Re: [cas-user] Acceptable Usage Policy(AUP) in CAS5.2.x

[Jay]

We have enabled the User acceptance policy.

Whenever I use incognito window in Chrome and login it does not shows the 
User Policy page to accept. Only the first time I could see but closing and 
opening a new windows does not show the policy page.

Any help here is much appreciated.

Thanks,
Jay



On Tuesday, April 24, 2018 at 7:59:51 AM UTC-5, Manfredo Hopp wrote:
>
> Manually change login webflow xml. 
> You will have to address missing credentials issue.
>
> El martes, 24 de abril de 2018, Jay  > escribió:
>
>> Hello everyone,
>>
>> As part of the migration from CAS3.5 to CAS5.2.x, we have to implement 
>> the User Policy acceptance UI to allow the user to agree to the terms.
>>
>> In CAS3.5 we show the policy page even before the Login screen like shown 
>> below
>>
>>
>> 
>> Tried to have the same feature in CAS5.x and included the following 
>> properties.
>>
>>- Added the below in application.properties file:
>>
>> *cas.acceptableUsagePolicy.au 
>> pAttributeName=aupAccepted*
>>
>>
>>- Added the below dependency in pom.xml:
>>
>>  
>>   *  *
>> *org.apereo.cas*
>> *
>> cas-server-support-aup-webflow*
>> *${cas.version}*
>> **
>>
>> After adding the properties, User policy page is only shown after the 
>> user login with his/her credentials not before the login. Is this in built 
>> in CAS5 which cannot be changed or we can show the Policy page actually 
>> before a user logs in. If so can you please help me here on how to change 
>> it.
>>
>> Thanks & Regards,
>> Jay
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9f9b1b8-142d-49f8-9510-33813a98913d%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3914d42c-e3e4-4fa1-8e22-681b15d6c861%40apereo.org.

[cas-user] SLO and SSO using Mod_auth_cas

[Ramakrishna G]

Hello,

I am using Mod_auth_cas for reverse proxy to my cas server. How do I achive
slo and sso using mod_auth_cas? Also when I logout I am still able to
access my application without authentication. Is this the way mod_auth_cas
works?

Thanks
Ramakrishna G

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_19UfBq%2BsefvrBRD9UBOJMQHQqJj%3DmJzvm3Op6JsSUAQ%40mail.gmail.com.

Re: [cas-user] Re: CAS redirecting to multiple apps not working

[Andy Ng]

Hi Érico,

Pretty sure CAS Single Sign On (SSO) only works with https, you can try the 
following yourself:
- Login to "http://localhost:8080/cas";
- Immediately refresh the page
>From my experience, you might not see yourself not login again, because SSO 
is not working properly with http.

Anyway, my point is, you need to make your CAS use https first.

I am not familiar with JBoss, but if you go to 
https://localhost:8443/cas/login now, will you be able to see the page? If 
not then probably thekeystore is not loaded properly
See if this section helps 
you: https://github.com/apereo/cas-overlay-template#deployment

Another point might be, with you link:
http://localhost:8080/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fregistro-acidente%2Flogin%2Fcas
it will actually first check if you are login first, then redirect you to:
http://localhost:8080/registro-acidente/login/cas

So, you have an JBoss application located at here? 
http://localhost:8080/registro-acidente

CAS 5 by default do not have this url "
http://localhost:8080/registro-acidente/...  ", if that is your app1 / app2 
link, then that's fine

Cheers!
-Andy


On Wednesday, 23 May 2018 22:19:58 UTC+8, Érico Teixeira wrote:
>
> Hello Andy 
>
> thanks a lot for your help 
>
> the app1 link is the following : 
>
> http://localhost:8080/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fregistro-acidente%2Flogin%2Fcas
>
> regarding login page ... yes it is  http://localhost:8080/cas then 
> http://localhost:8080/cas/login
> I am sending the login header and parameters attached on this mail
>
> I am also sending my /private/etc/cas/config/cas.properties 
>
> the directory privileges are the following : 
>
> ls -la /private/etc/cas
> total 32
> drwxrwxrwx@   7 ericomartins  wheel   224 16 Mai 10:09 .
> drwxr-xr-x@ 121 root  wheel  3872 18 Mai 09:33 ..
> -rw-r--r--@   1 ericomartins  wheel  8196 22 Mai 09:28 .DS_Store
> drwxr-xr-x@   5 ericomartins  wheel   160 23 Abr 10:41 config
> drwxrwxrwx@   5 ericomartins  wheel   160 16 Mai 09:34 config-old
> drwxrwxrwx@   6 ericomartins  wheel   192 22 Mai 10:40 logs
> -rwxr-xr-x1 ericomartins  wheel  1951 15 Mai 09:41 thekeystore
>
> CAS app has a application.properties file with the following : 
>
> server.context-path=/cas
>
> server.port=8443
>
> #server.ssl.key-store=file:/etc/cas/thekeystore
>
> server.ssl.key-store=file:/private/etc/cas/thekeystore
>
> server.ssl.key-store-password=changeit
>
> server.ssl.key-password=changeit
>
> Best Regards
> Érico
>
>
>
>
> 2018-05-23 11:05 GMT-03:00 Andy Ng >:
>
>> Hi Érico,
>>
>> Likely your colleague have done some customization on CAS. Default CAS 
>> only have a username, password and some other things, and login success 
>> won't immediately have redirection links
>>
>> so, I think a little bit more information will be needed, in order to 
>> start solving your problem:
>> - What are the redirection links? You can blur out the server detail, but 
>> something "app1 redirection links is 
>> http://localhost:8080/cas?service=http://www.example.com/app1"; will tell 
>> us more about your problem
>> - You said sends me to login page, you mean send you back to "
>> http://localhost:8080/cas"; correct? If so, any parameter attached? 
>>
>> Another thing, CAS don't work / don't work well with http, try setup to 
>> https. I don't use JBoss myself so I won't be able to help on that.
>>
>> Cheers!
>> - Andy
>>
>>
>>
>>
>> On Wednesday, 23 May 2018 21:14:30 UTC+8, Érico Teixeira wrote:
>>>
>>> Hello 
>>>
>>> I've started woking on a set of apps developed by another programmer 
>>>
>>> I login through http://localhost:8080/cas that contains a menu with the 
>>> redirection for the other apps 
>>>
>>> This redirection is not working ... I've deployed other 2 apps along 
>>> with CAS(5.1) and all are successfully deployed :
>>>
>>> CAS and app1 in jboss EAP 7 running in 8080 
>>>
>>> app2 through spring boot running in 8090 
>>>
>>> Both app1 and app2 behave the same way ... I click on their menus and 
>>> the redirection sends me to login page instead of redirecting me to app1 or 
>>> app2 
>>>
>>> There are no erros on jboss logs 
>>>
>>> There are no erros on network tab in firefox or chrome 
>>>
>>> I don't know what other info I could past here to simulate the error 
>>>
>>> Please, I am stuck on this for a few days and don't know what else to 
>>> investigate
>>>
>>> Thks
>>> Érico
>>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f1bcce1-f1b9-4cb6-a68c-6bde820867e2%40apereo.org
>>  
>

