[cas-user] AUP not Working With MFA (CAS 5.2.4)
Hi Everyone, We are on CAS 5.2.4, and have implemented AUP (Acceptable Usage Policy) with LDAP and also MFA (Multi-Factor Authentication) via Duo. Both work fine by themselves. The problem is that if a site has an MFA provider defined, the AUP flow does not get triggered. Would anyone know what's up / how to remedy the situation? Is this a bug? If so, is it addressed in a later release? Thanks, Trev -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d67c26e9-a03e-466b-a65c-e684f7d83de1%40apereo.org.
Re: [cas-user] 6.1.0 RC6 Attributes Values being doubled when surrogacy is enabled
Robert,
Is log in failing? Any error messages?
Could it be that the second entry is the surrogate; and if no surrogate is
supplied in the log in form, then the same subject exists for both [that is,
for the surrogate plugin, an array is required]?
Ray
On Mon, 2019-10-07 at 13:10 -0700, 'Robert Bond' via CAS Community wrote:
Running into an odd doubling of attribute values when surrogate access is
enabled.
On CAS 6.1.0 RC6
Here is my Surrogate config, Active Directory Auth config, and Attribute
repository:
# Surrogate config
cas.authn.surrogate.separator=+
cas.authn.surrogate.json.location=file:/etc/cas/config/surrogates.json
# set some properties we can re-use in authn and attributeRepository
configuration
ldap-url= ldaps://ad01.example.edu:636
ldap-binddn= cn=logon_ldap_user,ou=Application
Users,ou=All_Users,dc=example,dc=edu
ldap-bindpw= examplePass
ldap-auth-type= DIRECT
ldap-basedn= ou=All_Users,dc=example,dc=edu
ldap-dnformat=cn=%s,ou=All_Users,dc=example,dc=edu
ldap-user-filter= (cn={user})
ldap-max-pool-size=20
ldap-tls=false
ldap-ssl=true
# configure ldap authentication
cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
cas.authn.ldap[0].base-dn=${ldap-basedn}
cas.authn.ldap[0].bind-credential=${ldap-bindpw}
cas.authn.ldap[0].bind-dn=${ldap-binddn}
cas.authn.ldap[0].dn-format=${ldap-dnformat}
cas.authn.ldap[0].ldap-url=${ldap-url}
cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].subtree-search=true
cas.authn.ldap[0].type=${ldap-auth-type}
cas.authn.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.ldap[0].use-ssl=${ldap-ssl}
cas.authn.ldap[0].use-start-tls=${ldap-tls}
# configure ldap attribute repository
cas.authn.attributeRepository.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap-url}
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].useSsl=${ldap-ssl}
cas.authn.attributeRepository.ldap[0].useStartTls=${ldap-tls}
cas.authn.attributeRepository.ldap[0].baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=${ldap-binddn}
cas.authn.attributeRepository.ldap[0].bindCredential=${ldap-bindpw}
cas.authn.attributeRepository.ldap[0].minPoolSize=0
cas.authn.attributeRepository.ldap[0].maxPoolSize=${ldap-max-pool-size}
cas.authn.attributeRepository.ldap[0].validateOnCheckout=true
# configure validator for attribute repository
cas.authn.attributeRepository.ldap[0].validator.type=SEARCH
cas.authn.attributeRepository.ldap[0].validator.baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].validator.searchFilter=(objectClass=*)
cas.authn.attributeRepository.ldap[0].validator.scope=OBJECT
cas.authn.attributeRepository.ldap[0].validator.attributeName=objectClass
cas.authn.attributeRepository.ldap[0].validator.attributeValues=top
# Get AD attributes
cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName=samAccountName
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.mail=email
cas.authn.attributeRepository.ldap[0].attributes.mail=emailAddress
cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
cas.authn.attributeRepository.ldap[0].attributes.sn=surname
cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf
When the surrogacy dependency is added to build.gradle the attributeRepository
returns doubled values for the attributes. See the example attributes below"
cn [BONDR, BONDR]
displayName [Robert Bond, Robert Bond]
distinguishedName [CN=BONDR,OU=NSU,OU=All_Users,DC=example,DC=edu,
CN=BONDR,OU=All_Users,DC=example,DC=edu]
Any thoughts? When I remove the surrogate dependency from build.gradle it
returns the attributes correctly. ex: cn [BONDR]
Thanks!
