Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

Hi Mr Ray,
I have checked again with your service register for CAS Management but it
have this error:
This is CAS Server log
=
WHO: root
WHAT: [result=Service Access Denied,service=
https://casoverlay.vdc2.com.vn:8088/c...,principal=SimplePrincipal(id=root,
attributes={userstatus=[ACTIVE], roles=[ROLE_ADMIN], usertype=[ADMIN_VNPT],
usertel=[0907888510], lastname=[VNPT ADMIN], comdepartment=[GP2],
_id=[5ebd04f32f378500220a], comid=[VNPT], userparentid=[],
usercode=[VNPT001], userdate=[19-04-2020], useremail=[
nguyentranthanh...@vnpt.vn]}),requiredAttributes={description=[ROLE_ADMIN]}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Aug 31 21:10:39 PDT 2020
CLIENT IP ADDRESS: 203.162.36.241
SERVER IP ADDRESS: 203.162.141.22
=
And this is CAS Management error
[image: image.png]
So tired, I decide skip this issue and hop CAS developer team will fix this
problem.
Thank you Mr Ray.

Vào Th 3, 1 thg 9, 2020 vào lúc 00:36 Ray Bon  đã viết:

> Nguyen,
>
> I configured cas properties for attributes (since the admins are under a
> different tree, than the authentication tree) and the role is in the
> description attribute:
>
> cas.authn.attributeRepository.ldap[2].id=administrators
> cas.authn.attributeRepository.ldap[2].order=2
>
> cas.authn.attributeRepository.ldap[2].attributes.uvicEduPersonYubiKeyID=uvicEduPersonYubiKeyID
>
> cas.authn.attributeRepository.ldap[2].attributes.eduPersonEntitlement=eduPersonEntitlement
> cas.authn.attributeRepository.ldap[2].attributes.description=description
> cas.authn.attributeRepository.ldap[2].ldapUrl=ldaps://
> ldaplocal.uvic.ca:636
> cas.authn.attributeRepository.ldap[2].connectTimeout=PT3S
>
> cas.authn.attributeRepository.ldap[2].baseDn=ou=administrators,ou=CAS,ou=applications,dc=uvic,dc=ca
> cas.authn.attributeRepository.ldap[2].subtreeSearch=true
> cas.authn.attributeRepository.ldap[2].searchFilter=uid={user}
> cas.authn.attributeRepository.ldap[2].bindDn=cn=Auth
> Manager,ou=CAS,ou=UVON,ou=administrators,dc=uvic,dc=ca
> cas.authn.attributeRepository.ldap[2].bindCredential=
>
> I then modified the service definition to return a mapped attribute
> (description -> roles):
>
> {
>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId": "^https://local\\.uvic\\.ca/cas-management/.*;,
>   "name": "Services Management Web Application on local",
>   "id": 50,
>   "description": "Services Management Web Application on developer
> workstation",
>   "expirationPolicy":
>   {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy",
> "deleteWhenExpired": false,
> "notifyWhenDeleted": false,
> "notifyWhenExpired": false
>   },
>   "proxyPolicy":
>   {
> "@class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
>   },
>   "proxyTicketExpirationPolicy":
>   {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy",
> "numberOfUses": 0
>   },
>   "serviceTicketExpirationPolicy":
>   {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy",
> "numberOfUses": 0
>   },
>   "evaluationOrder": 0,
>   "usernameAttributeProvider":
>   {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
> "canonicalizationMode": "NONE",
> "encryptUsername": false
>   },
>   "logoutType": "BACK_CHANNEL",
>   "requiredHandlers":
>   [
> "java.util.HashSet",[]
>   ],
>   "environments":
>   [
> "java.util.HashSet",[]
>   ],
>   "attributeReleasePolicy":
>   {
> "@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes":
> {
>   "@class": "java.util.TreeMap",
>   "description":
>   [
> "java.util.ArrayList",
> [
>   "roles"
> ]
>   ]
> },
> "principalAttributesRepository":
> {
>   "@class":
> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",
>   "mergingStrategy": "MULTIVALUED",
>   "ignoreResolvedAttributes": false
> },
> "consentPolicy":
> {
>   "@class":
> "org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy",
>   "enabled": true,
>   "order": 0
> },
> "authorizedToReleaseCredentialPassword": false,
> "authorizedToReleaseProxyGrantingTicket": false,
> "excludeDefaultAttributes": false,
> "authorizedToReleaseAuthenticationAttributes": true,
> "order": 0
>   },
>   "multifactorPolicy":
>   {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
> "multifactorAuthenticationProviders":
> [
>   "java.util.HashSet",[]
> ],
> "failureMode": "CLOSED",
> "bypassEnabled": false,
> "forceExecution": false,
> "bypassTrustedDeviceEnabled": false
>   },
>   "logoutUrl": 

Re: [cas-user] Redirection after authentication from https to http

[Joe Manavalan]

Thanks Jerome for the response.

