[cas-user] Re: Noob question about{...}

2019-10-08 Thread Andy Ng 
Hello,

I also agree this part of the documentation is hard to understand unless 
you read through the whole doc word by word

Let make Hazelcat Ticket Registry as an example: 
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#hazelcast-ticket-registry

You saw that there is a line here:
*Hazelcast settings for this feature are available here 

 under 
the configuration key cas.ticket.registry.hazelcast.*


And after you click into the link, it will redirect you to here: 
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#hazelcast-configuration

With the following line

# ${configurationKey}.cluster.members=123.456.789.000,123.456.789.001
# ${configurationKey}.cluster.instanceName=localhost
# ${configurationKey}.cluster.port=5701



In the example of Hazelcast Ticket, that means if you want to set members 
for Hazelcast, you need to use the following syntax:

*[cas.ticket.registry.hazelcast] => **# 
${configurationKey}.cluster.members=123.456.789.000,123.456.789.001*
*cas.ticket.registry.hazelcast*
*.cluster.members=123.456.789.000,123.456.789.001*


The cas.ticket.registry.hazelcast is the {$configurationKey}, you plug it 
in and it would works.


How about another example: 
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#radius-authentication
Principal transformation settings for this feature are available here 

 under 
the configuration key cas.authn.radius.

In this case, the config for Radius Principal transformation settings 
should be:
*cas.authn.radius.principalTransformation.pattern=(.+)@example.org*


See if the above helps, thanks.

Cheers!
- Andy






-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c3cb1282-0002-4c37-932e-806359669d76%40apereo.org.

Re: [cas-user] Noob question about{...}

2019-10-08 Thread Ray Bon 
Start with the item in the left hand menu (eg ldap authentication), 
https://apereo.github.io/cas/6.0.x/installation/LDAP-Authentication.html
and then the configuration link, 
https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html#ldap-authentication

There you will find specific properties and the configurationkey and a link to 
the common properties, 
https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties-Common.html#ldap-connection-settings.

Ray

On Tue, 2019-10-08 at 12:53 -0700, vallee.romain wrote:

Hello.

I spend a lot of Time to configure 5.x cas, and,now,i have to configure 6.0 
with some news in cas.properties like this stuf :

${configurationkey}

I understand that a "shortcut" to a configuration path, but where can we find 
this path ?


In documentation, impossible to find complete path to this :


{configurationKey}.dialect (for jpa ticket)


Thank you so much


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9400b163563813cde9eac55e811a3c22fe727413.camel%40uvic.ca.

[cas-user] Noob question about{...}

2019-10-08 Thread vallee.romain 
Hello.
I spend a lot of Time to configure 5.x cas, and,now,i have to configure 6.0 
with some news in cas.properties like this stuf :
${configurationkey}
I understand that a "shortcut" to a configuration path, but where can we find 
this path ?

In documentation, impossible to find complete path to this :

{configurationKey}.dialect (for jpa ticket)

Thank you so much

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/96914938-9708-4d02-a2d1-7201154b5397%40apereo.org.

Re: [cas-user] 6.1.0 RC6 Attributes Values being doubled when surrogacy is enabled

2019-10-08 Thread 'Robert Bond' via CAS Community 
I changed my ldap active directory config, removed the attribute repository 
stuff and changed the type to AUTHENTICATED.

The below config seems to be working well for me while using surrogacy with 
LDAPS Active Directory:

# set some properties we can re-use in authn and attributeRepository 
configuration
ldap-url= ldaps://ad01.example.edu:636
ldap-binddn=  cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc
=example,dc=edu
ldap-bindpw=  asdfasdfasdfasdfasdf
ldap-auth-type=   AUTHENTICATED
ldap-basedn=  ou=All_Users,dc=example,dc=edu
ldap-user-filter= (cn={user})
ldap-max-pool-size=20
ldap-tls=false
ldap-ssl=true

