[cas-user] Re: CAS 6.1.3 PM JDBC Bug

[Andy Ng]

Hi Bill,

Seems like the CAS team will be fixing this in latest CAS version, see this 
commit:
https://github.com/apereo/cas/commit/e214dba59c2273409c406cf4301e2dc875183295

Looks to me they implemented a check this line here:
https://github.com/apereo/cas/blob/master/support/cas-server-support-pm-jdbc/src/main/java/org/apereo/cas/pm/jdbc/JdbcPasswordManagementService.java#L91

So presumably this bug shouldn't brother you (and others) for the latest 
version :)

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/380a2a9f-8163-4035-aa36-c3c8dff80435%40apereo.org.

[cas-user] Re: How to configure password management in cas

[Andy Ng]

For UI, you can always consult the official document: 
https://apereo.github.io/cas/6.0.x/ux/User-Interface-Customization-Views.html - 
Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4dc06745-f88b-4ea5-a2c4-de0642436703%40apereo.org.

[cas-user] Re: How to configure password management in cas

[Andy Ng]

Hi Vikash,

Would be awesome if you can provide as much information (e.g. CAS version, 
which UI element want to chagne, etc...) as possible, so people in the 
community can try and figure out the problem. 

First of all: 

*> Moreover I have added properties for pm: *
Is the LDAP part is already all done and you can successfully use the 
password management features? If no, can you post your properties here so 
we can have a look? 

*> Kindly suggest what next to do.. How to set UI.*

So I think this statement implies you already got your password management 
working fine, just want to modify the UI, correct?

Which UI are you talking about, at least there are:
- The main login page
- The main where you change your password
- Logout
- The text appear on screen
- etc

Depending on which UI you want to edit, the solution differs.

If you can't describe which UI you want to modify, you can also post your 
image in this Google Groups, so people can pinpoint which actual element 
you want to change.

See if the above make sense...

Cheers!
- Andy









-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1b473bbe-acb0-4dd0-8e04-b14284f5fff3%40apereo.org.

[cas-user] How to configure simple MFA to send the code using the rest method

[Emilian Mitocariu]

Hi, I would like to implement simple MFA with my CAS server and send code 
via the Signal messenger app. To achieve this I've installed this service 
https://morph027.gitlab.io/signal-web-gateway on my server that accepts 
requests like these:

curl -X POST -F "to=" -F "message=Test" http:
//localhost:5000

I'd like to use the REST method from simple MFA for sending text messages 
using a service like the one I've installed, but I'm not sure how the 
config for the REST request should look. This is my config for the base 
configs from MFA simple (I know this part works because I've used it with 
other SMS service providers):

cas.authn.mfa.globalProviderId=mfa-simple
cas.authn.mfa.simple.name=SMS 2FA
cas.authn.mfa.simple.order=1
cas.authn.mfa.simple.timeToKillInSeconds=180
cas.authn.mfa.simple.tokenLength=6

cas.authn.mfa.simple.sms.from=CAS
cas.authn.mfa.simple.sms.text=This is your CAS 2FA code: %s
cas.authn.mfa.simple.sms.attributeName=telephoneNumber

And for the REST request part I've tried this, but it doesn't work:

cas.smsProvider.rest.method=POST
cas.smsProvider.rest.url=http://localhost:5000

Logs don't give a lot of information, even on debug, only says that the mfa 
methods configured have failed to send the code. I'm thinking that maybe I 
need to set the "to" and "message" attributes into the REST request but not 
sure how this should look. Can someone help me or at least give me some 
pointers?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1202f20b-f875-48a5-a996-8ee34470e09f%40apereo.org.

[cas-user] CAS 6.2 SAML JSON Help

[stonej]

Hello All,

Please can someone help me.  I ma trying to move from our current 
shibboleth IDP to CAS, all seems OK but when I start setting up the 
registered service it goes wrong.  I either get too much information (but 
not the info needed) or I don't get any.

