Re: [cas-user] 6.1.0 RC6 Attributes Values being doubled when surrogacy is enabled

2020-04-06 Thread Michael Daley 
Robert, 

I'm running 6.1.5 and when I try this config for my surrogate 
authentication, no attributes get resolved for the surrogate (attributes 
were 'map[[empty]]').  I've found that I need to add a separate attribute 
repository for the same ldap in order to pull in any attributes for the 
surrogate.  Can you confirm if your configuration still works for you?

# This config will resolve memberOf attribute successfully for surrogates 
and tradational logins.
cas.authn.ldap[0].principalAttributeList=memberOf
cas.authn.attribute-repository.ldap[0].attributes.memberOf=memberOf

The interesting part is that I do not receive double up attributes using 
this config.  

Any help would be appreciated.

On Tuesday, October 8, 2019 at 1:21:25 PM UTC-4, Robert Bond wrote:
>
> I changed my ldap active directory config, removed the attribute 
> repository stuff and changed the type to AUTHENTICATED.
>
> The below config seems to be working well for me while using surrogacy 
> with LDAPS Active Directory:
>
>
> # set some properties we can re-use in authn and attributeRepository 
> configuration
> ldap-url= ldaps://ad01.example.edu:636
> ldap-binddn=  cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc
> =example,dc=edu
> ldap-bindpw=  asdfasdfasdfasdfasdf
> ldap-auth-type=   AUTHENTICATED
> ldap-basedn=  ou=All_Users,dc=example,dc=edu
> ldap-user-filter= (cn={user})
> ldap-max-pool-size=20
> ldap-tls=false
> ldap-ssl=true
>
> # configure ldap authentication
> cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
> cas.authn.ldap[0].base-dn=${ldap-basedn}
> cas.authn.ldap[0].bind-credential=${ldap-bindpw}
> cas.authn.ldap[0].bind-dn=${ldap-binddn}
> cas.authn.ldap[0].ldap-url=${ldap-url}
> cas.authn.ldap[0].max-pool-size=${ldap-max-pool-size}
> cas.authn.ldap[0].min-pool-size=0
> cas.authn.ldap[0].type=${ldap-auth-type}
> cas.authn.ldap[0].searchFilter=${ldap-user-filter}
> cas.authn.ldap[0].use-ssl=${ldap-ssl}
> cas.authn.ldap[0].use-start-tls=${ldap-tls}
> # list of attributes to be collected and mapped
> cas.authn.ldap[0].principalAttributeList
> =cn:commonName,sn:surname,displayName:displayName,mail:email,givenName,memberOf,samAccountName,mail:emailAddress,samAccountName
>
>
>
> I had troubles getting surrogacy to work on previous versions with 
> anything put the JSON file method which works for our current purposes. 
>
> Thanks,
> Robert Bond.
>
> On Tuesday, October 8, 2019 at 11:14:06 AM UTC-5, rbon wrote:
>>
>> Surrogates is on my todo list. Hopefully some else with more experience 
>> will chime in.
>>
>> Ray
>>
>> On Tue, 2019-10-08 at 06:41 -0700, 'Robert Bond' via CAS Community wrote:
>>
>> No error messages on login. I do not think that is is expected behavior. 
>> When logging in as a surrogate it does not have duplicated values for the 
>> properties.  
>> See example below: 
>>cn [bansecr_bondr] 
>>
>> The service registiries do not handle when there is duplicated values 
>> like the "cn [BONDR, BONDR]" that I am getting when I do not use surrogate 
>> access.
>> I have 5 surrogates configured for my account in side the json file. When 
>> I disable surrogate access completely and remove the build.gradle 
>> dependency: 
>> compile "org.apereo.cas:cas-server-support-surrogate-webflow:${
>> project.'cas.version'}"
>> Cas then returns the attributes correctly as "cn [BONDR]"
>>
>> I think this is a bug. Any thoughts on how to better document and report 
>> it?
>> Or maybe I have something wrong with my Active Directory 
>> LDAP attributeRepository config in cas.
>>
>>
>> Thanks!
>>
>> On Monday, October 7, 2019 at 4:39:19 PM UTC-5, rbon wrote: 
>>
>> Robert,
>>
>> Is log in failing? Any error messages?
>>
>> Could it be that the second entry is the surrogate; and if no surrogate 
>> is supplied in the log in form, then the same subject exists for both [that 
>> is, for the surrogate plugin, an array is required]?
>>
>> Ray
>>
>> On Mon, 2019-10-07 at 13:10 -0700, 'Robert Bond' via CAS Community wrote:
>>
>> Running into an odd doubling of attribute values when surrogate access is 
>> enabled.  
>> On CAS 6.1.0 RC6
>>
>>
>> Here is my Surrogate config, Active Directory Auth config, and Attribute 
>> repository:
>>
>> # Surrogate config 
>> cas.authn.surrogate.separator=+
>> cas.authn.surrogate.json.location=file:/etc/cas/config/surrogates.json
>>
>>
>> # set some properties we can re-use in authn and attributeRepository 
>> configuration
>> ldap-url= ldaps://ad01.example.edu:636
>> ldap-binddn=  cn=logon_ldap_user,ou=Application Users,ou=All_Users,dc
>> =example,dc=edu
>> ldap-bindpw=  examplePass
>> ldap-auth-type=   DIRECT
>> ldap-basedn=  ou=All_Users,dc=example,dc=edu
>> ldap-dnformat=cn=%s,ou=All_Users,dc=example,dc=edu
>> ldap-user-filter= (cn={user})
>> ldap-max-pool-size=20
>> ldap-tls=false
>> ldap-ssl=true
>> # configure ldap authentication
>> cas.authn.ldap[0].trustCertificates=file:/etc/cas/trustedexamplecert.der
>>