# configure ldap authentication
cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
cas.authn.ldap[0].base-dn=${ldap-basedn}
cas.authn.ldap[0].bind-credential=${ldap-bindpw}
cas.authn.ldap[0].bind-dn=${ldap-binddn}
cas.authn.ldap[0].ldap-url=${ldap-url}
cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].type=${ldap-auth-type}
cas.authn.ldap[0].searchFilter=${ldap-user-filter}
cas.authn.ldap[0].use-ssl=${ldap-ssl}
cas.authn.ldap[0].use-start-tls=${ldap-tls}
# list of attributes to be collected and mapped
cas.authn.ldap[0].principalAttributeList
=cn:commonName,sn:surname,displayName:displayName,mail:email,givenName,memberOf,samAccountName,mail:emailAddress,samAccountName



I had troubles getting surrogacy to work on previous versions with anything 
put the JSON file method which works for our current purposes. 

Thanks,
Robert Bond.

On Tuesday, October 8, 2019 at 11:14:06 AM UTC-5, rbon wrote:
>
> Surrogates is on my todo list. Hopefully some else with more experience 
> will chime in.
>
> Ray
>
> On Tue, 2019-10-08 at 06:41 -0700, 'Robert Bond' via CAS Community wrote:
>
> No error messages on login. I do not think that is is expected behavior. 
> When logging in as a surrogate it does not have duplicated values for the 
> properties.  
> See example below: 
>cn [bansecr_bondr] 
>
> The service registiries do not handle when there is duplicated values like 
> the "cn [BONDR, BONDR]" that I am getting when I do not use surrogate 
> access.
> I have 5 surrogates configured for my account in side the json file. When 
> I disable surrogate access completely and remove the build.gradle 
> dependency: 
> compile "org.apereo.cas:cas-server-support-surrogate-webflow:${
> project.'cas.version'}"
> Cas then returns the attributes correctly as "cn [BONDR]"
>
> I think this is a bug. Any thoughts on how to better document and report 
> it?
> Or maybe I have something wrong with my Active Directory 
> LDAP attributeRepository config in cas.
>
>
> Thanks!
>
> On Monday, October 7, 2019 at 4:39:19 PM UTC-5, rbon wrote: 
>
> Robert,
>
> Is log in failing? Any error messages?
>
> Could it be that the second entry is the surrogate; and if no surrogate is 
> supplied in the log in form, then the same subject exists for both [that 
> is, for the surrogate plugin, an array is required]?
>
> Ray
>
> On Mon, 2019-10-07 at 13:10 -0700, 'Robert Bond' via CAS Community wrote:
>
> Running into an odd doubling of attribute values when surrogate access is 
> enabled.  
> On CAS 6.1.0 RC6
>
>
> Here is my Surrogate config, Active Directory Auth config, and Attribute 
> repository:
>
> # Surrogate config 
> cas.authn.surrogate.separator=+
> cas.authn.surrogate.json.location=file:/etc/cas/config/surrogates.json
>
>
> # set some properties we can re-use in authn and attributeRepository 
> configuration
> ldap-url= ldaps://ad01.example.edu:636
> ldap-binddn=  cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc
> =example,dc=edu
> ldap-bindpw=  examplePass
> ldap-auth-type=   DIRECT
> ldap-basedn=  ou=All_Users,dc=example,dc=edu
> ldap-dnformat=cn=%s,ou=All_Users,dc=example,dc=edu
> ldap-user-filter= (cn={user})
> ldap-max-pool-size=20
> ldap-tls=false
> ldap-ssl=true
> # configure ldap authentication
> cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
> cas.authn.ldap[0].base-dn=${ldap-basedn}
> cas.authn.ldap[0].bind-credential=${ldap-bindpw}
> cas.authn.ldap[0].bind-dn=${ldap-binddn}
> cas.authn.ldap[0].dn-format=${ldap-dnformat}
> cas.authn.ldap[0].ldap-url=${ldap-url}
> cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
> cas.authn.ldap[0].min-pool-size=0
> cas.authn.ldap[0].subtree-search=true
> cas.authn.ldap[0].type=${ldap-auth-type}
> cas.authn.ldap[0].searchFilter=${ldap-user-filter}
> cas.authn.ldap[0].use-ssl=${ldap-ssl}
> cas.authn.ldap[0].use-start-tls=${ldap-tls}
>
> # configure ldap attribute repository
> cas.authn.attributeRepository.ldap[0].trustCertificates
> =file:/etc/cas/trustedexamplecert.der
> cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap-url}
> cas.authn.attributeRepository.ldap[0].order=0
> cas.authn.attributeRepository.ldap[0].useSsl=${ldap-ssl}
> cas.authn.attributeRepository.ldap[0].useStartTls=${ldap-tls}
>