I am checking with the network team about the reverse proxy..
request.getRequestURL()  is coming in as "http  "

Following is the log


2020-08-31 17:45:43,157 DEBUG
[org.springframework.security.web.FilterChainProxy] -

2020-08-31 17:45:43,164 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - 
2020-08-31 17:45:43,167 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
- 
2020-08-31 17:45:43,201 DEBUG
[org.apereo.cas.web.BaseDelegatedAuthenticationController] - :8445/codesESSO/login/CodesESSO_Dev],>


I manually added a http to https replace here in
BaseDelegatedAuthenticationController for testing
val url = httpUrl.replace("http", "https");


2020-08-31 17:45:43,204 DEBUG
[org.apereo.cas.web.BaseDelegatedAuthenticationController] - :8445/codesESSO/login?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s_name=CodesESSO_Dev]>

Ended up throwing an error  [Which I believe is expected due to the
manipulation]
org.springframework.webflow.execution.ActionExecutionException: Exception
thrown executing
org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@40e79dec in
state 'delegatedAuthenticationAction' of flow 'login' -- action execution
attributes were 'map[[empty]]'
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)

On Mon, Aug 31, 2020 at 1:52 AM Jérôme LELEU  wrote:

> Hi,
>
> This redirection relies on: request.getRequestURL()
> Do you have some reverse proxy in front of your Tomcat?
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 17:20, Joe Manavalan  a
> écrit :
>
>> I have cas6.1 deployed and working with cas.authn.pac4j.oauth2. The app
>> works fine in my local windows machine on an https port
>> When deployed in unix with the same setting [except the url has domain
>> name instead of server name] the app after authenticating with the external
>> oauth2 provider redirects the url to an http port as shown below
>> This is the redirect url configured and get successfully redirected after
>> authentication and authorization based on the browser trace
>> https://
>> :/cas/login/?code==_name=
>> It then gets redirected to the below http port instead of the expected
>> https port
>>
>> http//:/cas/login?code==_name=
>>
>> Is this some configuration in CAS  or need to be investigated on the
>> network side ?
>> Any help appreciated
>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGTtRUTcv5_AwPDg4AgFmAwCEzd8vmQTJ2LA5ojQPyDUJkRKtw%40mail.gmail.com.

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Ray Bon]

Nguyen,

I configured cas properties for attributes (since the admins are under a 
different tree, than the authentication tree) and the role is in the 
description attribute:

cas.authn.attributeRepository.ldap[2].id=administrators
cas.authn.attributeRepository.ldap[2].order=2
cas.authn.attributeRepository.ldap[2].attributes.uvicEduPersonYubiKeyID=uvicEduPersonYubiKeyID
cas.authn.attributeRepository.ldap[2].attributes.eduPersonEntitlement=eduPersonEntitlement
cas.authn.attributeRepository.ldap[2].attributes.description=description
cas.authn.attributeRepository.ldap[2].ldapUrl=ldaps://ldaplocal.uvic.ca:636
cas.authn.attributeRepository.ldap[2].connectTimeout=PT3S
cas.authn.attributeRepository.ldap[2].baseDn=ou=administrators,ou=CAS,ou=applications,dc=uvic,dc=ca
cas.authn.attributeRepository.ldap[2].subtreeSearch=true
cas.authn.attributeRepository.ldap[2].searchFilter=uid={user}
cas.authn.attributeRepository.ldap[2].bindDn=cn=Auth 
Manager,ou=CAS,ou=UVON,ou=administrators,dc=uvic,dc=ca
cas.authn.attributeRepository.ldap[2].bindCredential=

I then modified the service definition to return a mapped attribute 
(description -> roles):

