register multiple users

[Bertrand Carlier]

hello all,

I cannot register multiple users on Google Auth mfa method:
- using the JSON registry will only record the first user, the second one 
fails
- using the MongoDB registry will only record the last registering user 
removing the (only) previous record.

with a JSONI get an exception regarding an ArrayList not being castable to 
a java.lang.Comparable :

2017-07-20 14:36:39,011 DEBUG 
[org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
 
- 
2017-07-20 14:36:39,012 DEBUG 
[org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
 
- 
2017-07-20 14:36:39,013 DEBUG 
[org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
 
- 
2017-07-20 14:36:39,014 DEBUG 
[org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
 
- 
2017-07-20 14:36:39,015 ERROR 
[org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
 
- 
java.lang.ClassCastException: java.util.ArrayList cannot be cast to 
java.lang.Comparable


anyone was succeeded in registering multiple users with either JSON or 
MongeDB registry? (does not seem to be the same bug though, MongoDB seems 
to be an issue with an initialized id, never overridden at 
https://github.com/apereo/cas/blob/8a7289a6e5b506bf92ad6a639cbb7f5990f0f0fc/support/cas-server-support-otp-mfa/src/main/java/org/apereo/cas/otp/repository/credentials/OneTimeTokenAccount.java#L40)

thanks.

(version 5.1.2)

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ffb8740d-b74f-4fe4-ac64-9cdb6d0e8451%40apereo.org.

Re: [cas-user] Google integration with 5.x

[Richard Frovarp]

On 07/18/2017 03:56 PM, Richard Frovarp wrote:
We are going to try to switch Google authentication over to CAS 
Thursday morning. I've done the configuration in CAS and have read the 
documentation. Anything I need to watch out for? Anything I should be 
specifically testing when I do this? It looks dead simple, just want 
to make sure I'm not missing anything.


Thanks.

Richard

Follow up to my own message, yes it is that simple. In my testing I did 
discover a couple of items:


- Global admins don't appear to follow the workflow

- Google MFA does not trigger after login. Slight issue as we are only 
licensed for employees via Duo, which we have working in CAS.


- Transition to SSO did not interfere with existing devices / apps 
already logged in, at least not for our short testing window.


- iOS keyboard on iPhone doesn't show a period for a CAS login. All of 
our ids have periods in them.


- iOS keyboard triggers the caps lock warning after the upper case 
character is entered, at which point the keyboard is back in lowercase 
mode despite the caps lock warning.


- iOS doesn't wrap the login button with any sort of button visual 
indicator.



Those last three are due to the fact I don't use iOS, but did so this 
morning for testing. Last one might be on us as we have customized the 
login page.


Overall quite happy with how easy that integration makes it and how well 
it works.


--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3cd09b1c-865f-0ccf-2e97-54fb931267c7%40ndsu.edu.

Re: [cas-user] CAS ADFS Integration

[Антон Шихмат]

Right now have another issue. 
I've added link to the login page to redirect to the ADFS login page using 
Webflow functionality. But after successful login, default login page is 
displayed again for some reason.
If login using credentials from the database - everything works as 
expected. Do I need to add some additional configuration? I mean maybe some 
webflow update needed?

On Tuesday, July 18, 2017 at 2:26:23 AM UTC+3, Misagh Moayyed wrote:
>
> Yes; there is a setting that controls auto-redirect to ADFS. Set that to 
> false, and put the link on the login page.
>
> --Misagh
>
> On July 17, 2017 at 1:51:10 PM, Uxío Prego (upr...@madiva.com 
> ) wrote:
>
> Let us hope am wrong, but reminds me vaguely of
>
> https://groups.google.com/a/apereo.org/d/msg/cas-user/BwnFLyc8TnY/6NjFsnIEAQAJ
>
> Best of luck,
>
> On 17 Jul 2017, at 09:23, Антон Шихмат  
> wrote:
>
> Hello everyone,
>
> On my current project we use CAS with configured custom database 
> authentication provider.
>
> Few weeks ago we received request from our client to integrate CAS with 
> their ADFS.
> I did it using provided tutorial on CAS website. After that only ADFS 
> authentication can be used. What I mean – when user tries to open secured 
> page, ADFS logic page is displayed, so user can use only his ADFS 
> credentials and cannot navigate to regular logic page (where database 
> authentication is configured).
>
> So my question is – is it possible to have a database authentication 
> provider configured as primary one (with default login page) and to have 
> button on that page that will redirect to ADFS authentication provider?
>
> Thanks,
> Anton
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5254c733-f507-46e0-ab43-a0a67022c2a5%40apereo.org
>  
> 
> .
>
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/B6930B01-0EDC-4199-B933-E1053778E231%40madiva.com
>  
> 
> .
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/43d4879e-0caa-45ef-8756-6e4b6ac3f868%40apereo.org.