[cas-user] [CAS5.3.10] How to use SPNEGO authentication with login form as fallback

2019-10-08 Thread Kevin Imbrechts 
Hello,

With my CAS 5.3.10, I want to authenticate with SPNEGO when it's possible. 
But it can happen that some users can't use SPNEGO. I want to use login 
form as a fallback when SPNEGO failed authentication.
I see the login form, but when I submit the form, I have an error "bad 
login/password".
Any idea ? What I've misconfigured ?

Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/49a57d89-59cc-4952-ad28-6d1d0640fe83%40apereo.org.
2019-10-08 16:43:20,101 DEBUG 
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 
2019-10-08 16:43:20,101 DEBUG 
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 
2019-10-08 16:43:20,101 DEBUG 
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 
2019-10-08 16:43:20,101 DEBUG 
[org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 
2019-10-08 16:43:20,102 WARN 
[org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - 
2019-10-08 16:43:20,102 WARN 
[org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - 
2019-10-08 16:43:20,102 INFO 
[org.apereo.cas.web.flow.BasicAuthenticationAction] - 
2019-10-08 16:43:20,102 INFO 
[org.apereo.cas.web.flow.BasicAuthenticationAction] - 
2019-10-08 16:43:20,103 DEBUG 
[org.apereo.cas.web.flow.actions.ClearWebflowCredentialAction] - 
2019-10-08 16:43:20,103 DEBUG 
[org.apereo.cas.web.flow.actions.ClearWebflowCredentialAction] - 
2019-10-08 16:43:20,104 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 

2019-10-08 16:43:20,104 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 

2019-10-08 16:43:20,104 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.RankedAuthenticationProviderWebflowEventResolver]
 - 
2019-10-08 16:43:20,104 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.RankedAuthenticationProviderWebflowEventResolver]
 - 
2019-10-08 16:43:20,104 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 

2019-10-08 16:43:20,104 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 

2019-10-08 16:43:20,105 DEBUG 
[org.apereo.cas.web.flow.login.InitializeLoginAction] - 
2019-10-08 16:43:20,105 DEBUG 
[org.apereo.cas.web.flow.login.InitializeLoginAction] - 
2019-10-08 16:43:20,105 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,105 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,105 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,105 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,106 WARN 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 
2019-10-08 16:43:20,106 WARN 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 
2019-10-08 16:43:20,106 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,106 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,106 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,106 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,108 INFO 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,108 INFO 
[org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 

2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 
2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 
2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 
2019-10-08 16:43:20,108 DEBUG 
[org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 
2019-10-08 16:43:20,109 DEBUG 
[org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 
2019-10-08 16:43:20,109 DEBUG 
[org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 
2019-10-08

Re: [cas-user] 6.1.0 RC6 Attributes Values being doubled when surrogacy is enabled

2019-10-08 Thread 'Robert Bond' via CAS Community 
No error messages on login. I do not think that is is expected behavior. 
When logging in as a surrogate it does not have duplicated values for the 
properties. 
See example below:
   cn [bansecr_bondr] 

The service registiries do not handle when there is duplicated values like 
the "cn [BONDR, BONDR]" that I am getting when I do not use surrogate 
access.
I have 5 surrogates configured for my account in side the json file. When I 
disable surrogate access completely and remove the build.gradle dependency: 
compile "org.apereo.cas:cas-server-support-surrogate-webflow:${
project.'cas.version'}"
Cas then returns the attributes correctly as "cn [BONDR]"

I think this is a bug. Any thoughts on how to better document and report it?
Or maybe I have something wrong with my Active Directory 
LDAP attributeRepository config in cas.


