Re: [cas-user] How do you set the ticket generator?

2020-06-08 Thread Richard Frovarp 
With a little luck, I found the right source code, which lead me to
here:

https://apereo.github.io/cas/5.3.x/installation/Configuration-Propertie
s.html#cas-server

with the cas.host.name property.

Version 4 of CAS had info on how to do this with the ticket
documentation. IT would be nice to have a line about this in the
Configuring Ticketing Components area.

On Mon, 2020-06-08 at 21:09 +, Richard Frovarp wrote:
> I need to add a suffix to the service ticket that is being generated.
> I
> see in the code that it is in the code, but I have no idea where to
> begin to make changes to configuration. I can do it either globally
> or
> per service, that doesn't matter.
> 
> I have some code that is looking at the suffix to determine where to
> send the ticket validation to in Apache Shiro. I'm authenticating /
> validating against two different CASes against two different domains,
> hence my usecase. Using 5.3.
> 
> Thanks,
> Richard
> 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4866c1826710973beb760e2164d159af35cddfbc.camel%40ndsu.edu.

[cas-user] How do you set the ticket generator?

2020-06-08 Thread Richard Frovarp 
I need to add a suffix to the service ticket that is being generated. I
see in the code that it is in the code, but I have no idea where to
begin to make changes to configuration. I can do it either globally or
per service, that doesn't matter.

I have some code that is looking at the suffix to determine where to
send the ticket validation to in Apache Shiro. I'm authenticating /
validating against two different CASes against two different domains,
hence my usecase. Using 5.3.

Thanks,
Richard

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d4523ca0223819b3dfdc8fe08b42d0398c9f5525.camel%40ndsu.edu.

Re: [cas-user] customize caslogin page

2020-06-08 Thread 'Daniel Maldonado' via CAS Community 
https://stackoverflow.com/questions/61300592/cas-switch-the-themes-based-on-different-services

> On Jun 8, 2020, at 4:02 PM, Robin Joseph  wrote:
> 
> I downloaded and installed CAS 6.1.6,  Now I am looking to change the image, 
> color and text on the login page, I found very high level instructions on 
> Apereo site the 
> https://apereo.github.io/cas/6.1.x/ux/User-Interface-Customization.html 
> .  
> managed to get the casLoginView.html by ./gradlew getResources 
> -PresourceName=casLoginVIew downloaded the view but how can I download other 
> files ? view does not have much info in it to customize. There may be other 
> .jsp, html and image files I need to download but not sure how to do that.  
> 
> Any help on this matter is greatly appreciated.
> 
> Thank you.
> 
> -- 
> - Website: https://apereo.github.io/cas 
> - Gitter Chatroom: https://gitter.im/apereo/cas 
> - List Guidelines: https://goo.gl/1VRrw7 
> - Contributions: https://goo.gl/mh7qDG 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMLyn%2B8ecv2LqQoy4S8Jcv%2BsmZr8MDgsCpMgpk_%3DBvSU2S52wQ%40mail.gmail.com
>  
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5AA40E2F-7520-4E99-A8CE-AAEB40029037%40yahoo.com.

[cas-user] customize caslogin page

2020-06-08 Thread Robin Joseph 
I downloaded and installed CAS 6.1.6,  Now I am looking to change the
image, color and text on the login page, I found very high level
instructions on Apereo site the
https://apereo.github.io/cas/6.1.x/ux/User-Interface-Customization.html.
managed to get the casLoginView.html by ./gradlew getResources
-PresourceName=casLoginVIew downloaded the view but how can I download
other files ? view does not have much info in it to customize. There may be
other .jsp, html and image files I need to download but not sure how to do
that.

Any help on this matter is greatly appreciated.

Thank you.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMLyn%2B8ecv2LqQoy4S8Jcv%2BsmZr8MDgsCpMgpk_%3DBvSU2S52wQ%40mail.gmail.com.

[cas-user] Re: What is needed to get ADFS in CAS6?

2020-06-08 Thread 'Robert Bond' via CAS Community 

Hi Tobey,

Can you explain the scenario a little more? 

What Role is the ADFS server playing? SP?

What role is the cas server fulfilling? IDP? 

Do you have this working on CAS 5? 

Thanks!