Re: [cas-user] Stumped about Login-Page (CAS 6.1)

2020-04-06 Thread Michael J Barsic 
Sven, 

There's a whole templating thing going on and I recommend reading David Curry's 
excellent write up - [ 
https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html | 
https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html ] 

But if you just want to modify the login page, you can add 

src/main/resources/templates/casLoginView.html 

to your cas-overlay-template and those changes should show up when you deploy. 

See [ 
https://github.com/apereo/cas/tree/6fa70074c3a70837555fc7373ec96808b7314f8b/support/cas-server-support-thymeleaf/src/main/resources/templates
 | 
https://github.com/apereo/cas/tree/6fa70074c3a70837555fc7373ec96808b7314f8b/support/cas-server-support-thymeleaf/src/main/resources/templates
 ] 

for the baseline files - make sure you grab the correct branch. 

Good luck, 
Mike 


From: "Sven Specker"  
To: "cas-user"  
Sent: Monday, April 6, 2020 9:13:32 AM 
Subject: [cas-user] Stumped about Login-Page (CAS 6.1) 

Hi! 

Usually, I don't have to ask for things like that, but the customization 
of the loging page leaves me scratching my head. 

While I appreciate the absence of the usual xml hell of spring stuff, I 
cannot for the life of me find out how to customize the login page to 
our corporate design. 

After deploying the war file, everything runs fine, but I cannot find a 
trace of any default page customization, so I believe the base page is 
somehow hardcoded. 

I could use a hint on how to create a different design. I never use 
spring for my projects so maybe that is the problem. :) 

Thanks! 
-- 
** 
** Sven Specker -- Goethe-University Frankfurt Computing Center ** 
*** UNIX System Administration (Auth/IDM)  
* spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] * 
** 

-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org. 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fdac7cb4-07f2-e0e4-ac55-7f5665b7a0c8%40rz.uni-frankfurt.de.
 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1453413916.39529516.1586183352816.JavaMail.zimbra%40scad.edu.

Re: [cas-user] Stumped about Login-Page (CAS 6.1)

2020-04-06 Thread Sven Specker 

On 2020-04-06 15:17, Jérôme LELEU wrote:

Hi,



Hi!


The documentation:
https://apereo.github.io/cas/6.1.x/ux/User-Interface-Customization-Views.html
should
be helpful.


