Re: [cas-user] Throttling not blocking [CAS 6.0.0]

2019-04-05 Thread Baso Dupond 
Ray,

Scenario I have done :
1/ After serveral attempts with a wrong password, I obtain the page "Too 
many attempts " 
2/ Then I open a new window https://x/cas/login (I am NOT blocked) and 
make another attemps with a wrong password.
3/ Once again after several attemps I obtain the page "Too many attempts 
" 
4/ Then I open a new window https://x/cas/login (I am NOT blocked) and 
make another attemps with a correct password.
5/ I am granted access

Here below the trace

2019-04-06 04:12:22,939 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 

2019-04-06 04:12:22,940 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2019-04-06 04:12:24,543 WARN 
[org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter]
 
- **
2019-04-06 04:12:32,020 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2019-04-06 04:12:36,231 WARN 
[org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler] - 

2019-04-06 04:12:36,642 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 

2019-04-06 04:12:36,643 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2019-04-06 04:12:38,827 WARN 
[org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler] - 

2019-04-06 04:12:39,293 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 

2019-04-06 04:12:39,294 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2019-04-06 04:12:41,267 WARN 
[org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter]
 
- **
2019-04-06 04:12:44,896 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2019-04-06 04:12:50,200 WARN 
[org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler] - 

2019-04-06 04:12:50,767 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2019-04-06 04:12:54,763 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  Do you have ant suggestion how to have my IP (here 92.170.234.118) 
blocked ?

Thks,
Rgds


Le vendredi 5 avril 2019 20:38:21 UTC+2, rbon a écrit :
>
> Baso,
>
> AUTHENTICATION_EVENT_TRIGGERED happens any time cas/login is accessed.
> What happens when you try to log in?
>
> Ray
>
> On Fri, 2019-04-05 at 09:42 -0700, Baso Dupond wrote:
>
> Hi,
>
> I have implemented CAS 6.0.0 with succes so far.
>
> I have difficulties with 'Throttling Authentication Attempts'
>
> After doing connexion attempts with a wrong password, I am happy to see 
> the page "Too many attempts " 
> However I am NOT blocked. I can immediatly perform a succesfull connexion 
> with the correct password with the same browser on a new page.
>
> ##  extract of cas.properties ##
> cas.authn.throttle.usernameParameter=
> cas.authn.throttle.schedule.startDelay=PT10S
> cas.authn.throttle.schedule.repeatInterval=PT120S
> cas.authn.throttle.appCode=CAS
> cas.authn.throttle.failure.threshold=30
> cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
> cas.authn.throttle.failure.rangeSeconds=60
>
> cas.authn.throttle.bucket4j.rangeInSeconds=60
> cas.authn.throttle.bucket4j.capacity=120
> cas.authn.throttle.bucket4j.blocking=true
> cas.authn.throttle.bucket4j.overdraft=0
>
>
> ## Logs 
> 2019-04-05 18:33:28,139 ERROR 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>  authentication handler that supports 
> [UsernamePasswordCredential(username=XXX, source=null)] of type 
> [UsernamePasswordCredential]. Examine the configuration to ensure a method 
> of authentication is defined and analyze CAS logs at DEBUG level to trace 
> the authentication event.>
> 2019-04-05 18:33:28,141 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: X
> WHAT: Supplied credentials: 
> [UsernamePasswordCredential(username=XXX, source=null)]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Fri Apr 05 18:33:28 CEST 2019
> CLIENT IP ADDRESS: 92.170.234.118
> SERVER IP ADDRESS: 127.0.0.1
> =
>
> >
> *2019-04-05 18:33:30,072 WARN 
> [org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter]
>  
> -  attempts within [60] seconds. Authentication attempt exceeds the failure 
> threshold [30]>*
> 2019-04-05 18:33:38,814 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: [event=success,timestamp=Fri Apr 05 18:33:38 CEST 
> 2019,source=RankedMultifactorAuthenticationProviderWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Fri Apr 05 18:33:38 CEST 2019
> CLIENT IP ADDRESS: 92.170.234.118
> SERVER IP ADDRESS: 127.0.0.1
>

Re: [cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-04-05 Thread Ray Bon 
Anuja,

What you are seeing are duplicate log entries (time stamps match).
Check 'additivity' in log4j2.xml to make sure only one message is logged.