On Thursday, June 4, 2020 at 11:40:47 AM UTC-5, Toby Archer wrote:
>
> We are looking to upgrade from CAS 5 to CAS 6. I have a fresh setup so 
> I've just got the default json services and ADFS.. This 
>  guide 
> suggests I need this line:
>
> compile 
>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}"
>
>
> In my build.gradle file. Presumably in the area right below:
>
> dependencies {
>> // Other CAS dependencies/modules may be listed here...
>> // implementation 
>> "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
>> compile 
>> "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}"
>
>
> And then I copied over the attributes from our test box, which appears to 
> be the same in 5.x as it is in 6.x: 
> 
>
> cas.authn.wsfed[0].identityProviderUrl=https://adfs.usd.edu/adfs/ls/
>> cas.authn.wsfed[0].identityProviderIdentifier=
>> http://adfs.usd.edu/adfs/services/trust
>> cas.authn.wsfed[0].relyingPartyIdentifier=urn:cas:test-sso.usd.edu
>> cas.authn.wsfed[0].attributesType=WSFED
>> cas.authn.wsfed[0].autoRedirect=true
>>
>> cas.authn.wsfed[0].signingCertificateResources=file:/etc/cas/adfs_signing2019.cer
>
>
> But nothing happens. No redirect, no mention of ADFS in the logs. Was 
> there something else I had to do?
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2304b0a2-b691-4364-b152-5a4a1495c874o%40apereo.org.

Re: [cas-user] CAS 5.2 - OIDC and attribute release

2020-06-08 Thread qla3fa 

Thanks for your response.

sn and mail are attributes I extract from my LDAP. I use it with CAS 
services and it works... I configured Oauth2.0 module too and I use and 
map these attributes with success... So I think it's ok with these 
attributes. It's only with OIDC services it doesn't work...


Best regards.

QLA.

Le 08/06/2020 à 18:01, Jérôme Steve a écrit :

Hi,

Your OIDC configuration look good.

You map your claims like this :
cas.authn.oidc.claimsMap.name =sn
cas.authn.oidc.claimsMap.email=mail
Maibe you don't have sn and email in your attribute repository ?



Le lun. 8 juin 2020 à 16:37, qla3fa > a écrit :


Hi,

I try to configure OIDC with CAS 5.2. I added module
"cas-server-support-oidc" and the config with lines :

# Configuration OIDC
cas.authn.oidc.issuer=https://my-url.com/cas/oidc
cas.authn.oidc.skew=5
cas.authn.oidc.jwksFile=file:/etc/cas/keystore.jwks
cas.authn.oidc.jwksCacheInMinutes=60
cas.authn.oidc.dynamicClientRegistrationMode=PROTECTED
cas.authn.oidc.subjectTypes=public,pairwise
cas.authn.oidc.scopes=openid, profile, email

cas.authn.oidc.claims=sub,name,preferred_username,family_name,given_name,middle_name,given_name,profile,picture,nickname,website,zoneinfo,locale,updated_at,birthdate,email,email_verified,phone_number,phone_number_verified,address
cas.authn.oidc.claimsMap.given_name=givenName
cas.authn.oidc.claimsMap.name
=sn
cas.authn.oidc.claimsMap.email=mail

For my App, I configure service :

{
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "clientId": "applicationQLA-testPHP",
  "clientSecret": "x",
  "serviceId" : "^http://localhost:8080/.*;,
  "bypassApprovalPrompt": true,
  "supportedResponseTypes" : [ "java.util.HashSet", [ "code",
"token" ] ],
  "name" : "applicationQLAtestPHP",
  "scopes" : [ "java.util.HashSet",
    [ "openid", "email", "profile" ]
   ],
  "id" : 7,
  "evaluationOrder" : 7,
}

Oidc authentication works good but in my application the only
attributes I can get are :

sub, auth_time, jti, iss, aud, exp, iat, nbf, amr, state, nonce,
at_hash, preferred_username

But I can't get the attributes of email or profile scope...

In logs file I don't have error messages.

What is wrong with my config ?

Thanks for help.
Best regards,

QLA

-- 
- Website: https://apereo.github.io/cas

- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+unsubscr...@apereo.org
.
To view this discussion on the web visit

https://groups.google.com/a/apereo.org/d/msgid/cas-user/838f0180-1c48-a196-2672-0981d6d971fb%40gmail.com

.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbwcvSbwj20pdAq46X7j1EGbAoOp7GH1fO1GcZuU_SqDbQ%40mail.gmail.com 
.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ba709981-8ac5-fd63-f3b5-c31ea85ce277%40gmail.com.

Re: [cas-user] CAS 5.2 - OIDC and attribute release

2020-06-08 Thread Jérôme Steve 
Hi,

Your OIDC configuration look good.