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^https://local\\.uvic\\.ca/cas-management/.*;,
  "name": "Services Management Web Application on local",
  "id": 50,
  "description": "Services Management Web Application on developer workstation",
  "expirationPolicy":
  {
"@class": 
"org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy",
"deleteWhenExpired": false,
"notifyWhenDeleted": false,
"notifyWhenExpired": false
  },
  "proxyPolicy":
  {
"@class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
  },
  "proxyTicketExpirationPolicy":
  {
"@class": 
"org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy",
"numberOfUses": 0
  },
  "serviceTicketExpirationPolicy":
  {
"@class": 
"org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy",
"numberOfUses": 0
  },
  "evaluationOrder": 0,
  "usernameAttributeProvider":
  {
"@class": 
"org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
"canonicalizationMode": "NONE",
"encryptUsername": false
  },
  "logoutType": "BACK_CHANNEL",
  "requiredHandlers":
  [
"java.util.HashSet",[]
  ],
  "environments":
  [
"java.util.HashSet",[]
  ],
  "attributeReleasePolicy":
  {
"@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes":
{
  "@class": "java.util.TreeMap",
  "description":
  [
"java.util.ArrayList",
[
  "roles"
]
  ]
},
"principalAttributesRepository":
{
  "@class": 
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",
  "mergingStrategy": "MULTIVALUED",
  "ignoreResolvedAttributes": false
},
"consentPolicy":
{
  "@class": 
"org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy",
  "enabled": true,
  "order": 0
},
"authorizedToReleaseCredentialPassword": false,
"authorizedToReleaseProxyGrantingTicket": false,
"excludeDefaultAttributes": false,
"authorizedToReleaseAuthenticationAttributes": true,
"order": 0
  },
  "multifactorPolicy":
  {
"@class": 
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders":
[
  "java.util.HashSet",[]
],
"failureMode": "CLOSED",
"bypassEnabled": false,
"forceExecution": false,
"bypassTrustedDeviceEnabled": false
  },
  "logoutUrl": "https://local.uvic.ca/cas/logout;,
  "accessStrategy":
  {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"order": 0,
"enabled": true,
"ssoEnabled": true,
"delegatedAuthenticationPolicy":
{
  "@class": 
"org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
  "allowedProviders":
  [
"java.util.ArrayList",[]
  ],
  "permitUndefined": true,
  "exclusive": false
},
"requireAllAttributes": true,
"requiredAttributes":
{
  "@class": "java.util.LinkedHashMap",
  "description":
  [
"java.util.HashSet",
[
  "ADMIN"
]
  ]
},
"rejectedAttributes":
{
  "@class": "java.util.LinkedHashMap"
},
"caseInsensitive": false
  },
  "properties":
  {
"@class": "java.util.LinkedHashMap",
"test":
{
  "@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty",
  "values":
  [
"java.util.HashSet",
[
  "FALSE"
]
  ]
}
  },
  "contacts":
  [
"java.util.ArrayList",[]
  ]
}

I am going to edit our ldap data today to change from ADMIN to ROLE_ADMIN. (I 
got the attribute release working on Friday.)

You can see the attributes in cas management with this logging

Re: [cas-user] SAML2.0 deployment

[Mike Osterman]

Hi Umut,

I looked at our Zoom configuration with our 5.3.x CAS IdP, and this sounds
like it might be a question of a couple Zoom SSO properties. Here's what we
have in our Zoom SSO config:

Sign-in page URL: {REPLACE-WITH-CAS-BASE-URL}/idp/profile/SAML2/Redirect/SSO

(this is also the "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
binding URL in your SAML metadata)

Binding: HTTP-Redirect

Try that and see if you make it any further!


On Mon, Aug 31, 2020 at 8:42 AM Umut Arus  wrote:

> Hi,
>
> I am having an initial setup issue with CAS SAML2.0 deployment. I couldn't
> authenticate account successfully yet.
>
> Getting the below error:
>
> 2020-08-31 16:10:36,575 INFO
> [org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor]
> - 
> 2020-08-31 16:10:36,576 ERROR
> [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder] -  did not contain either a SAMLRequest or SAMLResponse paramter.  Invalid
> request for SAML 2 HTTP POST binding.>
>
> Config or deployment problem? Have you any suggestion?
>
> Regards.
>
>
> --
> *UMUT ARUS*
> SİSTEM SORUMLUSU
> SYSTEM SPECIALIST
> --
> Sabancı Üniversitesi
> Üniversite Caddesi No:27
> 34956 Orta Mahalle, Tuzla – İstanbul
> *T*   0 216 483 91 72
> *F*   0 216 483 91 86
> * www.sabanciuniv.edu * 
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALwryzFoacaTy006iCo_WsWfpeF1E8Mp_d2FY80S5FraFhptAw%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHVANY5aEKhdG9%3Dw-xb_pmiXn9Qs2QdVQwycsqDfUu7yHw%40mail.gmail.com.