Ray

On Fri, 2019-04-05 at 13:41 -0700, Anuja Paradkar wrote:
Log file shows it creates and validates same ticket twice, no doubt during 
second validation it wont find entry for that service. Funny thing it does not 
throw exception but just uses default redirect path which is "/" in CAS source 
code.


[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - ^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/88643054fe6167e706a53af091dd1d51561fc0b2.camel%40uvic.ca.

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-04-05 Thread Anuja Paradkar 
Log file shows it creates and validates same ticket twice, no doubt during 
second validation it wont find entry for that service. Funny thing it does 
not throw exception but just uses default redirect path which is "/" in CAS 
source code.


[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 
attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 
attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - ^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
> Facing same issue with 5.3.1, but on random occasion. Wondering were you 
> able to resolve this.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/08f4d054-95a2-4d38-9c90-71f5e73e287a%40apereo.org.

[cas-user] Re: CAS Authentication Exception

2019-04-05 Thread Andrey Seledkov 
Ray, you was right

I forgot about dependecy

compile "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"


Thanks a lot!


пятница, 5 апреля 2019 г., 13:56:55 UTC+3 пользователь Andrey Seledkov 
написал:
>
> Hello team.
>
> I setup cas overlay template , version 6.0.3
>
> I am trying to authenticate user ,  but got next stack trace , please 
> assist
>
> My application.properties
>
> cas.authn.accept.users=
> cas.authn.accept.name=
> cas.jdbc.showSql=true
> cas.authn.jdbc.query[0].sql=SELECT password FROM users WHERE username=?
> cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/test
> cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL8Dialect
> cas.authn.jdbc.query[0].user=root
> cas.authn.jdbc.query[0].password=
> cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
> cas.authn.jdbc.query[0].fieldPassword=password
> cas.authn.jdbc.query[0].passwordEncoder.type=NONE
> cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
>
>
> and my registry service
>
> {
>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId": "^https://localhost;,
>   "name": "HTTPS/IMAPS wildcard",
>   "id": 1001,
>   "evaluationOrder": 9,
> }
>
>
>
> WHO: test 
>   
>   
>  WHAT: Supplied credentials: 
> [UsernamePasswordCredential(username=test, source=null)]  
>   
>   
>  ACTION: AUTHENTICATION_FAILED
>   
>   
>   APPLICATION: CAS
>   
>   
>   
>  WHEN: Fri Apr 05 13:38:14 EEST 2019  
>   
>   
>   CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1  
>   
>   
>   
>  SERVER IP ADDRESS: 0:0:0:0:0:0:0:1   
>   
>   
>   
> = 
>   
>   
>   
>   
>   
>   
>   
>   
>   
>  13:38:14.076 [https-jsse-nio-8443-exec-7] 
> DEBUG 
> org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver
>  - 0 errors, 0 successes  
>
> org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes  
>   
>   
>  at 
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:349)
>  ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]
>  at 
>

Re: [cas-user] Re: CAS Authentication Exception

2019-04-05 Thread Ray Bon 
Andrey,

It looks like your jdbc handler is not recognized. I have this in my log 
(5.2.7):

DEBUG [aper.cas.auth.RegisteredServiceAuthenticationHandlerResolver] - 


Check your config file location and where CAS thinks it should be.