[cas-user] How to set custom Java TrustStore for CAS Maven Overlay

[Sam Erie]

So I have tested my certifications using the suggested SSLPoke tool, and I
know I can use the java option -Djavax.net.ssl.trustStore= to make
CAS use the correct custom java truststore for my ldap connection. I was
even able to get it to run like java -Djavax.net.ssl.trustStore= -jar
target/cas.war. However I am trying to set it up to use ./build.sh run
maven command.

My question is how can I set a custom truststore for CAS to run? There is a
keystore property, and a trustCertificates property (which does not take a
keystore, only loose certs). There is a truststore property for server or
httpClient. I must be missing something, because this seems like a pretty
common usage case.

Or is there a way to set the execution command? Or an environmental
variable I can set? (I tried JAVA_OPTS, MAVEN_OPTS, CATALINA_OPTS etc) I
have tried many things, but there is so much documentation I am having
trouble finding this specific answer.

I appreciate any advice, hopefully this isn't something extremely obvious
that is just eluding me because I have been staring at it for so long.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BKXXY-j_iFi3KjNBj%2BT1FK1mJJoPS0vavqZvsaw1yUE4g%40mail.gmail.com.

[cas-user] Re: (Ask) CAS 5.2 Basic Installation Step by Step

[Fahmi L. Ramdhani]

Yes, I am currently following the guide written by David. I need to be 
careful that all components work properly. I will describe here when it is 
done. Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/df708309-31e0-4fb6-964a-98799a2e2c90%40apereo.org.

[cas-user] Re: (Ask) CAS 5.2 Basic Installation Step by Step

[Fahmi L. Ramdhani]

Yes, I am currently following the guidelines written by David carefully, so 
that all components work properly. I will describe here when it is done. 
Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a9f2d747-b138-49e1-a07c-129098aa609b%40apereo.org.

Re: [cas-user] CAS Management Service Showing 'localhost:8080' on Redirection to Login Page

[Uxío Prego]

Maybe grepping the CAS itself (not the overlay) helps..?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-05-23 17:16 GMT+00:00 josbrodie :

> When accessing 'hxxp://example.edu/cas-management' ---> the redirection
> to login page is 'hxxp://example.edu/cas/login?service=http%3A%2F%
> 2Flocalhost%3A8080%2Fcas-management%2Fmanage.html' ---> on successful
> authentication, it goes to the expected 'hxxp://example.edu/cas-
> management/services/default'.
>
> I have 'grep-ed' the living daylight out of both the CAS and services
> overlays to find the errant 'localhost:8080' and so far have not been
> successful.
>
> I have deployed both the respective 2 WARs in Tomcat (i.e. not the
> embedded container). Have I somehow also left the embedded container
> setting in the properties file and/or build script?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/0cea8e1b-350c-447d-842f-
> ce9d670ff5a5%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKZKrLftsCKF%3DAvcuukXMheq1D3ugxDxUOJdB2-qP4ucuA%40mail.gmail.com.

[cas-user] Re: (Ask) CAS 5.2 Basic Installation Step by Step

[Matthew Uribe]

Not that I've seen. You could always try your luck with Google, but I'd 
imaging most results would lead you back to this group or the CAS official 
docs.

I would still recommend David's docs. There may be some diversions, such as 
the use of apt rather than yum, but you should be able to work through that 
with the help of Ubuntu docs and community.

If Red Hat licensing is your issue, you could use CentOS, and it would 
match what's in the documentation that David Curry wrote.

On Wednesday, May 23, 2018 at 10:38:16 AM UTC-6, Fahmi L. Ramdhani wrote:
>
> In addition to the above guides, is there a specific guide for deploying 
> CAS 5.x Ubuntu Server 16.04?
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/90c8563f-2d4f-4098-98aa-f6f5b26fdc23%40apereo.org.

[cas-user] CAS Management Service Showing 'localhost:8080' on Redirection to Login Page

[josbrodie]

When accessing 'hxxp://example.edu/cas-management' ---> the redirection to 
login page is 'hxxp://example.edu/cas/login?service=
http%3A%2F%2Flocalhost%3A8080%2Fcas-management%2Fmanage.html' ---> on 
successful authentication, it goes to the expected 
'hxxp://example.edu/cas-management/services/default'.

I have 'grep-ed' the living daylight out of both the CAS and services 
overlays to find the errant 'localhost:8080' and so far have not been 
successful.

I have deployed both the respective 2 WARs in Tomcat (i.e. not the embedded 
container). Have I somehow also left the embedded container setting in the 
properties file and/or build script?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cea8e1b-350c-447d-842f-ce9d670ff5a5%40apereo.org.

[cas-user] Hazelcast showing [dev]

[Paulo Oliveros]

I am using CAS 5.1.2 with Hazelcast 3.8.1. It is working properly but it is 
always showing [dev]. I've been searching on how to change this value to 
other environment say [prod] when running in prod. But I could not find or 
figure this out. 