You map your claims like this :
cas.authn.oidc.claimsMap.name=sn
cas.authn.oidc.claimsMap.email=mail
Maibe you don't have sn and email in your attribute repository ?



Le lun. 8 juin 2020 à 16:37, qla3fa  a écrit :

> Hi,
>
> I try to configure OIDC with CAS 5.2. I added module
> "cas-server-support-oidc" and the config with lines :
>
> # Configuration OIDC
> cas.authn.oidc.issuer=https://my-url.com/cas/oidc
> cas.authn.oidc.skew=5
> cas.authn.oidc.jwksFile=file:/etc/cas/keystore.jwks
> cas.authn.oidc.jwksCacheInMinutes=60
> cas.authn.oidc.dynamicClientRegistrationMode=PROTECTED
> cas.authn.oidc.subjectTypes=public,pairwise
> cas.authn.oidc.scopes=openid, profile, email
>
> cas.authn.oidc.claims=sub,name,preferred_username,family_name,given_name,middle_name,given_name,profile,picture,nickname,website,zoneinfo,locale,updated_at,birthdate,email,email_verified,phone_number,phone_number_verified,address
> cas.authn.oidc.claimsMap.given_name=givenName
> cas.authn.oidc.claimsMap.name=sn
> cas.authn.oidc.claimsMap.email=mail
>
> For my App, I configure service :
>
> {
>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>   "clientId": "applicationQLA-testPHP",
>   "clientSecret": "x",
>   "serviceId" : "^http://localhost:8080/.*;,
>   "bypassApprovalPrompt": true,
>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code", "token" ] ],
>   "name" : "applicationQLAtestPHP",
>   "scopes" : [ "java.util.HashSet",
> [ "openid", "email", "profile" ]
>],
>   "id" : 7,
>   "evaluationOrder" : 7,
> }
>
> Oidc authentication works good but in my application the only attributes I
> can get are :
>
> sub, auth_time, jti, iss, aud, exp, iat, nbf, amr, state, nonce, at_hash,
> preferred_username
>
> But I can't get the attributes of email or profile scope...
>
> In logs file I don't have error messages.
>
> What is wrong with my config ?
>
> Thanks for help.
> Best regards,
>
> QLA
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/838f0180-1c48-a196-2672-0981d6d971fb%40gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbwcvSbwj20pdAq46X7j1EGbAoOp7GH1fO1GcZuU_SqDbQ%40mail.gmail.com.

[cas-user] CAS 5.2 - OIDC and attribute release

2020-06-08 Thread qla3fa 

Hi,

I try to configure OIDC with CAS 5.2. I added module 
"cas-server-support-oidc" and the config with lines :


# Configuration OIDC
cas.authn.oidc.issuer=https://my-url.com/cas/oidc
cas.authn.oidc.skew=5
cas.authn.oidc.jwksFile=file:/etc/cas/keystore.jwks
cas.authn.oidc.jwksCacheInMinutes=60
cas.authn.oidc.dynamicClientRegistrationMode=PROTECTED
cas.authn.oidc.subjectTypes=public,pairwise
cas.authn.oidc.scopes=openid, profile, email
cas.authn.oidc.claims=sub,name,preferred_username,family_name,given_name,middle_name,given_name,profile,picture,nickname,website,zoneinfo,locale,updated_at,birthdate,email,email_verified,phone_number,phone_number_verified,address
cas.authn.oidc.claimsMap.given_name=givenName
cas.authn.oidc.claimsMap.name=sn
cas.authn.oidc.claimsMap.email=mail

For my App, I configure service :

{
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "clientId": "applicationQLA-testPHP",
  "clientSecret": "x",
  "serviceId" : "^http://localhost:8080/.*;,
  "bypassApprovalPrompt": true,
  "supportedResponseTypes" : [ "java.util.HashSet", [ "code", "token" ] ],
  "name" : "applicationQLAtestPHP",
  "scopes" : [ "java.util.HashSet",
    [ "openid", "email", "profile" ]
   ],
  "id" : 7,
  "evaluationOrder" : 7,
}

Oidc authentication works good but in my application the only attributes 
I can get are :


sub, auth_time, jti, iss, aud, exp, iat, nbf, amr, state, nonce, 
at_hash, preferred_username


But I can't get the attributes of email or profile scope...

In logs file I don't have error messages.

What is wrong with my config ?

Thanks for help.
Best regards,

QLA

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/838f0180-1c48-a196-2672-0981d6d971fb%40gmail.com.