I would like to show :

urn:oid:0.9.2342.19200300.100.1.3 - mail
urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value member
urn:oid:1.3.6.1.4.1.5923.1.1.1.1 - eduPersonAffiliation value staff or 
student
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 - eduPersonPrincipalName mail
urn:oid:2.5.4.4 - sn
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value 
mem...@domain.com
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 - eduPersonScopedAffiliation value staff 
or stud...@domain.com
urn:oid:2.5.4.42 - givenName
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 - eduPersonTargetedID Value random id 
based on salt
urn:oid:1.3.6.1.4.1.5923.1.1.1.7 - eduPersonEntitlement value 
urn:mace:dir:entitlement:common-lib-terms

What I am getting is : 

credentialType - credentialType - UsernamePasswordCredential
samlAuthenticationStatementAuthMethod - samlAuthenticationStatementAuthMethod 
- urn:oasis:names:tc:SAML:1.0:am:password
isFromNewLogin - isFromNewLogin - true
authenticationDate - authenticationDate - 2020-01-22T13:59:03.213799Z
urn:oid:0.9.2342.19200300.100.1.3 - urn:oid:0.9.2342.19200300.100.1.3 - 
em...@domain.com
authenticationMethod - authenticationMethod - LdapAuthenticationHandler
urn:oid:0.9.2342.19200300.100.1.1 - urn:oid:0.9.2342.19200300.100.1.1 - 
stonej
successfulAuthenticationHandlers - successfulAuthenticationHandlers - 
LdapAuthenticationHandler
longTermAuthenticationRequestTokenUsed - longTermAuthenticationRequestTokenUsed 
- false
urn:oid:2.5.4.42 - urn:oid:2.5.4.42 - FirstName
urn:oid:2.5.4.4 - urn:oid:2.5.4.4 - Surname

My JSON file is :

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" : "SERVICENAME",
  "name" : "Apache Secured By SAML",
  "id" : 10011,
  "description" : "CAS development Apache mod_shib/shibd server with 
username/password protection",
  "metadataLocation" : "file:etc/cas/saml/metadata/metadata.xml",
  "encryptAssertions": "true",
  "attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
  "@class" : "java.util.TreeMap",
  "eppn" : "urn:mace:dir:attribute-def:eduPersonPrincipalName",
  "cn" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
  "displayName" : "urn:oid:2.16.840.1.113730.3.1.241",
  "givenName" : "urn:oid:2.5.4.42",
  "mail" : "urn:oid:0.9.2342.19200300.100.1.3",
  "role" : "urn:DOMAIN.COM:attribute-def:role",
  "sn" : "urn:oid:2.5.4.4",
  "uid" : "urn:oid:0.9.2342.19200300.100.1.1",
  "UDC_IDENTIFIER": "urn:DOMAIN.COM:attribute-def:UDC_IDENTIFIER",
  "eppn" : "urn:oid:0.9.2342.19200300.100.1.1"
  "affiliation" : "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
  "affiliation" : "staff"
}
"persistentIdGenerator" : {
  "@class" : 
"org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator",
  "salt" : "aGVsbG93b3JsZA==",
  "attribute": "eduPersonEntitlement"
}
  },
  "evaluationOrder" : 1125
}


What am I doing wrong ?  I have looked at the documentation and cannot find 
the answers.

Thanks for any help

Jeff

-- 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/559f60ab-90d6-46a6-9c47-750dac7dc271%40apereo.org.

Re: [cas-user] Re: [CAS 6.1] Base64 decoding failed / incorrect header check

[Pasek, Christine]

That is good to hear. Thanks for letting me know.