Ray

On Fri, 2019-04-05 at 11:30 -0700, Andrey Seledkov wrote:
As i see issue here not with sql query , it is didnt get to sql , becasue 
failed before it

I thinf issue here


21:22:12.966 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager - Authentication 
credentials provided for this transaction are [[UsernamePasswordCredentia




l(username=test, source=null)]]




21:22:12.977 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Candidate/Registered authentication handlers for this transaction are 
[[org.apere




o.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@e890591]]




21:22:12.977 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - Sorted 
and registered authentication handler resolvers for this transaction are [




[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@2d9df336]]




21:22:12.978 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Authentication handler resolvers for this transaction are 
[[org.apereo.cas.authen




tication.handler.RegisteredServiceAuthenticationHandlerResolver@2d9df336]]




21:22:12.978 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Authentication handler resolvers produced no candidate authentication handler. 
Us




ing the default handler resolver instead...




21:22:12.980 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.AuthenticationHandlerResolver - Default 
authentication handlers used for this transaction are 
[HttpBasedServiceCredentialsA




uthenticationHandler]




21:22:12.980 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Resolved and finalized authentication handlers to carry out this authentication 
t




ransaction are 
[[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@2d9df336]]




21:22:12.980 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager - Candidate 
resolved authentication handlers for this transaction are [[org.apereo.cas.aut




hentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@e890591]]




21:22:12.980 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager - Attempting to 
authenticate credential [UsernamePasswordCredential(username=test, source=




null)]




21:22:12.982 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager - Authentication 
handler [HttpBasedServiceCredentialsAuthenticationHandler] does not suppo




rt the credential type [UsernamePasswordCredential(username=test, 
source=null)]. Trying next...




21:22:12.984 [https-jsse-nio-8443-exec-7] INFO  
org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit trail 
record BEGIN




Default handler is HttpBasedServiceCredentialsAuthenticationHandler which does 
not support UsernamePasswordCredential


 does not suppo




rt the credential type [UsernamePasswordCredential(username=test, source=null)]




пятница, 5 апреля 2019 г., 13:56:55 UTC+3 пользователь Andrey Seledkov написал:
Hello team.

I setup cas overlay template , version 6.0.3

I am trying to authenticate user ,  but got next stack trace , please assist

My application.properties


cas.authn.accept.users

=



cas.authn.accept.name

=


cas.jdbc.showSql

=

true


cas.authn.jdbc.query[0].sql

=

SE

LECT password FROM users WHERE username=?


cas.authn.jdbc.query[0].url

=

jd

bc:mysql://localhost:3306/test


cas.authn.jdbc.query[0].

dialect

=

org.hibernate.dialect.

MySQL8Dialect


cas.authn.jdbc.query[0].user

=

r

oot


cas.authn.jdbc.query[0].

password

=




cas.authn.jdbc.query[0].

driverClass

=

com.mysql.jdbc.

Driver


cas.authn.jdbc.query[0].

fieldPassword

=

password


cas.authn.jdbc.query[0].

passwordEncoder.type

=

NONE


cas.authn.jdbc.query[0].

passwordEncoder.

characterEncoding

=

UTF-8


and my registry service


{




"@class"

:

"org.apereo.cas.services.

RegexRegisteredService"

,




"serviceId"

:

"^



https://localhost

"

,




"name"

:

"HTTPS/IMAPS wildcard"

,




"id"

:

1001

,




"evaluationOrder"

:

9

,


}



WHO: test


WHAT: Supplied credentials: [UsernamePasswordCredential(

username=test, source=null)]


ACTION: AUTHENTICATION_FAILED


APPLICATION: CAS


WHEN: Fri Apr 05 13:38:14 EEST 2019


CLIENT IP ADDRESS:

Re: [cas-user] Throttling not blocking [CAS 6.0.0]

2019-04-05 Thread Ray Bon 
Baso,

AUTHENTICATION_EVENT_TRIGGERED happens any time cas/login is accessed.
What happens when you try to log in?

Ray

On Fri, 2019-04-05 at 09:42 -0700, Baso Dupond wrote:
Hi,

I have implemented CAS 6.0.0 with succes so far.