Well, I only read the page like 20 times before and now I saw that my 
find hat a path-typo so I never found the resource-jar. Forget I asked.


Let's see how far i will get after finally finding it. :)

Thanks!

Best regards,

Sven Specker
--
__
*** Sven Specker -- University of Frankfurt Computing Center   ***
*** UNIX System Administration (Auth/IDM) 
* spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
**
__  
Johann Wolfgang Goethe Universitaet
   - Hochschulrechenzentrum -
 Theodor W. Adorno-Platz 1 (PA-1P16)

   D-60323 Frankfurt/Main
__
__ TeX-users do it in {groups}

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fb303930-8ab3-7817-7302-e55909962ead%40rz.uni-frankfurt.de.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [cas-user] Stumped about Login-Page (CAS 6.1)

2020-04-06 Thread Jérôme LELEU 
Hi,

The documentation:
https://apereo.github.io/cas/6.1.x/ux/User-Interface-Customization-Views.html
should
be helpful.
Thanks.
Best regards,
Jérôme


Le lun. 6 avr. 2020 à 15:13, Sven Specker  a
écrit :

> Hi!
>
> Usually, I don't have to ask for things like that, but the customization
> of the loging page leaves me scratching  my head.
>
> While I appreciate the absence of the usual xml hell of spring stuff, I
> cannot for the life of me find out how to customize the login page to
> our corporate design.
>
> After deploying the war file, everything runs fine, but I cannot find a
> trace of any default page customization, so I believe the base page is
> somehow hardcoded.
>
> I could use a hint on how to create a different design. I never use
> spring for my projects so maybe that is the problem. :)
>
> Thanks!
> --
> **
> ** Sven Specker -- Goethe-University Frankfurt Computing Center **
> *** UNIX System Administration (Auth/IDM) 
> * spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
> **
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fdac7cb4-07f2-e0e4-ac55-7f5665b7a0c8%40rz.uni-frankfurt.de
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyvhVukLjvQpeC7ODU%3D_9Ties5rFvY780McvEePFE%3D4%2BQ%40mail.gmail.com.

[cas-user] Stumped about Login-Page (CAS 6.1)

2020-04-06 Thread Sven Specker 

Hi!

Usually, I don't have to ask for things like that, but the customization 
of the loging page leaves me scratching  my head.


While I appreciate the absence of the usual xml hell of spring stuff, I 
cannot for the life of me find out how to customize the login page to 
our corporate design.


After deploying the war file, everything runs fine, but I cannot find a 
trace of any default page customization, so I believe the base page is 
somehow hardcoded.


I could use a hint on how to create a different design. I never use 
spring for my projects so maybe that is the problem. :)


Thanks!
--
**
** Sven Specker -- Goethe-University Frankfurt Computing Center **
*** UNIX System Administration (Auth/IDM) 
* spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
**

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fdac7cb4-07f2-e0e4-ac55-7f5665b7a0c8%40rz.uni-frankfurt.de.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [cas-user] Re: CAS 6.1.3 Discovery Client not initialized

2020-04-06 Thread 'Maksim Kopeyka' via CAS Community 
Dmitriy,

Good point, thank you.
I solved my issue via adding this property
spring.cloud.discovery.client.composite-indicator.enabled=false


On Tuesday, February 25, 2020 at 3:12:40 PM UTC+2, Dmitriy Kopyleenko wrote:
>
> Looks like something that is coming from Spring Boot 2.2: 
> https://github.com/spring-cloud/spring-cloud-commons/issues/633
>
> 
> D .
>
> On February 25, 2020 at 05:32:53, 'Maksim Kopeyka' via CAS Community (
> cas-...@apereo.org ) wrote:
>
> Still have this problem even on my local PC. It worked fine with 6.0.3 but 
> doesn't work with 6.1.3. Looks like a bug...
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f128a52-3f06-4091-8fc0-8da6de4b3f00%40apereo.org
>  
> 
> .
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c277ac76-01b4-40b0-a9d1-7aca27dcff86%40apereo.org.