2018-05-23 09:00:04,485 DEBUG 
[com.hazelcast.internal.partition.InternalPartitionService] - 
<[XXX.XX.241.146]:5701 [dev] [3.8.1]

Thanks 

Paulo 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/978f8bd2-8d7a-49c3-9a71-041db824e16b%40apereo.org.

Re: [cas-user] Re: SPNEGO Client Selection Strategy

[Christian Poirier]

I think I know what you mean by "is buggy". I check the code and it misses
something. The webflow is not configured correctly even if you configure to
use hostname filter and/or IP address filter. It just jumps directly to
SPNEGO negotiate transition. I corrected this with the changes I made to
the code. There was no way to choose to go directly to SPNEGO or evaluate
the client before starts SPNEGO.

Christian Poirier
Mobile: 418-473-2824

2018-05-23 1:58 GMT-04:00 Charles Le Gallic :

> Ok thanks. Let me know if you can confirm that current native
> implementation is buggy.
>
> Regards,
>
> Charles
>
> 
> 12, impasse du Malrigou, 31140 Montberon
> 
> cont...@amoae.com | 06 24 73 04 98 | *amoae.com* 
>
>
> Le mer. 23 mai 2018 à 04:46, Christian Poirier  a
> écrit :
>
>> Hi Charles
>>
>> Yes I did, but with my own development and my properties. I will check if
>> I can implement with Client Access Strategy by implementing my own SPNEGO
>> Service Access Strategy
>>
>> Christian Poirier
>> Mobile: 418-473-2824
>>
>> 2018-05-22 1:58 GMT-04:00 Charles Le Gallic :
>>
>>> Hi Christian,
>>>
>>> Did you achieved to make IP based SPNEGO client selection works on CAS
>>> 5.x ?
>>>
>>> In that case, is there any other configuration to setup in addition to
>>> cas.properties configuration ?
>>>
>>> Regards,
>>>
>>> Charles
>>>
>>> 
>>> 12, impasse du Malrigou, 31140 Montberon
>>> 
>>> cont...@amoae.com | 06 24 73 04 98 | *amoae.com* 
>>>
>>>
>>> Le ven. 18 mai 2018 à 14:14, Christian Poirier  a
>>> écrit :
>>>
 Hi Charles

 I am using the 5.3.0-RC3. I illustrated the webflow to see the logic.
 The webflow logic is built in the code.
 I will check if the implementation based on a
 RegisteredServiceAccessStrategy is possible.

 Christian Poirier
 Mobile: 418-473-2824

 2018-05-18 1:28 GMT-04:00 Charles Le Gallic :

> Hi Christian,
>
> Which version of CAS do you use ?
>
> It seems to be a version below CAS 5.0.x (org.jasig packages and XML
> spring configurations). SPNEGO client selection strategy was working on 
> 4.x
> version, but I cannot make it work after having upgrade to CAS 5.1.x
>
> Regards,
>
> Charles
>
> 
> 12, impasse du Malrigou, 31140 Montberon
> 
> cont...@amoae.com | 06 24 73 04 98 | *amoae.com* 
>
>
> Le jeu. 17 mai 2018 à 15:25, Christian Poirier 
> a écrit :
>
>> Hi Nicolas,
>>
>> In our organization, we need to let the user choose between the
>> default login and SPNEGO upon a list of criteria and sometimes we need to
>> go directly to the SPNEGO authentication upon other criteria. For this
>> feature, I extended the SPNEGO module. I show a button with the label
>> "LOGIN WITH MY WINDOWS ACCOUNT" when the IP address matches a regular
>> expression. When the service matches a regular expression and the IP
>> address also matches its regular expression, I force SPNEGO 
>> authentication
>> without giving the user the chance to authenticate otherwise. If none of
>> the previous conditions are present, then the user must authenticate
>> normally with his user ID and password.
>> If you look the following webflow, you will find this logic inside.
>>
>> 
>>
>> 
>>
>> 
>>
>>
>>
>> 
>>
>>
>> 
>>
>>   > "hasServiceCheck" else="gatewayRequestCheck" />
>>
>> 
>>
>>
>> 
>>
>>   
>>
>> 
>>
>>
>> 
>>
>>   > "viewGenericLoginSuccess" />
>>
>> 
>>
>>
>> 
>>
>> > then="startAuthenticateCheck" else="generateServiceTicket" />
>>
>> 
>>
>>
>> 
>>
>> 
>>
>>   > else="redirect" />
>>
>> 
>>
>>
>> 
>>
>> 
>>
>>   > then="generateLoginTicket" else="spnegoForceCheckAction" />
>>
>> 
>>
>>
>> 
>>
>>
>>
>> 
>>
>>
>> 
>>
>>
>>
>>
>>
>>   
>>
>> 
>>
>>
>> 
>>
>> 
>>
>> 
>>
>> 
>>
>>
>>   
>>
>>   
>>
>> 
>>
>>
>> 
>>
>>
>>
>> 
>>
>>  
>>
>> 
>>
>>
>> 
>>
>>   
>>
>>   
>>
>> 
>>
>>
>> 
>>
>>  
>>
>>
>>
>>   
>>
>> 
>>
>>
>> 
>>
>> 
>>>

[cas-user] Re: (Ask) CAS 5.2 Basic Installation Step by Step

[Fahmi L. Ramdhani]

In addition to the above guides, is there a specific guide for deploying 
CAS 5.x Ubuntu Server 16.04?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/457f793c-b2cd-4477-8538-9d9f2c04b30c%40apereo.org.

Re: [cas-user] Re: CAS not redirecting to service after successful authentication.

[Ray Bon]

Neha,

I have not used ASP so am unfamiliar with its operation. Perhaps certificates 
need to be added to ASP environment?
Do you have  way to watch ASP network communications?

Ray

On Wed, 2018-05-23 at 11:27 +0200, N&S Technical Channel NS wrote:
Hello Ray,

Yes i am using self signed certificate and already added it.
My java application is working fine with CAS but not ASP.