I have difficulties with 'Throttling Authentication Attempts'

After doing connexion attempts with a wrong password, I am happy to see the 
page "Too many attempts "
However I am NOT blocked. I can immediatly perform a succesfull connexion with 
the correct password with the same browser on a new page.

##  extract of cas.properties ##
cas.authn.throttle.usernameParameter=
cas.authn.throttle.schedule.startDelay=PT10S
cas.authn.throttle.schedule.repeatInterval=PT120S
cas.authn.throttle.appCode=CAS
cas.authn.throttle.failure.threshold=30
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=60

cas.authn.throttle.bucket4j.rangeInSeconds=60
cas.authn.throttle.bucket4j.capacity=120
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.overdraft=0


## Logs 
2019-04-05 18:33:28,139 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 

2019-04-05 18:33:28,141 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2019-04-05 18:33:30,072 WARN 
[org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter]
 - 
2019-04-05 18:33:38,814 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  Do you have ant suggestion how to have my IP (here 92.170.234.118) 
blocked ?


Thks,
Rgds

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/067095a84d0c2d640e63f920d664467dbd541528.camel%40uvic.ca.

[cas-user] Re: CAS Authentication Exception

2019-04-05 Thread Andrey Seledkov 
As i see issue here not with sql query , it is didnt get to sql , becasue 
failed before it

I thinf issue here

21:22:12.966 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager - Authentication 
credentials provided for this transaction are [[UsernamePasswordCredentia   
   l(username=test, 
source=null)]]  


  21:22:12.977 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Candidate/Registered authentication handlers for this transaction are 
[[org.apere 
 
o.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@e890591]]


21:22:12.977 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - Sorted 
and registered authentication handler resolvers for this transaction are [  

[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@2d9df336]]


   21:22:12.978 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Authentication handler resolvers for this transaction are 
[[org.apereo.cas.authen 
 
tication.handler.RegisteredServiceAuthenticationHandlerResolver@2d9df336]]  


   21:22:12.978 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Authentication handler resolvers produced no candidate authentication handler. 
Us  ing the 
default handler resolver instead... 


   21:22:12.980 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.AuthenticationHandlerResolver - Default 
authentication handlers used for this transaction are 
[HttpBasedServiceCredentialsA   
   uthenticationHandler]


  21:22:12.980 
[https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan - 
Resolved and finalized authentication handlers to carry out this authentication 
t  
ransaction are 
[[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@2d9df336]]

   
21:22:12.980 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager - Candidate 
resolved authentication handlers for this transaction are [[org.apereo.cas.aut  

hentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@e890591]]


 21:22:12.980 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager - Attempting to 
authenticate credential [UsernamePasswordCredential(username=test, source=  
null)]

[cas-user] Re: CAS 5.1.9 Mongodb ticket cleanup

2019-04-05 Thread Juan Quintanilla 
Never mind I found that in CAS 5.3 you have the cleanup process working with 
mongodb.


Thanks!


___
Juan Quintanilla
Enterprise Systems Group
305-348-6573
jquin...@fiu.edu



From: cas-user@apereo.org  on behalf of Juan Quintanilla 

Sent: Thursday, April 4, 2019 11:32 AM
To: cas-user@apereo.org
Subject: [cas-user] CAS 5.1.9 Mongodb ticket cleanup


Hi,


We are testing CAS 5.1.9 with mongodb for the ticket registry and wanted know 
if someone can provide some guidance on how your are performing ticket cleanup.


Appreciate any suggestions on this setup.


Thanks!


___
Juan Quintanilla
jquin...@fiu.edu

--
- Website: 
https://apereo.github.io/cas
- Gitter Chatroom: 
https://gitter.im/apereo/cas
- List Guidelines: 
https://goo.gl/1VRrw7
- Contributions: 
https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR05MB5182704CB9156950025D0C7386500%40SN6PR05MB5182.namprd05.prod.outlook.com.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR05MB5182C3DF8A68FE4F0B7F94B086500%40SN6PR05MB5182.namprd05.prod.outlook.com.