On Wed, Jan 22, 2020 at 9:29 AM Josh  wrote:

> Hi Chris -
>
> No luck finding a solution on the error, however the good news is other
> than polluting our logs (which we could mitigate) there does not appear to
> be any negative user impact.
>
> We're several million authentications into this upgrade without any users
> reporting issues.
>
>
> On Wednesday, January 22, 2020 at 9:45:40 AM UTC-5, Christine Pasek wrote:
>>
>> Hello Josh,
>>
>> I have just upgraded from 5.2.X to 5.3.X and am experiencing the same
>> error and like you, everything seems to be working fine.
>>
>> Were you able to find a solution to fixing this error?
>>
>> Thanks!
>> Chris
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5632664-a375-4e32-8776-abaf6058218e%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHFOFS0_cENrJHgcQvz4QYGzGSQgQ-VcnF8V1cn3z%2BVNc9CpPw%40mail.gmail.com.

[cas-user] Re: [CAS 6.1] Base64 decoding failed / incorrect header check

[Josh]

Hi Chris -

No luck finding a solution on the error, however the good news is other 
than polluting our logs (which we could mitigate) there does not appear to 
be any negative user impact.

We're several million authentications into this upgrade without any users 
reporting issues.


On Wednesday, January 22, 2020 at 9:45:40 AM UTC-5, Christine Pasek wrote:
>
> Hello Josh,
>
> I have just upgraded from 5.2.X to 5.3.X and am experiencing the same 
> error and like you, everything seems to be working fine. 
>
> Were you able to find a solution to fixing this error?
>
> Thanks!
> Chris
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5632664-a375-4e32-8776-abaf6058218e%40apereo.org.

[cas-user] Re: [CAS 6.1] Base64 decoding failed / incorrect header check

[Christine Pasek]

Hello Josh,

I have just upgraded from 5.2.X to 5.3.X and am experiencing the same error 
and like you, everything seems to be working fine. 

Were you able to find a solution to fixing this error?

Thanks!
Chris

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2f1d778-9b74-4a5a-a710-cf4319c3dc56%40apereo.org.

Re: [cas-user] Re: Duplicate entry for SAML2_ATTRIBUTE_QUERY_TICKETS raised

['Maksim Kopeyka' via CAS Community]

It doesn't make sense for me, see Andy's answer above.

On Wednesday, January 22, 2020 at 4:05:10 PM UTC+2, Roger Yerbanga wrote:
>
> So change it to false and let us know if it works.
>
> On Wed, Jan 22, 2020 at 5:38 AM 'Maksim Kopeyka' via CAS Community <
> cas-...@apereo.org > wrote:
>
>> Same problem with CAS 6.0.3 and JPA ticket registry.
>> And yes, I have this 
>> property: cas.authn.samlIdp.attributeQueryProfileEnabled=true
>>
>> On Friday, October 19, 2018 at 11:58:55 PM UTC+3, Roger Yerbanga wrote:
>>>
>>> Hello all,
>>>
>>> With Cas 5.3.4.
>>>
>>> Has someone already gotten something like this :
>>>
>>>
>>> Hibernate: 
>>> insert 
>>> into
>>> SAML2_ATTRIBUTE_QUERY_TICKETS
>>> (NUMBER_OF_TIMES_USED, CREATION_TIME, EXPIRATION_POLICY, 
>>> EXPIRED, LAST_TIME_USED, PREVIOUS_LAST_TIME_USED, object, relyingParty, 
>>> SERVICE, ticketGrantingTicket_ID, TYPE, ID) 
>>> values
>>> (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'SATQ', ?)
>>> 2018-10-19 16:46:56,395 ERROR 
>>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] - <(conn=3232) Duplicate 
>>> entry 'SATQ-oG9xzSjwFzlCyugfCdoRxugEKCU=' for key 'PRIMARY'>
>>> 2018-10-19 16:46:56,398 ERROR 
>>> [org.hibernate.internal.ExceptionMapperStandardImpl] - >> during managed flush [org.hibernate.exception.ConstraintViolationException: 
>>> could not execute statement]>
>>> 2018-10-19 16:46:56,400 INFO 
>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> trail record BEGIN
>>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3992136-f15d-43f5-8574-4360518daf26%40apereo.org
>>  
>> 
>> .
>>
>
>
> -- 
> ! roger
> -- www.yerbynet.com --
> Un ordinateur sans connexion Internet, c'est un peu comme une télévision 
> sans antenne :)
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ba31cd50-932d-4c7b-9c13-f2847d8b11d1%40apereo.org.