What more can i try? Really stuck with the problem with no clue what to do next 
:(


Regards
Neha Gupta


On Tue, May 15, 2018 at 7:16 PM, Ray Bon mailto:r...@uvic.ca>> 
wrote:
Neha,

I have not used the .NET client. There may be more configuration that can be 
done.
One possibility is certificate validity. For .NET client to connect to CAS 
during ticket validation, CAS needs to verify client certificate.
Are you using self signed certificates? If so, they need to be added to the JVM 
running CAS.

Ray

On Mon, 2018-05-14 at 04:13 -0700, Neha Gupta wrote:
Hello Ray,

Request you to please help me out with this.
Please let me know in case you need any other information.


Regards
Neha Gupta

On Wednesday, May 9, 2018 at 10:25:46 AM UTC+2, Neha Gupta wrote:
Hello Ray,

Yes that what is clear from the traces that service ticket are getting 
generated but not validated. I have done all the configuration required in 
ASP.NET application.
Infact i just included the "DotNetCasClient" package and everything was done 
automatically. I just changed the values of some attributes like 
casServerLoginUrl, casServerUrlPrefix etc.

Below is the link which i followed for doing the changes in 
ASP.NET application: -
https://github.com/apereo/dotnet-cas-client#integration-instructions

I don't have any idea as what can be done to solve this problem and i would 
greatly appreciate if your community can help me out to solve the issue.

I am attaching web.config file for reference here.

PS: - I don't have any intention of using any particular ticket validator. 
Initially i tried with Cas20 but as it was not working so i switched to Saml11 
which though working but not redirecting to the ASP.NET 
application.


Regards
Neha Gupta


On Tuesday, May 8, 2018 at 6:39:44 PM UTC+2, rbon wrote:
Neha,

There may be other settings that need to be modified when switching from SAML11 
to CAS20. ST are being created but not validated. Your ASP.NET 
client is not configured correctly.

Ray

On Tue, 2018-05-08 at 03:56 -0700, Neha Gupta wrote:
Hello Andy,

Thanks for reply.
I was also wondering about the TARGET in the URL and i think its because of the 
ticketValidatorName="Saml11" mentioned in the web.config file of 
ASP.NET application and when i change the value of 
"ticketValidatorName" to Cas10 or Cas20 then it does not work at all.Also 
please find attached traces of the same.

Hope this will help.


Regards
Neha Gupta




On Tuesday, May 8, 2018 at 3:40:21 AM UTC+2, Andy Ng wrote:
Hi Neha,

Would like to know in which documentation do you know about the parameter 
TARGET in 
"https://idiv-dev1:8443/cas/login?TARGET=http%3a%2f%2flocalhost%3a60397%2f";, I 
didn't see this parameter in the official documentation.
Maybe it is something related to ASP.NET?

Anyway, the usual parameter for defining service in CAS is "service", that 
means your url should be 
"https://idiv-dev1:8443/cas/login?service=http%3a%2f%2flocalhost%3a60397%2f";

It is nice that you attached the debug log:
- I can see that the service is register successfully based on "", so your service registration 
is correct.

Regarding the part related to ASP.NET, I have no idea so I 
would not comment on that. But i think since you can login success, the 
ASP.NET part should be fine as is.

Cheers!
- Andy


On Monday, 7 May 2018 22:12:34 UTC+8, Neha Gupta wrote:
Dear All,

I am trying to integrate CAS with ASP.NET application.
Everything is working fine but CAS is not able to redirect to the destination 
service and showing its own logged in page.

Final URL is: - 
https://idiv-dev1:8443/cas/login?TARGET=http%3a%2f%2flocalhost%3a60397%2f

where in TARGET my service URL is defined where i want CAS to redirect .

Following configuration i have done in "web.config" file: -

https://idiv-dev1:8443/cas/login";
casServerUrlPrefix="https://idiv-dev1:8443/cas/";
serverName="http://localhost:60397/";
notAuthorizedUrl="~/NotAuthorized.aspx"
redirectAfterValidation="true"
 renew="false"
singleSignOut="true"
ticketValidatorName="Saml11"
serviceTicketManager="CacheServiceTicketManager"
 />

 
  https://idiv-dev1:8443/cas/login"; cookieless="UseCookies" />


Along with this configuration i have also mentioned in "FilterConfig.cs" below 
two lines: -

filters.Add(new System.Web.Mvc.AuthorizeAttribute());
filters.Add(new RequireHttpsAttribute());


Please let me know where is the problem as i have no clue.

PS: - I have registered the service with CAS and also below s

Re: [cas-user] How to invalidate session on CAS Client

[Ray Bon]

Francesca,

Is it possible for the portal to call logout on your web application?

Ray

On Wed, 2018-05-23 at 02:38 -0700, Francesca Micelli wrote:
Hi, my web application is integrated with a portal that use cas authentication. 
Logout is possible in two ways: on my web application (I first invalidate my 
session and then redirect to /logout on cas) or directly by portal (in this 
case session on my web application continues to exist - there are no single 
signout mechanisms implemented). In this last case there's a problem..if I 
logout on portal and then write directly URL of my web application the page is 
shown to me! Is there a way to resolve this situation?

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1527090136.1830.21.camel%40uvic.ca.

Re: [cas-user] CAS Login Page Cutomization

[David Curry]

It's on the list, along with a bunch of other updates. Every time I start
working on them, some piece of "real work" keeps coming along to interrupt
me. HOPEFULLY I'll be able to get to them in the next few weeks (he says,
optimistically). :-)

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]


On Wed, May 23, 2018 at 10:20 AM Andy Ng  wrote:

> Still waiting for glorious day that this page:
> https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html
> to come to live :)
>
> - Andy
>
> On Wednesday, 23 May 2018 20:01:29 UTC+8, David Curry wrote:
>>
>> These two threads are somewhat helpful:
>>
>>
>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/themes/cas-user/k-yfoou7Zy0/BXry1PxgFAAJ
>>
>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/template/cas-user/3eaKVAMhFYE/uuj7eEpCAwAJ
>>
>> Assuming you're making new templates, most of your work will probably get
>> done in layout.html, fragments/bottom.html, and fragments/loginform.html.
>>
>> --Dave
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>>
>> On Wed, May 23, 2018 at 12:02 AM Lionel Samuel 
>> wrote:
>>
>>> We are planning of customizing the CAS login page --- would anyone know
>>> of a resource that lists the files for us to update?
>>>
>>> I'm a bit lost -- as I don't see a master file that builds the login
>>> page (it probably me still getting used to the changes from v3 to v5.2)
>>>
>>> src/main/resources/messages.properties
>>> src/main/resources/cas-theme-default.properties
>>> src/main/resources/templates/casLoginView.html
>>> src/main/resources/templates/casLoginMessageView.html
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd1a0b6a-c288-4d53-b95e-a019905233f8%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1f02a848-a1ef-4be4-8faf-f1c00e39e357%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAO9tfC3RcqBOCVHvxmNnV7%3DzR7AFKu2oDHTDPndac81rw%40mail.gmail.com.