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/07f972a0b25ab6862769721b4f68339555ff9ac6.camel%40uvic.ca.
[cas-user] Re: 500 Session Limit in SSO Session Report?
Update: I just checked in on my prod, single node CAS deployment, and it shows 592 total SSO sessions in the Dashboard (CAS 5.2.6). On Monday, October 7, 2019 at 3:00:58 PM UTC-6, Matthew Uribe wrote: > > Hi everyone. > > I've been using a single node for CAS over the last year or so. Now that > we are wanting to load balance our CAS workload, I have configured > Hazelcast, per the documentation, and have been quite satisfied with the > ease of setup. However, in load testing, I've noticed that the most session > the CAS Dashboard will show, either in the SSO Session Report, or the Stats > Panel, is 500. I wondered whether older sessions were being dropped, but > found that the sessions which no longer appeared in the Dashboard were > still able to use SSO without a second authentication? > > I'm wondering whether anyone else has seen this, and whether it's a > limitation of CAS, or perhaps Hazelcast. I've not noticed this before, > although I can't say that I load tested my initial single node CAS > deployment quite so vigorously. > > CAS 5.3.12.1 > > Thanks > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67d61843-6ace-4586-be0f-eb7ba9d73c36%40apereo.org.
[cas-user] 500 Session Limit in SSO Session Report?
Hi everyone. I've been using a single node for CAS over the last year or so. Now that we are wanting to load balance our CAS workload, I have configured Hazelcast, per the documentation, and have been quite satisfied with the ease of setup. However, in load testing, I've noticed that the most session the CAS Dashboard will show, either in the SSO Session Report, or the Stats Panel, is 500. I wondered whether older sessions were being dropped, but found that the sessions which no longer appeared in the Dashboard were still able to use SSO without a second authentication? I'm wondering whether anyone else has seen this, and whether it's a limitation of CAS, or perhaps Hazelcast. I've not noticed this before, although I can't say that I load tested my initial single node CAS deployment quite so vigorously. CAS 5.3.12.1 Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/02224450-6422-4d29-8d9a-9c61f9b41b2b%40apereo.org.
[cas-user] 6.1.0 RC6 Attributes Values being doubled when surrogacy is enabled
Running into an odd doubling of attribute values when surrogate access is
enabled.
On CAS 6.1.0 RC6
Here is my Surrogate config, Active Directory Auth config, and Attribute
repository:
# Surrogate config
cas.authn.surrogate.separator=+
cas.authn.surrogate.json.location=file:/etc/cas/config/surrogates.json
# set some properties we can re-use in authn and attributeRepository
configuration
ldap-url= ldaps://ad01.example.edu:636
ldap-binddn= cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc
=example,dc=edu
ldap-bindpw= examplePass
ldap-auth-type= DIRECT
ldap-basedn= ou=All_Users,dc=example,dc=edu
ldap-dnformat=cn=%s,ou=All_Users,dc=example,dc=edu
ldap-user-filter= (cn={user})
ldap-max-pool-size=20
ldap-tls=false
ldap-ssl=true
# configure ldap authentication
cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
cas.authn.ldap[0].base-dn=${ldap-basedn}
cas.authn.ldap[0].bind-credential=${ldap-bindpw}
cas.authn.ldap[0].bind-dn=${ldap-binddn}
cas.authn.ldap[0].dn-format=${ldap-dnformat}
cas.authn.ldap[0].ldap-url=${ldap-url}
cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].subtree-search=true
cas.authn.ldap[0].type=${ldap-auth-type}
cas.authn.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.ldap[0].use-ssl=${ldap-ssl}
cas.authn.ldap[0].use-start-tls=${ldap-tls}
# configure ldap attribute repository
cas.authn.attributeRepository.ldap[0].trustCertificates
=file:/etc/cas/trustedexamplecert.der
cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap-url}
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].useSsl=${ldap-ssl}
cas.authn.attributeRepository.ldap[0].useStartTls=${ldap-tls}