[cas-user] Throttling not blocking [CAS 6.0.0]

2019-04-05 Thread Baso Dupond 
Hi,

I have implemented CAS 6.0.0 with succes so far.

I have difficulties with 'Throttling Authentication Attempts'

After doing connexion attempts with a wrong password, I am happy to see the 
page "Too many attempts " 
However I am NOT blocked. I can immediatly perform a succesfull connexion 
with the correct password with the same browser on a new page.

##  extract of cas.properties ##
cas.authn.throttle.usernameParameter=
cas.authn.throttle.schedule.startDelay=PT10S
cas.authn.throttle.schedule.repeatInterval=PT120S
cas.authn.throttle.appCode=CAS
cas.authn.throttle.failure.threshold=30
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=60

cas.authn.throttle.bucket4j.rangeInSeconds=60
cas.authn.throttle.bucket4j.capacity=120
cas.authn.throttle.bucket4j.blocking=true
cas.authn.throttle.bucket4j.overdraft=0


## Logs 
2019-04-05 18:33:28,139 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 

2019-04-05 18:33:28,141 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
*2019-04-05 18:33:30,072 WARN 
[org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter]
 
- *
2019-04-05 18:33:38,814 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  Do you have ant suggestion how to have my IP (here 92.170.234.118) 
blocked ?


Thks,
Rgds

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/153ead59-6a8c-4a80-9bc4-b6064a6369a6%40apereo.org.

[cas-user] How to use REST Attribute Release Policy (Return Restful)?

2019-04-05 Thread Fahmi L. Ramdhani 
Hello,

How to use REST Attribute Release Policy? REST Endpoint filled with? I 
tried to do something stupid, I route (on my website) to give a JSON 200 
response with a response:

*https://try.example.com/json-output* respon
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https://client.example.com(\\z|\/.*)",
  "name" : "Return Restful",
  "id" : 300,
  "description" : "Test RESTful Attribute Release Policy",
  "attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
  "@class" : "java.util.TreeMap",
  "email" : "email",
  "name" : "name",
  "phone" : "phone"

}
  }
}


Oops! The test failed. I mean that the service releases attributes based on 
the released attribute list (JSON). How to use the REST? Sorry if my 
question is a little stupid.

Thankyou
Fahmi

*https://github.com/sentrasoft/laravel-cas*



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c2829dfc-7eb5-46f4-97c0-898df8f07bed%40apereo.org.

Re: [cas-user] CAS Authentication Exception

2019-04-05 Thread Ray Bon 
Andrey,

You have showSql=true, check the sql statement to be sure it is correct, and 
run it against your database to be sure it returns the data that you want.
The stack trace is part of DEBUG output.

Ray



On Fri, 2019-04-05 at 03:56 -0700, Andrey Seledkov wrote:
Hello team.

I setup cas overlay template , version 6.0.3

I am trying to authenticate user ,  but got next stack trace , please assist

My application.properties


cas.authn.accept.users

=


cas.authn.accept.name

=


cas.jdbc.showSql

=

true


cas.authn.jdbc.query[0].sql

=

SELECT password FROM users WHERE username=?


cas.authn.jdbc.query[0].url

=

jdbc:mysql://localhost:3306/test


cas.authn.jdbc.query[0].dialect

=

org.hibernate.dialect.MySQL8Dialect


cas.authn.jdbc.query[0].user

=

root


cas.authn.jdbc.query[0].password

=




cas.authn.jdbc.query[0].driverClass

=

com.mysql.jdbc.Driver


cas.authn.jdbc.query[0].fieldPassword

=

password


cas.authn.jdbc.query[0].passwordEncoder.type

=

NONE


cas.authn.jdbc.query[0].passwordEncoder.characterEncoding

=

UTF-8


and my registry service


{




"@class"