Thanks!

On Monday, October 7, 2019 at 4:39:19 PM UTC-5, rbon wrote:
>
> Robert,
>
> Is log in failing? Any error messages?
>
> Could it be that the second entry is the surrogate; and if no surrogate is 
> supplied in the log in form, then the same subject exists for both [that 
> is, for the surrogate plugin, an array is required]?
>
> Ray
>
> On Mon, 2019-10-07 at 13:10 -0700, 'Robert Bond' via CAS Community wrote:
>
> Running into an odd doubling of attribute values when surrogate access is 
> enabled.  
> On CAS 6.1.0 RC6
>
>
> Here is my Surrogate config, Active Directory Auth config, and Attribute 
> repository:
>
> # Surrogate config 
> cas.authn.surrogate.separator=+
> cas.authn.surrogate.json.location=file:/etc/cas/config/surrogates.json
>
>
> # set some properties we can re-use in authn and attributeRepository 
> configuration
> ldap-url= ldaps://ad01.example.edu:636
> ldap-binddn=  cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc
> =example,dc=edu
> ldap-bindpw=  examplePass
> ldap-auth-type=   DIRECT
> ldap-basedn=  ou=All_Users,dc=example,dc=edu
> ldap-dnformat=cn=%s,ou=All_Users,dc=example,dc=edu
> ldap-user-filter= (cn={user})
> ldap-max-pool-size=20
> ldap-tls=false
> ldap-ssl=true
> # configure ldap authentication
> cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
> cas.authn.ldap[0].base-dn=${ldap-basedn}
> cas.authn.ldap[0].bind-credential=${ldap-bindpw}
> cas.authn.ldap[0].bind-dn=${ldap-binddn}
> cas.authn.ldap[0].dn-format=${ldap-dnformat}
> cas.authn.ldap[0].ldap-url=${ldap-url}
> cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
> cas.authn.ldap[0].min-pool-size=0
> cas.authn.ldap[0].subtree-search=true
> cas.authn.ldap[0].type=${ldap-auth-type}
> cas.authn.ldap[0].searchFilter=${ldap-user-filter}
> cas.authn.ldap[0].use-ssl=${ldap-ssl}
> cas.authn.ldap[0].use-start-tls=${ldap-tls}
>
> # configure ldap attribute repository
> cas.authn.attributeRepository.ldap[0].trustCertificates
> =file:/etc/cas/trustedexamplecert.der
> cas.authn.attributeRepository.ldap[0].ldapUrl=${ldap-url}
> cas.authn.attributeRepository.ldap[0].order=0
> cas.authn.attributeRepository.ldap[0].useSsl=${ldap-ssl}
> cas.authn.attributeRepository.ldap[0].useStartTls=${ldap-tls}
> cas.authn.attributeRepository.ldap[0].baseDn=${ldap-basedn}
> cas.authn.attributeRepository.ldap[0].searchFilter=${ldap-user-filter}
> cas.authn.attributeRepository.ldap[0].subtreeSearch=true
> cas.authn.attributeRepository.ldap[0].bindDn=${ldap-binddn}
> cas.authn.attributeRepository.ldap[0].bindCredential=${ldap-bindpw}
> cas.authn.attributeRepository.ldap[0].minPoolSize=0
> cas.authn.attributeRepository.ldap[0].maxPoolSize=${ldap-max-pool-size}
> cas.authn.attributeRepository.ldap[0].validateOnCheckout=true
>
> # configure validator for attribute repository
> cas.authn.attributeRepository.ldap[0].validator.type=SEARCH
> cas.authn.attributeRepository.ldap[0].validator.baseDn=${ldap-basedn}
> cas.authn.attributeRepository.ldap[0].validator.searchFilter=(objectClass
> =*)
> cas.authn.attributeRepository.ldap[0].validator.scope=OBJECT
> cas.authn.attributeRepository.ldap[0].validator.attributeName=objectClass
> cas.authn.attributeRepository.ldap[0].validator.attributeValues=top
>
> # Get AD attributes
> cas.authn.attributeRepository.ldap[0].attributes.sAMAccountName
> =samAccountName
> cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
> cas.authn.attributeRepository.ldap[0].attributes.mail=email
> cas.authn.attributeRepository.ldap[0].attributes.mail=emailAddress
> cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
> cas.authn.attributeRepository.ldap[0].attributes.sn=surname
> cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
> cas.authn.attributeRepository.ldap[0].attributes.memberOf=memberOf
>
>
> When the surrogacy dependency is added to build.gradle the 
> attributeRepository returns doubled values for the attributes. See the 
> example attributes below"
>
> cn [BONDR, BONDR]
> displayName [Robert Bond, Robert Bond]
> distinguishedName [CN=BONDR,OU=NSU,OU=All_Users,DC=example,DC=edu, 
>