[cas-user] Client session invalidate on CAS logout

[sun]

Hi!
My web application is integrated with a portal that performs a cas 
authentication with ldap (there are other applications like mine that 
integrate with this portal). If I execute logout from portal..how can I 
invalidate the session on my web application?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a37c11b7-f991-4a67-a4a0-a463b58f3b93%40apereo.org.

[cas-user] Implementing Custom Logout. Getting ClassCastException for UrlValidator.

[Govind Lohiya]

Hi,

I am trying to implement custom cas logout. I have implemented custom cas 
login which works perfectly fine. 

I have created a a class which implements LogoutManager and another one 
which implements LogoutHandler.

I created a third class to register my custom logout handler which 
implements LogoutExecutionPlanConfigurer

In this configuration class I have following code which is causing problem.


@Bean
   SingleLogoutServiceLogoutUrlBuilder singleLogoutServiceLogoutUrlBuilder(){
  return new DefaultSingleLogoutServiceLogoutUrlBuilder(urlValidator());
   }

   @Bean
   UrlValidator urlValidator() {
  return new UrlValidator(){
 @Override public boolean isValid(String s) {
return 
org.apache.commons.validator.routines.UrlValidator.getInstance().isValid(s);
 }

 @Override public boolean isValidDomain(String s) {
return DomainValidator.getInstance().isValid(s);
 }
  };
   }


I am getting below error 

2018-05-23 14:59:06,489 WARN 
[org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext]
 
- 
May 23, 2018 2:59:06 PM org.apache.catalina.core.ContainerBase 
addChildInternal
SEVERE: ContainerBase.addChild: start: 
org.apache.catalina.LifecycleException: Failed to start component 
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
at 
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1140)
at 
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1874)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: 
org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
creating bean with name 'casReportsConfiguration': Unsatisfied dependency 
expressed through field 'cas3ServiceSuccessView'; nested exception is 
org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
creating bean with name 'casValidationConfiguration': Unsatisfied 
dependency expressed through field 'centralAuthenticationService'; nested 
exception is 
org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
creating bean with name 'casCoreConfiguration': Unsatisfied dependency 
expressed through field 'logoutManager'; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 'logoutManager' defined in class path resource 
[com/openbet/cas/logout/config/OpenbetLogoutManagerConfiguration.class]: 
Bean instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[com.openbet.cas.logout.OBLogoutManagerImpl]: Factory method 
'logoutManager' threw exception; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 'realLogoutManager' defined in class path resource 
[com/openbet/cas/logout/config/OpenbetLogoutManagerConfiguration.class]: 
Bean instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[org.apereo.cas.logout.LogoutManager]: Factory method 'realLogoutManager' 
threw exception; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 'singleLogoutServiceMessageHandler' defined in class path 
resource 
[com/openbet/cas/logout/config/OpenbetLogoutManagerConfiguration.class]: 
Bean instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[org.apereo.cas.logout.SingleLogoutServiceMessageHandler]: Factory method 
'singleLogoutServiceMessageHandler' threw exception; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 'singleLogoutServiceLogoutUrlBuilder' defined in class path 
resource 
[com/openbet/cas/logout/config/OpenbetLogoutManagerConfiguration.class]: 
Bean instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[org.apereo.cas.logout.SingleLogoutServiceLogoutUrlBuilder]: Factory method 
'singleLogoutServiceLogoutUrlBuilder' threw exception; nested exception is 
java.lang.ClassCastException: 
org.apereo.cas.web.SimpleUrlValidatorFactoryBean$$EnhancerBySpringCGLIB$$ba7be36f
 
cannot be cast to org.apereo

Re: [cas-user] CAS Login Page Cutomization

[Andy Ng]

Still waiting for glorious day that this page:
https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html 
to come to live :)

- Andy

On Wednesday, 23 May 2018 20:01:29 UTC+8, David Curry wrote:
>
> These two threads are somewhat helpful:
>
>
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/themes/cas-user/k-yfoou7Zy0/BXry1PxgFAAJ
>
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/template/cas-user/3eaKVAMhFYE/uuj7eEpCAwAJ
>
> Assuming you're making new templates, most of your work will probably get 
> done in layout.html, fragments/bottom.html, and fragments/loginform.html.
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
>
> On Wed, May 23, 2018 at 12:02 AM Lionel Samuel  > wrote:
>
>> We are planning of customizing the CAS login page --- would anyone know 
>> of a resource that lists the files for us to update?
>>
>> I'm a bit lost -- as I don't see a master file that builds the login page 
>> (it probably me still getting used to the changes from v3 to v5.2)
>>
>> src/main/resources/messages.properties
>> src/main/resources/cas-theme-default.properties
>> src/main/resources/templates/casLoginView.html
>> src/main/resources/templates/casLoginMessageView.html
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd1a0b6a-c288-4d53-b95e-a019905233f8%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1f02a848-a1ef-4be4-8faf-f1c00e39e357%40apereo.org.