Re: [cas-user] Re: Duplicate entry for SAML2_ATTRIBUTE_QUERY_TICKETS raised

[Roger Yerbanga]

So change it to false and let us know if it works.

On Wed, Jan 22, 2020 at 5:38 AM 'Maksim Kopeyka' via CAS Community <
cas-user@apereo.org> wrote:

> Same problem with CAS 6.0.3 and JPA ticket registry.
> And yes, I have this
> property: cas.authn.samlIdp.attributeQueryProfileEnabled=true
>
> On Friday, October 19, 2018 at 11:58:55 PM UTC+3, Roger Yerbanga wrote:
>>
>> Hello all,
>>
>> With Cas 5.3.4.
>>
>> Has someone already gotten something like this :
>>
>>
>> Hibernate:
>> insert
>> into
>> SAML2_ATTRIBUTE_QUERY_TICKETS
>> (NUMBER_OF_TIMES_USED, CREATION_TIME, EXPIRATION_POLICY, EXPIRED,
>> LAST_TIME_USED, PREVIOUS_LAST_TIME_USED, object, relyingParty, SERVICE,
>> ticketGrantingTicket_ID, TYPE, ID)
>> values
>> (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'SATQ', ?)
>> 2018-10-19 16:46:56,395 ERROR
>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] - <(conn=3232) Duplicate
>> entry 'SATQ-oG9xzSjwFzlCyugfCdoRxugEKCU=' for key 'PRIMARY'>
>> 2018-10-19 16:46:56,398 ERROR
>> [org.hibernate.internal.ExceptionMapperStandardImpl] - > during managed flush [org.hibernate.exception.ConstraintViolationException:
>> could not execute statement]>
>> 2018-10-19 16:46:56,400 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3992136-f15d-43f5-8574-4360518daf26%40apereo.org
> 
> .
>


-- 
! roger
-- www.yerbynet.com --
Un ordinateur sans connexion Internet, c'est un peu comme une télévision
sans antenne :)

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHu2YPFhgAPN%2BUqS73FJkKHa9Ye%3D_rpEBvRXs9gWmtVSsM4CgQ%40mail.gmail.com.

[cas-user] Re: Duplicate entry for SAML2_ATTRIBUTE_QUERY_TICKETS raised

['Maksim Kopeyka' via CAS Community]

Same problem with CAS 6.0.3 and JPA ticket registry.
And yes, I have this 
property: cas.authn.samlIdp.attributeQueryProfileEnabled=true

On Friday, October 19, 2018 at 11:58:55 PM UTC+3, Roger Yerbanga wrote:
>
> Hello all,
>
> With Cas 5.3.4.
>
> Has someone already gotten something like this :
>
>
> Hibernate: 
> insert 
> into
> SAML2_ATTRIBUTE_QUERY_TICKETS
> (NUMBER_OF_TIMES_USED, CREATION_TIME, EXPIRATION_POLICY, EXPIRED, 
> LAST_TIME_USED, PREVIOUS_LAST_TIME_USED, object, relyingParty, SERVICE, 
> ticketGrantingTicket_ID, TYPE, ID) 
> values
> (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'SATQ', ?)
> 2018-10-19 16:46:56,395 ERROR 
> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] - <(conn=3232) Duplicate 
> entry 'SATQ-oG9xzSjwFzlCyugfCdoRxugEKCU=' for key 'PRIMARY'>
> 2018-10-19 16:46:56,398 ERROR 
> [org.hibernate.internal.ExceptionMapperStandardImpl] -  during managed flush [org.hibernate.exception.ConstraintViolationException: 
> could not execute statement]>
> 2018-10-19 16:46:56,400 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3992136-f15d-43f5-8574-4360518daf26%40apereo.org.