[cas-user] Re: oss sonatype error 500

2019-10-08 Thread vallee.romain 
Sorry, it's back :)

Le mardi 8 octobre 2019 12:14:22 UTC+2, vallee.romain a écrit :
>
> Hello, i try to install cas 6.1.0,
> and i got this message :
>  Could not GET '
> https://oss.sonatype.org/content/repositories/snapshots/org/apereo/cas/cas-server-webapp-tomcat/6.1.0-SNAPSHOT/maven-metadata.xml'.
>  
> Received status code 500 from server: Internal Server Error
>
> do you know how it's possible to change repository ?
>
> Thank you very much
> Best regards
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fb07ca19-25b6-4369-91d3-3cc609dc394d%40apereo.org.

[cas-user] Re: [Token/JWT Tickets] Misleading warnings ?

2019-10-08 Thread Robert Kornmesser 
I'm struggling with the same issue. I've just debugged it and saw 
that JwtTicketCipherExecutor is instantiated via default constructor which 
just ignores the cas.properties. Is it normal behaviour? The info message 
is really misleading.

Am Dienstag, 4. Juni 2019 19:09:16 UTC+2 schrieb Alessandro Moscatelli:
>
> Both with 5.3.10 and 6.0.4 I am observing strange warnings in my log:
>
> 2019-06-04 16:41:13,282 WARN 
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] -  enabled for [Token/JWT Tickets]. The cipher 
> [RegisteredServiceTokenTicketCipherExecutor] wonly attempt to produce 
> signed objects>
> 2019-06-04 16:41:13,283 WARN 
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] -  enabled for [Token/JWT Tickets]. The cipher 
> [RegisteredServiceTokenTicketCipherExecutor] willempt to produce plain 
> objects>
>
> I don't get what's complaining about.
> I defined these global variables in cas.properties :
>
> cas.authn.token.crypto.enabled=true
> cas.authn.token.crypto.signingEnabled=true
> cas.authn.token.crypto.encryptionEnabled=true
> cas.authn.token.crypto.signing.key=${OPTOPLUS_CAS_TOKEN_SIGNING_KEY}
> cas.authn.token.crypto.signing.keySize=512
> cas.authn.token.crypto.encryption.key=${OPTOPLUS_CAS_TOKEN_ENCRYPTION_KEY}
> cas.authn.token.crypto.encryption.keySize=256
> cas.authn.token.crypto.alg=A128CBC-HS256
>
> Also, I believe (and I DO REALLY HOPE SO) my JWT Tickets are indeed signed 
> and ciphered since my backend use jose4j to verify signature and 
> deciphering :
>
> JsonWebSignature 
> jws = new JsonWebSignature();
> jws.setCompactSerialization(bearer);
> jws.setKey(signingKey);
> if (jws.verifySignature()) {
> JsonWebEncryption jwe = new 
> JsonWebEncryption();
> jwe.setCompactSerialization(new 
> String(Base64.decodeBase64(jws.getEncodedPayload()), 
> StandardCharsets.UTF_8));
> jwe.setKey(encryptionKey);
> JwtClaims claims = 
> JwtClaims.parse(jwe.getPlaintextString());
> NumericDate issuedAt = 
> claims.getIssuedAt();
> issuedAt.addSeconds(60);
> if (Objects.nonNull(issuedAt) && 
> issuedAt.isAfter(NumericDate.now())) {
> String subject = claims.getSubject();
> if (StringUtils.isNotBlank(subject)) {
> CredentialValidationResult 
> validate = this.identityStore.validate(new CallerOnlyCredential(subject));
> if 
> (Status.VALID.equals(validate.getStatus())) {
> return 
> httpMessageContext.notifyContainerAboutLogin(validate);
> }
> }
> }
> }
>
> According to:
>
> https://github.com/apereo/cas/blob/master/core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/cipher/BaseStringCipherExecutor.java
>
> this.encryptionEnabled = encryptionEnabled || StringUtils.
> isNotBlank(secretKeyEncryption); 
> this.signingEnabled = signingEnabled || StringUtils.
> isNotBlank(secretKeySigning); 
> this.signingKeySize = signingKeyLength <= 0 ? CipherExecutor.
> DEFAULT_STRINGABLE_SIGNING_KEY_SIZE : signingKeyLength; 
> this.encryptionKeySize = encryptionKeyLength <= 0 ? CipherExecutor
> .DEFAULT_STRINGABLE_ENCRYPTION_KEY_SIZE : encryptionKeyLength; 
>
> if (this.encryptionEnabled) { 
> configureEncryptionParameters(secretKeyEncryption, 
> contentEncryptionAlgorithmIdentifier); 
> } else { 
> LOGGER.info("Encryption is not enabled for [{}]. The cipher 
> [{}] will only attempt to produce signed objects", 
> getName(), getClass().getSimpleName()); 
> }
>
> I can't understand what's happening. I believe encryptionEnabled is 
> cas.authn.token.crypto.encryptionEnabled 
> and secretKeyEncryption should be cas.authn.token.crypto.encryption.key.
>
> Am I missing something ?
> Thank you in advance
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9c5e26a-2a0a-4332-ac76-dbfc7bbf6604%40apereo.org.