cas.authn.attributeRepository.ldap[0].baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=${ldap-binddn}
cas.authn.attributeRepository.ldap[0].bindCredential=${ldap-bindpw}
cas.authn.attributeRepository.ldap[0].minPoolSize=0
cas.authn.attributeRepository.ldap[0].maxPoolSize=${ldap-max-pool-size}
cas.authn.attributeRepository.ldap[0].validateOnCheckout=true
# configure validator for attribute repository
cas.authn.attributeRepository.ldap[0].validator.type=SEARCH
cas.authn.attributeRepository.ldap[0].validator.baseDn=${ldap-basedn}
cas.authn.attributeRepository.ldap[0].validator.searchFilter=(objectClass=*)
cas.authn.attributeRepository.ldap[0].validator.scope=OBJECT
cas.authn.attributeRepository.ldap[0].validator.attributeName=objectClass
cas.authn.attributeRepository.ldap[0].validator.attributeValues=top
# Get AD attributes
cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName
=samAccountName
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.mail=email
cas.authn.attributeRepository.ldap[0].attributes.mail=emailAddress
cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
cas.authn.attributeRepository.ldap[0].attributes.sn=surname
cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf
When the surrogacy dependency is added to build.gradle the
attributeRepository returns doubled values for the attributes. See the
example attributes below"
cn [BONDR, BONDR]
displayName [Robert Bond, Robert Bond]
distinguishedName [CN=BONDR,OU=NSU,OU=All_Users,DC=example,DC=edu,
CN=BONDR,OU=All_Users,DC=example,DC=edu]
Any thoughts? When I remove the surrogate dependency from build.gradle it
returns the attributes correctly. ex: cn [BONDR]
Thanks!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f3842e4-4e15-4101-b420-238935acceb9%40apereo.org.
[cas-user] [cas-announce] Java CAS client v3.6.0
The Java CAS client v3.6.0 is released: https://github.com/apereo/java-cas-client/releases/tag/cas-client-3.6.0 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LzbYTsXR%2BtHhRt%2BywaORB3sT%2B43is4U6_%2BcVnaA4mjg7A%40mail.gmail.com.
[cas-user] CAS4 and CAS5 webflow encryption key size, 12 or 16 bytes?
Hello, Documentation in CAS4/CAS5 both say it requires size 16 for webflow encryption key. However, for CAS4, it is 16 after base64 encoding, which means the key itself is 12 bytes, correct? This seems to be corrected in CAS5, it is using size 16 before base64 encoding, which is 24 afterwards. See below as a generated key from CAS4. Cas4: Generated encryption key jLDwMdhnKGlETWoy of size 16. is this correct? Thx! Yan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/80a4e76a-8a4e-4d5d-a5d3-968bc77af314%40apereo.org.
Re: [cas-user] A French documentation
Vallee, Même entre 5.2 et 5.3 on a des configs qui peuvent être très différentes, donc il y a forcément des différences de config avec 6.X. Par contre, les principes d'installation et de configuration ne changent pas. Merci. On Mon, Oct 7, 2019 at 8:57 AM vallee.romain wrote: > Superbe documentation !!! > Est ce que ça peut fonctionner avec la version 6 (dans les grandes lignes) > ? > > Dommage, il manque la gestion des tickets (les différents types et temps > de tickets) > > Merci beaucoup > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/58718471-583b-4055-a2f7-72c41531b17d%40apereo.org > . > -- ! roger -- www.yerbynet.com -- Un ordinateur sans connexion Internet, c'est un peu comme une télévision sans antenne :) -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHu2YPEVtJ1AtqYKK4LQDaGGC9VozmpcBoFr_%3DeN4V7UDjwJsA%40mail.gmail.com.
[cas-user] A French documentation
Superbe documentation !!! Est ce que ça peut fonctionner avec la version 6 (dans les grandes lignes) ? Dommage, il manque la gestion des tickets (les différents types et temps de tickets) Merci beaucoup -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/58718471-583b-4055-a2f7-72c41531b17d%40apereo.org.
[cas-user] CAS 6.1 RC6 Release Announcement
CAS 6.1 RC6 is released: https://github.com/apereo/cas/releases/tag/v6.1.0-RC6 -- Misagh -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/37a9b60a-a687-4f71-8ef1-6f1b3cda2fd9%40Spark.