:

"org.apereo.cas.services.RegexRegisteredService"

,




"serviceId"

:

"^https://localhost;

,




"name"

:

"HTTPS/IMAPS wildcard"

,




"id"

:

1001

,




"evaluationOrder"

:

9

,


}



WHO: test


WHAT: Supplied credentials: [UsernamePasswordCredential(username=test, 
source=null)]


ACTION: AUTHENTICATION_FAILED


APPLICATION: CAS


WHEN: Fri Apr 05 13:38:14 EEST 2019


CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1


SERVER IP ADDRESS: 0:0:0:0:0:0:0:1


=








13:38:14.076 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver 
- 0 errors, 0 successes


org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes


at 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:349)
 ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]


at 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:327)
 ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]


at 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:136)
 ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]


at 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(

) ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]


at 
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) 
~[spring-core-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135)
 ~[inspektr-audit-1.8.4.GA.jar!/:1.8.4.GA]


at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]


at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 ~[?:?]


at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:?]


at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]


at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
 ~[spring-aop-5.1.3.RELEASE.jar!/:5.1.3.RELEASE]


at

[cas-user] Re: CAS Management - Collection of Attributes in Attribute Release Policy

2019-04-05 Thread Fahmi L. Ramdhani 
I hope CAS Management can take attributes based on existing attributes 
(*attribute 
key*).
Thank David!

Pada Jumat, 05 April 2019 15.01.42 UTC+7, Fahmi L. Ramdhani menulis:
>
> Hello,
>
> How to configure the attribute list in the Attribute Release Policy 
> (Return Allowed) in CAS Management? There only displays *uid, eppn *and 
> *givenName*. While the attributes available in the database are *uid, 
> email, username, nip, phone *and others. I want to display the array list 
> based on the available attributes.
>
> Thank you.
> Fahmi
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/978b15ff-3321-49e1-a2c1-5c01727e7ca7%40apereo.org.

Re: [cas-user] CAS Management - Collection of Attributes in Attribute Release Policy

2019-04-05 Thread David Curry 
I'm afraid I don't know the answer to that one.

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu


On Fri, Apr 5, 2019 at 9:23 AM Fahmi L. Ramdhani <
fahmilestianramdh...@gmail.com> wrote:

>
> Can the configuration be dynamic? The example in the settings has several
> attributes (*Multi Row* attribute resolution), I hope CAS Management can
> take attributes based on existing attributes (*attribute key*).
>
> Can it be like that?
> Thank you David
>
> Sent from my iPhone
>
> On 5 Apr 2019, at 18.45, David Curry  wrote:
>
> For CAS 5.2.x, you configure the "stub" attribute repository with all the
> attribute names you want the management app to be able to work with (add
> these to the management.properties file, not cas.properties):
>
> cas.authn.attributeRepository.stub.attributes.UDC_IDENTIFIER:
>  UDC_IDENTIFIER
> cas.authn.attributeRepository.stub.attributes.cn:   cn
> cas.authn.attributeRepository.stub.attributes.displayName:  displayName
> cas.authn.attributeRepository.stub.attributes.givenName:givenName
> cas.authn.attributeRepository.stub.attributes.mail: mail
> cas.authn.attributeRepository.stub.attributes.sn:   sn
> cas.authn.attributeRepository.stub.attributes.uid:  uid
>
> I assume that's still the case with CAS 5.3.x and CAS 6.x, but it doesn't
> seem to be documented any longer.
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
>
> On Fri, Apr 5, 2019 at 4:01 AM Fahmi L. Ramdhani <
> fahmilestianramdh...@gmail.com> wrote:
>
>> Hello,
>>
>> How to configure the attribute list in the Attribute Release Policy
>> (Return Allowed) in CAS Management? There only displays *uid, eppn *and
>> *givenName*. While the attributes available in the database are *uid,
>> email, username, nip, phone *and others. I want to display the array
>> list based on the available attributes.
>>
>> Thank you.
>> Fahmi
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7575817d-2e4a-43dd-84f9-e051f17a8f73%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMrzTdHjUdUBmhUe%2BesEx_gt5VN0MCksV3fGsCfRMkNMA%40mail.gmail.com
> 
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7BF37BB2-C0CC-47AC-8A2A-8606EEA34456%40gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPsKa1HphyzTtX%3Dfq0vnck_%2BD57qbpy%3D-%2BF2qe9dN9Kag%40mail.gmail.com.