[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work

2019-10-08 Thread Kevin Imbrechts 
Thanks.
For now, I don't have a lot of time and I'm afraid of having regressions in 
applications that will use CAS.
So I want to use 5.x version and, after, upgrade for 6.x when I'll have 
more time.
Thank you so much !

Le mardi 8 octobre 2019 12:03:00 UTC+2, Andy Ng a écrit :
>
> Hi Kevin,
>
> If you are using the latest Java version, best course of action is to 
> upgrade CAS to latest CAS 6.x version :) (currently is CAS 6.0.x, possible 
> to be CAS 6.1 very soon)
>
> CAS 5.3.x is still usable (i.e. not EOF as of today), but it is much 
> better to go with the later version.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0fe4ca8a-da3e-4219-a6be-6ffaddd49c7f%40apereo.org.

[cas-user] oss sonatype error 500

2019-10-08 Thread vallee.romain 
Hello, i try to install cas 6.1.0,
and i got this message :
 Could not GET 
'https://oss.sonatype.org/content/repositories/snapshots/org/apereo/cas/cas-server-webapp-tomcat/6.1.0-SNAPSHOT/maven-metadata.xml'.
 
Received status code 500 from server: Internal Server Error

do you know how it's possible to change repository ?

Thank you very much
Best regards

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/57dca703-badc-40e7-a235-8889b86de1db%40apereo.org.

[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work

2019-10-08 Thread Andy Ng 
Hi Kevin,

If you are using the latest Java version, best course of action is to 
upgrade CAS to latest CAS 6.x version :) (currently is CAS 6.0.x, possible 
to be CAS 6.1 very soon)

CAS 5.3.x is still usable (i.e. not EOF as of today), but it is much better 
to go with the later version.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/748c33c8-045e-4d78-b443-49e2af512f9b%40apereo.org.

Re: [cas-user] Unable to use CAS v6

2019-10-08 Thread Alberto Cabello Sánchez 
Hi, David,

I am currently working on CAS 6 customization and it works pretty well
without Password Management.