[cas-user] Re: Need Help setting up CAS with x.509 authentication

[Fabio Martelli]

Il 19/07/2017 21:16, Sunil Kalahasti ha scritto:

Hi Fabio,

This is Sunil. I saw a recent post in CAS user community about x.509 
issue.


I am trying to configure x.509 authentication with CAS. I am unable to 
proceed forward as this is new to me.


If possible could you let me know the server configuration and 
customizations you had to do to make x.509 work with CAS.


Thanks in advance,
Sunil.


Hi Sunil, I'm on 5.1.X.

I have some customization around principal resolution BTW in your case 
the conf should be.


*cas.properties*

/cas.authn.x509.principal.principalAttribute=CN//
//cas.authn.x509.principal.returnNull=true//
//cas.authn.x509.principalDescriptor=$CN//
//cas.authn.x509.principalType=SUBJECT/

*pom.xml*

///
//  org.apereo.cas//
//cas-server-support-x509-webflow//
//  ${cas.version}//
///

This should be enough.

BR,

F.

--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html

Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email_kwd=fm

Apache Syncope PMC
http://people.apache.org/~fmartelli/

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/86cefd26-41c8-3f6e-d087-2ec72b665178%40gmail.com.

Re: [cas-user] Setting up SSL

[David Rodriguez Gonzalez]

Hello, 

Thanks for all your ideas! but nothing worked...

I tried changing the port to 1 and I got the same error. Also tried 
with sudo just to be sure that's not related with privileges.
Looks like CAS is starting 2 things in the same port, I know it's weird. 
Could anyone share their SSL configuration in order to make gradle-overlay 
works?

FYI:
We are on linux and mac and no other process is in that port.

Regards,
David

On Wednesday, 19 July 2017 21:17:51 UTC+2, Uxío Prego wrote:
>
> You should not be running Java with super user privileges, ever. Specially 
> in 
> production environments. 
>
> When on Linux additional configuration is necessary to allow an operating 
> system level user account access to well known ports in the first 1K 
> range. 
>
> OP likely to have had indeed the port held by a previous instance of CAS. 
>
> > On 19 Jul 2017, at 15:23, Toby Archer  
> wrote: 
> > 
> > First thing that comes to my mind is checking if there is anything on 
> that port. try running: 
> > 
> > netstat -a | grep "" 
> >  That should tell you whether or not there is anything else listening on 
> that port. 
> > 
> > My other thought would be to try and let it be the default 
> configuration, which is 8443 I believe. See if it accepts that. 
> > 
> > Oh, the other thing that occurred to me is try running it as a 
> privileged user, i.e. sudo. Some distros don't let unprivileged users bind 
> to ports below 1. 
> > 
> > I'm still very much so a rookie at CAS, but hopefully these suggestions 
> will be helpful. Quoth the blind man leading the blind. 
> > 
> > On Wednesday, July 19, 2017 at 2:32:50 AM UTC-5, David Rodriguez 
> Gonzalez wrote: 
> > Good morning everyone, 
> > 
> > I am having problems setting up https in CAS 5.0.x gradle overlay, maybe 
> you could give me a hand. 
> > 
> > I have the following properties in application.yml, keystore properties 
> duplicated to see if it works 
> > 
> > server: 
> >   port:  
> >   ssl: 
> > enabled: true 
> > keyStorePassword: changeit 
> > key-store-password: changeit 
> > keyPassword: changeit 
> > key-password: changeit 
> > keyStore: file:/etc/cas/thekeystore 
> > key-store: file:/etc/cas/thekeystore 
> > 
> > 
> > But I'm getting this: 
> > 
> > *** 
> > APPLICATION FAILED TO START 
> > *** 
> > 
> > Description: 
> > 
> > The Tomcat connector configured to listen on port  failed to start. 
> The port may already be in use or the connector may be misconfigured. 
> > 
> > Action: 
> > 
> > Verify the connector's configuration, identify and stop any process 
> that's listening on port , or configure this application to listen on 
> another port. 
> > 
> > 
> > Thanks a lot! 
> > 
> > -- 
> > - CAS gitter chatroom: https://gitter.im/apereo/cas 
> > - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html 
> > - CAS documentation website: https://apereo.github.io/cas 
> > - CAS project website: https://github.com/apereo/cas 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups "CAS Community" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to cas-user+u...@apereo.org . 
> > To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb1ff7e4-c790-4653-927b-44afcdf14553%40apereo.org.
>  
>
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/39424cf9-b5f2-4abf-972b-8417b31b9499%40apereo.org.