Re: [cas-user] CAS Management - Collection of Attributes in Attribute Release Policy

2019-04-05 Thread Fahmi L. Ramdhani 

Can the configuration be dynamic? The example in the settings has several 
attributes (Multi Row attribute resolution), I hope CAS Management can take 
attributes based on existing attributes (attribute key).

Can it be like that?
Thank you David

Sent from my iPhone

> On 5 Apr 2019, at 18.45, David Curry  wrote:
> 
> For CAS 5.2.x, you configure the "stub" attribute repository with all the 
> attribute names you want the management app to be able to work with (add 
> these to the management.properties file, not cas.properties):
> 
> cas.authn.attributeRepository.stub.attributes.UDC_IDENTIFIER:   UDC_IDENTIFIER
> cas.authn.attributeRepository.stub.attributes.cn:   cn
> cas.authn.attributeRepository.stub.attributes.displayName:  displayName
> cas.authn.attributeRepository.stub.attributes.givenName:givenName
> cas.authn.attributeRepository.stub.attributes.mail: mail
> cas.authn.attributeRepository.stub.attributes.sn:   sn
> cas.authn.attributeRepository.stub.attributes.uid:  uid
> 
> I assume that's still the case with CAS 5.3.x and CAS 6.x, but it doesn't 
> seem to be documented any longer.
> 
> --
> DAVID A. CURRY, CISSP
> DIRECTOR OF INFORMATION SECURITY
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
> 
> 
>> On Fri, Apr 5, 2019 at 4:01 AM Fahmi L. Ramdhani 
>>  wrote:
>> Hello,
>> 
>> How to configure the attribute list in the Attribute Release Policy (Return 
>> Allowed) in CAS Management? There only displays uid, eppn and givenName. 
>> While the attributes available in the database are uid, email, username, 
>> nip, phone and others. I want to display the array list based on the 
>> available attributes.
>> 
>> Thank you.
>> Fahmi
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7575817d-2e4a-43dd-84f9-e051f17a8f73%40apereo.org.
> 
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMrzTdHjUdUBmhUe%2BesEx_gt5VN0MCksV3fGsCfRMkNMA%40mail.gmail.com.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7BF37BB2-C0CC-47AC-8A2A-8606EEA34456%40gmail.com.

Re: [cas-user] CAS 5.1.9 Mongodb ticket cleanup

2019-04-05 Thread David Curry 
When we were using mongodb as our ticket repository (CAS 5.2.x), we just
took the default ticket registry cleaner that came out of the box, and it
worked pretty well.

However, mongodb itself as a ticket registry gave us some problems under
heavier load (like when a few thousand students were all logging in at the
same time to register for classes). We ended up moving to Hazelcast for our
ticket registry based on what other people on this list are doing, and it
performed much better (this week was registration).

As long as you have more than one server so you can replicate ticket
storage, there's really no need for tickets to be stored on disk. So unless
you have some other good reason for using mongodb to do it, I would
recommend using one of the memory-based caches instead.

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu


On Thu, Apr 4, 2019 at 11:32 AM Juan Quintanilla  wrote:

> Hi,
>
>
> We are testing CAS 5.1.9 with mongodb for the ticket registry and wanted
> know if someone can provide some guidance on how your are performing ticket
> cleanup.
>
>
> Appreciate any suggestions on this setup.
>
>
> Thanks!
>
>
> ___
> Juan Quintanilla
> jquin...@fiu.edu
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/SN6PR05MB5182704CB9156950025D0C7386500%40SN6PR05MB5182.namprd05.prod.outlook.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANumBxjt1Zf0vSRXvzQFVux5d1f53hgQSANViM%2BXa1VDg%40mail.gmail.com.