Re: [cas-user] Re: CAS redirecting to multiple apps not working

[Érico]

Hello Andy

thanks a lot for your help

the app1 link is the following :
http://localhost:8080/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fregistro-acidente%2Flogin%2Fcas

regarding login page ... yes it is  http://localhost:8080/cas then
http://localhost:8080/cas/login
I am sending the login header and parameters attached on this mail

I am also sending my /private/etc/cas/config/cas.properties

the directory privileges are the following :

ls -la /private/etc/cas
total 32
drwxrwxrwx@   7 ericomartins  wheel   224 16 Mai 10:09 .
drwxr-xr-x@ 121 root  wheel  3872 18 Mai 09:33 ..
-rw-r--r--@   1 ericomartins  wheel  8196 22 Mai 09:28 .DS_Store
drwxr-xr-x@   5 ericomartins  wheel   160 23 Abr 10:41 config
drwxrwxrwx@   5 ericomartins  wheel   160 16 Mai 09:34 config-old
drwxrwxrwx@   6 ericomartins  wheel   192 22 Mai 10:40 logs
-rwxr-xr-x1 ericomartins  wheel  1951 15 Mai 09:41 thekeystore

CAS app has a application.properties file with the following :

server.context-path=/cas

server.port=8443

#server.ssl.key-store=file:/etc/cas/thekeystore

server.ssl.key-store=file:/private/etc/cas/thekeystore

server.ssl.key-store-password=changeit

server.ssl.key-password=changeit

Best Regards
Érico




2018-05-23 11:05 GMT-03:00 Andy Ng :

> Hi Érico,
>
> Likely your colleague have done some customization on CAS. Default CAS
> only have a username, password and some other things, and login success
> won't immediately have redirection links
>
> so, I think a little bit more information will be needed, in order to
> start solving your problem:
> - What are the redirection links? You can blur out the server detail, but
> something "app1 redirection links is http://localhost:8080/cas?
> service=http://www.example.com/app1"; will tell us more about your problem
> - You said sends me to login page, you mean send you back to "
> http://localhost:8080/cas"; correct? If so, any parameter attached?
>
> Another thing, CAS don't work / don't work well with http, try setup to
> https. I don't use JBoss myself so I won't be able to help on that.
>
> Cheers!
> - Andy
>
>
>
>
> On Wednesday, 23 May 2018 21:14:30 UTC+8, Érico Teixeira wrote:
>>
>> Hello
>>
>> I've started woking on a set of apps developed by another programmer
>>
>> I login through http://localhost:8080/cas that contains a menu with the
>> redirection for the other apps
>>
>> This redirection is not working ... I've deployed other 2 apps along with
>> CAS(5.1) and all are successfully deployed :
>>
>> CAS and app1 in jboss EAP 7 running in 8080
>>
>> app2 through spring boot running in 8090
>>
>> Both app1 and app2 behave the same way ... I click on their menus and the
>> redirection sends me to login page instead of redirecting me to app1 or
>> app2
>>
>> There are no erros on jboss logs
>>
>> There are no erros on network tab in firefox or chrome
>>
>> I don't know what other info I could past here to simulate the error
>>
>> Please, I am stuck on this for a few days and don't know what else to
>> investigate
>>
>> Thks
>> Érico
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/8f1bcce1-f1b9-4cb6-a68c-
> 6bde820867e2%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAORQCTLkJy3U-mp1tadOg0wYhgvkMePp9ib9foj37DcPhmbS0Q%40mail.gmail.com.

Response headers (1,066 KB) 
Cache-Control   
no-store
Connection  
keep-alive
Content-Language
pt-BR
Content-Type
text/html;charset=UTF-8
Date
Wed, 23 May 2018 14:10:43 GMT
Expires 
Pragma  
Server  
JBoss-EAP/7
Set-Cookie  
TGC=eyJhbGciOiJIUzUxMiJ9.WlhsS… path=/cas/; secure; HttpOnly
Transfer-Encoding   
chunked
X-Content-Type-Options  
nosniff
X-Frame-Options 
DENY
X-Powered-By
Undertow/1
X-XSS-Protection
1; mode=block
Request headers (577 B) 
Accept  
text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding 
gzip, deflate
Accept-Language 
pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Connection  
keep-aliv

[cas-user] Re: CAS redirecting to multiple apps not working

[Andy Ng]

Hi Érico,

Likely your colleague have done some customization on CAS. Default CAS only 
have a username, password and some other things, and login success won't 
immediately have redirection links

so, I think a little bit more information will be needed, in order to start 
solving your problem:
- What are the redirection links? You can blur out the server detail, but 
something "app1 redirection links is 
http://localhost:8080/cas?service=http://www.example.com/app1"; will tell us 
more about your problem
- You said sends me to login page, you mean send you back to 
"http://localhost:8080/cas"; correct? If so, any parameter attached? 

Another thing, CAS don't work / don't work well with http, try setup to 
https. I don't use JBoss myself so I won't be able to help on that.

Cheers!
- Andy




On Wednesday, 23 May 2018 21:14:30 UTC+8, Érico Teixeira wrote:
>
> Hello 
>
> I've started woking on a set of apps developed by another programmer 
>
> I login through http://localhost:8080/cas that contains a menu with the 
> redirection for the other apps 
>
> This redirection is not working ... I've deployed other 2 apps along with 
> CAS(5.1) and all are successfully deployed :
>
> CAS and app1 in jboss EAP 7 running in 8080 
>
> app2 through spring boot running in 8090 
>
> Both app1 and app2 behave the same way ... I click on their menus and the 
> redirection sends me to login page instead of redirecting me to app1 or 
> app2 
>
> There are no erros on jboss logs 
>
> There are no erros on network tab in firefox or chrome 
>
> I don't know what other info I could past here to simulate the error 
>
> Please, I am stuck on this for a few days and don't know what else to 
> investigate
>
> Thks
> Érico
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f1bcce1-f1b9-4cb6-a68c-6bde820867e2%40apereo.org.

[cas-user] CAS redirecting to multiple apps not working

[Érico]

Hello

I've started woking on a set of apps developed by another programmer

I login through http://localhost:8080/cas that contains a menu with the
redirection for the other apps

This redirection is not working ... I've deployed other 2 apps along with
CAS(5.1) and all are successfully deployed :

CAS and app1 in jboss EAP 7 running in 8080

app2 through spring boot running in 8090

Both app1 and app2 behave the same way ... I click on their menus and the
redirection sends me to login page instead of redirecting me to app1 or
app2

There are no erros on jboss logs

There are no erros on network tab in firefox or chrome

I don't know what other info I could past here to simulate the error

Please, I am stuck on this for a few days and don't know what else to
investigate

Thks
Érico

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAORQCTJpnRkifZQc8JrOTBR2UHL-cM9bbkzr0ZGhrEXY6URafQ%40mail.gmail.com.