The problem you refer to claims to be caused by

java.lang.NullPointerException: null at
org.apereo.cas.util.LdapUtils.lambda$newLdaptiveSearchFilter$3
(LdapUtils.java:530)

In org/apereo/cas/util/LdapUtils.java there is a debug statement related
to it:

LOGGER.debug("Constructed LDAP search filter [{}]", filter.format());

So maybe setting a more verbose log level and checking the constructed search
filter will be helpful.

Regards


On Sat, 05 Oct 2019 21:22:53 + (UTC)
David Kowis  wrote:

> https://www.mail-archive.com/cas-dev@apereo.org/msg00663.html
> 
> Seems as though there's a pretty significant problem with LDAP password 
> reset email stuff. :(
> 
> I haven't been able to figure out what the actual problem is, so I'm 
> having to go back to 5.3.x...
> 
> I was wondering if anyone else has had this problem, or most people are 
> just on 5.3.x for the time being?
> 
> Thanks!

-- 
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191008120234.7268fae7901209bc25e475c3%40unex.es.

[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work

2019-10-08 Thread Kevin Imbrechts 
Oh... Thank you.
I was using java 11...
I try with 8 and I'll keep you informed

Le mardi 8 octobre 2019 11:21:46 UTC+2, Andy Ng a écrit :
>
> HI Kevin,
>
> You *cas.log* error contain one error called 
> java.lang.NullPointerException...
> ... org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast
>
> Searching online come up with this issue: 
> https://jira.apache.org/jira/browse/LANG-1365
>
> What is your docker java version? Java 10? 
>
> FYI, pretty sure CAS 5 only support Java 8, so if Java 10 was used this 
> might happen.
>
> See if the above helps
>
> Cheers!
> - Andy
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8fc63049-b4f3-4b7b-96bf-2aea4b4fc790%40apereo.org.

[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work

2019-10-08 Thread Andy Ng 
HI Kevin,

You *cas.log* error contain one error called 
java.lang.NullPointerException...
... org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast

Searching online come up with this issue: 
https://jira.apache.org/jira/browse/LANG-1365

What is your docker java version? Java 10? 

FYI, pretty sure CAS 5 only support Java 8, so if Java 10 was used this 
might happen.

See if the above helps

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/620c108f-ab38-4853-94e5-b32074d1f741%40apereo.org.

[cas-user] [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work

2019-10-08 Thread Kevin Imbrechts 
Hi,

I am trying to create an Docker image based on Alpine Linux 3.10.9 with 
Apereo CAS 5.3.12 overlay. I want to use YAML services registry but CAS 
doesn't start. I have a null pointer exception (see cas.log).
I really don't know what happens...
I think is a misconfiguration but I don't know where. Can you help me, 
please ?

Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/63da0453-617e-4616-9033-480fdff3f12c%40apereo.org.
2019-10-08 10:32:24,435 WARN [org.apereo.cas.web.CasWebApplicationContext] - 

Exception in thread "main" java.lang.reflect.InvocationTargetException
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at 
org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59)
Caused by: org.springframework.beans.factory.BeanCreationException: Error 
creating bean with name 'scopedTarget.servicesManager': Invocation of init 
method failed; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'scopedTarget.serviceRegistry' defined in class path resource 
[org/apereo/cas/config/CasCoreServicesConfiguration.class]: Bean instantiation 
via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[org.apereo.cas.services.ServiceRegistry]: Factory method 'serviceRegistry' 
threw exception; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'scopedTarget.yamlServiceRegistry' defined in class path resource 
[org/apereo/cas/services/config/YamlServiceRegistryConfiguration.class]: Bean 
instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[org.apereo.cas.services.ServiceRegistry]: Factory method 'yamlServiceRegistry' 
threw exception; nested exception is java.lang.NullPointerException
at 
org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:137)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:407)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1623)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
at 
org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:351)
at 
org.springframework.cloud.context.scope.GenericScope$BeanLifecycleWrapper.getBean(GenericScope.java:379)
at 
org.springframework.cloud.context.scope.GenericScope.get(GenericScope.java:181)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:346)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at 
org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1080)
at 
org.springframework.cloud.context.scope.refresh.RefreshScope.start(RefreshScope.java:121)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at