Re: [cas-user] CAS Management - Collection of Attributes in Attribute Release Policy

2019-04-05 Thread David Curry 
For CAS 5.2.x, you configure the "stub" attribute repository with all the
attribute names you want the management app to be able to work with (add
these to the management.properties file, not cas.properties):

cas.authn.attributeRepository.stub.attributes.UDC_IDENTIFIER:
 UDC_IDENTIFIER
cas.authn.attributeRepository.stub.attributes.cn:   cn
cas.authn.attributeRepository.stub.attributes.displayName:  displayName
cas.authn.attributeRepository.stub.attributes.givenName:givenName
cas.authn.attributeRepository.stub.attributes.mail: mail
cas.authn.attributeRepository.stub.attributes.sn:   sn
cas.authn.attributeRepository.stub.attributes.uid:  uid

I assume that's still the case with CAS 5.3.x and CAS 6.x, but it doesn't
seem to be documented any longer.

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu


On Fri, Apr 5, 2019 at 4:01 AM Fahmi L. Ramdhani <
fahmilestianramdh...@gmail.com> wrote:

> Hello,
>
> How to configure the attribute list in the Attribute Release Policy
> (Return Allowed) in CAS Management? There only displays *uid, eppn *and
> *givenName*. While the attributes available in the database are *uid,
> email, username, nip, phone *and others. I want to display the array list
> based on the available attributes.
>
> Thank you.
> Fahmi
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7575817d-2e4a-43dd-84f9-e051f17a8f73%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMrzTdHjUdUBmhUe%2BesEx_gt5VN0MCksV3fGsCfRMkNMA%40mail.gmail.com.

[cas-user] CAS Authentication Exception

2019-04-05 Thread Andrey Seledkov 
Hello team.

I setup cas overlay template , version 6.0.3

I am trying to authenticate user ,  but got next stack trace , please assist

My application.properties

cas.authn.accept.users=
cas.authn.accept.name=
cas.jdbc.showSql=true
cas.authn.jdbc.query[0].sql=SELECT password FROM users WHERE username=?
cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/test
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL8Dialect
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].passwordEncoder.type=NONE
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8


and my registry service

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^https://localhost;,
  "name": "HTTPS/IMAPS wildcard",
  "id": 1001,
  "evaluationOrder": 9,
}



WHO: test   


   WHAT: Supplied credentials: 
[UsernamePasswordCredential(username=test, source=null)]


   ACTION: AUTHENTICATION_FAILED


  APPLICATION: CAS  


 WHEN: Fri Apr 
05 13:38:14 EEST 2019   


 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 


SERVER IP ADDRESS: 
0:0:0:0:0:0:0:1 


=   









 13:38:14.076 [https-jsse-nio-8443-exec-7] DEBUG 
org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver 
- 0 errors, 0 successes 

org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes


   at 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:349)
 ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]  
   at 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:327)
 ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]  
  at 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:136)
 ~[cas-server-core-authentication-api-6.0.3-SNAPSHOT.jar!/:6.0.3-SNAPSHOT]

[cas-user] CAS Management - Collection of Attributes in Attribute Release Policy

2019-04-05 Thread Fahmi L. Ramdhani 
Hello,

How to configure the attribute list in the Attribute Release Policy (Return 
Allowed) in CAS Management? There only displays *uid, eppn *and *givenName*. 
While the attributes available in the database are *uid, email, username, 
nip, phone *and others. I want to display the array list based on the 
available attributes.

Thank you.
Fahmi

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7575817d-2e4a-43dd-84f9-e051f17a8f73%40apereo.org.