Re: [cas-user] CAS Login Page Cutomization

[David Curry]

These two threads are somewhat helpful:

https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/themes/cas-user/k-yfoou7Zy0/BXry1PxgFAAJ
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/template/cas-user/3eaKVAMhFYE/uuj7eEpCAwAJ

Assuming you're making new templates, most of your work will probably get
done in layout.html, fragments/bottom.html, and fragments/loginform.html.

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]


On Wed, May 23, 2018 at 12:02 AM Lionel Samuel 
wrote:

> We are planning of customizing the CAS login page --- would anyone know of
> a resource that lists the files for us to update?
>
> I'm a bit lost -- as I don't see a master file that builds the login page
> (it probably me still getting used to the changes from v3 to v5.2)
>
> src/main/resources/messages.properties
> src/main/resources/cas-theme-default.properties
> src/main/resources/templates/casLoginView.html
> src/main/resources/templates/casLoginMessageView.html
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd1a0b6a-c288-4d53-b95e-a019905233f8%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMP10N7_29D%3Dy%2B%3DnhVAKnW3xZ%2BQ45qP%2BM5P-vTmJyEXBA%40mail.gmail.com.

Re: [cas-user] CAS Logout Issue

[Ramakrishna G]

Ok Ray. Thanks for your help!!

Anyone who has worked on Mod_auth_cas along with CAS server pls guide me.
My issue is MOD_AUTH_CAS_S cookie is not removed from browser after logout.

Thanks
Ramakrishna G

On Tue, May 22, 2018 at 9:53 PM, Ray Bon  wrote:

> Ramakrishna,
>
> This now sounds like an issue on the client side. I have not used
> mod_auth_cas. Try debugging it and your client for how they handle the
> logout request.
>
> Ray
>
> On Tue, 2018-05-22 at 15:41 +0530, Ramakrishna G wrote:
>
> Ray,
>
> I was able to solve the ssl issue using open_sll. Now I am using https at
> both end with valid certificate.
>
> But my original problem of cas not logging out still persist.
>
> On Sat, May 19, 2018 at 4:51 PM, Ramakrishna G  wrote:
>
> Ray,
>
> I configured ssl as advised by you. Now I have a different issue.
>
> When I use CASValidateURL with https url I get this Unauthorized error. If
> i remove https it works but logout issue still persist  Unauthorized
>
> This server could not verify that you are authorized to access the
> document requested. Either you supplied the wrong credentials (e.g., bad
> password), or your browser doesn't understand how to supply the credentials
> required.
>
>
> I am sharing my config
>
> CASCookiePath /var/cache/mod_auth_cas/
>
> CASCertificatePath  /etc/httpd/conf/casdev.crt
>
> CASLoginURL https://192.168.111.12:8443/cas/login
>
> CASRootProxiedAs https://192.168.111.12:8443
>
> CASValidateURL  https://192.168.111.12:8443/cas/serviceValidate
>
> #CASValidateURL http://192.168.111.12:/cas/serviceValidate // *Tomcat
> http port *
>
> CASValidateSAML Off
>
> CASSSOEnabled On
> 
>SSLProxyEngine on
>SSLProxyVerify none
>SSLProxyCheckPeerCN off
>SSLProxyCheckPeerName off
>SSLProxyCheckPeerExpire off
>Loglevel debug
> 
> AllowOverride
> AuthType CAS
> require valid-user
> CASRenew On
> ProxyPass http://192.168.111.10/
> ProxyPassReverse http://192.168.111.10/
> 
> 
> Require all granted
> ProxyPass https://192.168.111.12:9443/cas  *// Tomcat
> https port 9443*
> ProxyPassReverse https://192.168.111.12:9443/cas
> 
>
> 
>
>
> On Fri, May 18, 2018 at 8:50 PM, Ray Bon  wrote:
>
> Ramakrishna,
>
> During log out when CAS contacts your service (where mod_auth_cas is), it
> does so with https. You need to install the custom certificate that is on
> your service into the jvm running CAS.
>
> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
> $JAVA_HOME/jre/lib/security/cacerts
>
> https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl
>
> Ray
>
> On Fri, 2018-05-18 at 11:04 +0530, Ramakrishna G wrote:
>
> Ray,
>
> Let me explain you my architecture. I have a CAS client (mod_auth_cas)
> which redirects to NGINX Load Balancer. The nginx forwards to one of the
> active CAS Server. Do I need to install certificates on all CAS Server?
>
> User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
> internal communication from Nginx to CAS server. i.e Plain http
> comminication is happenning from nginx to cas server.
>
>
> Can you pls guide me how can I achieve logout for my approach.
>
> On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:
>
> Ramakrishna,
>
> Add this to the log config:
>
> 
>
> The above may produce a lot of messages.
> It looks to be a problem with CAS contacting your client. It could be a
> certificate issue.
> I guess you created a certificate since it is on a 192 ip. Did you add the
> certificate to the java key store? If CAS and your client are on different
> machines, then the certificate will need to be added to both.
>
> Ray
>
> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>
> Hi Ray,
>
> As said by you, I enabled logs and this is the output
>
> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> -  **eGcHG1JqHs-client]>
> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  service [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,origin
> alUrl=https://192.168.111.12:8443/,*artifactId=*,princip
> al=casuser,loggedOutAlready=false,format=XML]]...>
> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.Default
> SingleLogoutServiceMessageHandler] -  [org.apereo.cas.authentication.principal.SimpleWebApplicatio
> nServiceImpl@432f5faa[id=https://192.168.111.12:8443/,origin
> alUrl=https://192.168.111.12:8443/,artifactId=,princip
> al=casuser,loggedOutAlready=false,format=XML]] supports single logout and
> is found in the registry as [id=1001,name=HTTPS and
> IMAPS,description=This service definition authorizes all application urls
> that support HTTPS and IMAPS protocols.,serviceId=^(https|i
> maps)://.*,usernameAttribut

[cas-user] How to invalidate session on CAS Client

[Francesca Micelli]

Hi, my web application is integrated with a portal that use cas 
authentication. Logout is possible in two ways: on my web application (I 
first invalidate my session and then redirect to /logout on cas) or 
directly by portal (in this case session on my web application continues to 
exist - there are no single signout mechanisms implemented). In this last 
case there's a problem..if I logout on portal and then write directly URL 
of my web application the page is shown to me! Is there a way to resolve 
this situation?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/572b1631-7049-46ef-9ce9-dd1492a249de%40apereo.org.

Re: [cas-user] Re: CAS not redirecting to service after successful authentication.

[N&S Technical Channel NS]

Hello Ray,

Yes i am using self signed certificate and already added it.
My java application is working fine with CAS but not ASP.

What more can i try? Really stuck with the problem with no clue what to do
next :(


Regards
Neha Gupta


On Tue, May 15, 2018 at 7:16 PM, Ray Bon  wrote:

> Neha,
>
> I have not used the .NET client. There may be more configuration that can
> be done.
> One possibility is certificate validity. For .NET client to connect to CAS
> during ticket validation, CAS needs to verify client certificate.
> Are you using self signed certificates? If so, they need to be added to
> the JVM running CAS.
>
> Ray
>
> On Mon, 2018-05-14 at 04:13 -0700, Neha Gupta wrote:
>
> Hello Ray,
>
> Request you to please help me out with this.
> Please let me know in case you need any other information.
>
>
> Regards
> Neha Gupta
>
> On Wednesday, May 9, 2018 at 10:25:46 AM UTC+2, Neha Gupta wrote:
>
> Hello Ray,
>
> Yes that what is clear from the traces that service ticket are getting
> generated but not validated. I have done all the configuration required in
> ASP.NET application.
> Infact i just included the "DotNetCasClient" package and everything was
> done automatically. I just changed the values of some attributes like
> casServerLoginUrl, casServerUrlPrefix etc.
>
> Below is the link which i followed for doing the changes in ASP.NET
> application: -
> https://github.com/apereo/dotnet-cas-client#integration-instructions
>
> I don't have any idea as what can be done to solve this problem and i
> would greatly appreciate if your community can help me out to solve the
> issue.
>
> I am attaching web.config file for reference here.
>
> PS: - I don't have any intention of using any particular ticket validator.
> Initially i tried with Cas20 but as it was not working so i switched to
> Saml11 which though working but not redirecting to the ASP.NET
> application.
>
>
> Regards
> Neha Gupta
>
>
> On Tuesday, May 8, 2018 at 6:39:44 PM UTC+2, rbon wrote:
>
> Neha,
>
> There may be other settings that need to be modified when switching from
> SAML11 to CAS20. ST are being created but not validated. Your ASP.NET
> client is not configured correctly.
>
> Ray
>
> On Tue, 2018-05-08 at 03:56 -0700, Neha Gupta wrote:
>
> Hello Andy,
>
> Thanks for reply.
> I was also wondering about the TARGET in the URL and i think its because
> of the *ticketValidatorName="Saml11"* mentioned in the web.config file of
> ASP.NET application and when i change the value of "ticketValidatorName"
> to Cas10 or Cas20 then it does not work at all.Also please find attached
> traces of the same.
>
> Hope this will help.
>
>
> Regards
> Neha Gupta
>
>
>
>
> On Tuesday, May 8, 2018 at 3:40:21 AM UTC+2, Andy Ng wrote:
>
> Hi Neha,
>
> Would like to know in which documentation do you know about the parameter
> TARGET in "https://idiv-dev1:8443/cas/login?TARGET=
> *http%3a%2f%2flocalhost%3a60397%2f*", I didn't see this parameter in the
> official documentation.
> Maybe it is something related to ASP.NET?
>
> Anyway, the usual parameter for defining service in CAS is "service", that
> means your url should be "https://idiv-dev1:8443/cas/login?*service*
> =http%3a%2f%2flocalhost%3a60397%2f"
>
> It is nice that you attached the debug log:
> - I can see that the service is register successfully based on " registered service [^(https|imaps|http)://.*]>", so your service
> registration is correct.
>
> Regarding the part related to ASP.NET, I have no idea so I would not
> comment on that. But i think since you can login success, the ASP.NET
> part should be fine as is.
>
> Cheers!
> - Andy
>
>
> On Monday, 7 May 2018 22:12:34 UTC+8, Neha Gupta wrote:
>
> Dear All,
>
> I am trying to integrate CAS with ASP.NET application.
> Everything is working fine but CAS is not able to redirect to the
> destination service and showing its own logged in page.
>
> Final URL is: - https://idiv-dev1:8443/cas/login?TARGET=
> *http%3a%2f%2flocalhost%3a60397%2f*
>
> where in TARGET my service URL is defined where i want CAS to redirect .
>
> Following configuration i have done in "*web.config*" file: -
>
> * casServerLoginUrl="https://idiv-dev1:8443/cas/login";
> casServerUrlPrefix="https://idiv-dev1:8443/cas/";
> serverName="http://localhost:60397/";
> notAuthorizedUrl="~/NotAuthorized.aspx"
> redirectAfterValidation="true"
>  renew="false"
> singleSignOut="true"
> ticketValidatorName="Saml11"
> serviceTicketManager="CacheServiceTicketManager"
> * />*
>
> * *
>   https://idiv-dev1:84
> 43/cas/login" cookieless="UseCookies" />
> **
>
> Along with this configuration i have also mentioned in "*FilterConfig.cs*"
> below two lines: -
>
> filters.Add(new System.Web.Mvc.AuthorizeAttribute());
> filters.Add(new RequireHttpsAttribute());
>
>
> Please let me know where is the problem as i have no clue.
>
> PS: - I have registered the service with CAS and also below service is
> present which authorizes all services to pass through CAS: -
> {
>   "@class" : "org.apereo