Re: [cas-user] How to bypass user role in service registry?

[Ray Bon]

Napoleon,

I just replied to another thread on the same topic.
We are all trying to figure it out. I think a cas management developer will be 
required.

Ray

On Mon, 2020-08-31 at 07:54 -0700, Napoleon Ponaparte wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.


Hi,

I have succeeded implement CAS Management Web App.
But I must have user's role in user.json file as bellow to run web app:

{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
}
}
How to bypass user role in service registry?
P/s: here is my service registry for CAS Management Web App
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
  "name" : "casManagement",
  "id" : 1,
  "evaluationOrder" : 1,
  "allowedAttributes":["cn","mail"]
}
Thank you in advance.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0607c8be0665ab19c40236830ffd8ca7ba56c60b.camel%40uvic.ca.

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

Hi Ray,
Could you show me your config that returned properties roles=[ADMIN]?
And
Have you ever tried return this:
roles=[ROLE_ADMIN]
Like user.json

{

 "casuser" : {

  "roles" : [ "ROLE_ADMIN" ]

 }
}

Since my CAS Management Error log like bellow:

WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - 

And I guess, If we could fill roles: [] (in red) become role: [ADMIN_ROLE],
it will run.
Thank you.
Vào Th 2, 31 thg 8, 2020 vào lúc 23:12 Ray Bon  đã viết:

> Nguyen,
>
> I am at this point in configuring cas management too.
> Our 4.x deploy of cas management used to look up the user in ldap (you
> would use mongo), and get the ADMIN attribute there. But the 6.1 version
> does not seem to use ldap (I configured it but no calls to ldap were made).
> Cas management uses cas protocol 3, which means that attributes can be
> returned. I have configured this and I am returning roles=[ADMIN]. This
> also seems to be ignored.
>
> Perhaps one of the developers of cas management could comment if the .json
> file is the only way to identify users and roles.
>
> Ray
>
> On Mon, 2020-08-31 at 14:02 +0700, Nguyen Tran Thanh Lam wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Mr Jérôme LELEU,
> Yes I know this configuration but I have inconvenient process when I
> create new user.
> It means, when I create new user in MongoDB, CAS Overlay can authenticated
> new user (I must not restart cas service) but with CAS Management Web App,
> I must add this role for new user to user.json file and restart CAS
> Management Web App service.
> For example:
> First:
> I have already had one user with username is casuser and password =x1.
> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
> Management Web app feature.
> Next:
> I add new user  with username is casuser2 and password =x2.
> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
> But with CAS Management Web App, I need modified user.json file like this
>
> {
>
>
>  "casuser" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
>  },
>
>
>   "casuser2" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
>  },
>
>
> }
>
> Then restart CAS Management service. After that, I could use this casuser2
> account for CAS Management Web App.
> It's very inconvenient, thus I hope any way to fix this role for all users.
> Please help me.
> Thank you in advance.
>
> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU 
> đã viết:
>
> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file in
> the classpath.
> For example:
>
> {
>
>
>  "casuser" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
>  }
>
>
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated user
> that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But,  I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] -  authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
> not contain any required roles*>
>
> Here is my service registry for CAS Manaement Web App:
>
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>   "name" : "casManagement",
>   "id" : 1,
>   "evaluationOrder" : 1,
>   "allowedAttributes":["cn","mail"]
> }
>
> CAS server succeed create and authorized access token for user (id = root)
> but CAS Management missing user's role.
>
> I don't know how to assign ROLE for user or indicate user's role fixed in
> service registry.
> Please help me.
> 

Re: [cas-user] Invalid request for SAML 2 Error

[Ray Bon]

Umut,

Use a browser plugin, such as saml tracer, to see what the saml looks like for 
the request.
This error means that the saml request is either incorrect, or the service 
metadata does not match the request. For instance, the request is trying to 
reach a different binding but you only have POST configured (or some mismatched 
configuration like that).

Ray

On Mon, 2020-08-31 at 15:16 +0300, Umut Arus wrote:
Hi,

I'm trying to configure for the first time SAML2.0 for an application but I'm 
getting the below ERROR. How can I overcome this?

thanks..

...
2020-08-31 14:59:25,026 DEBUG 
[org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder]
 - 
2020-08-31 14:59:25,026 DEBUG 
[org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder]
 - 
2020-08-31 14:59:25,028 DEBUG 
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder] - 
2020-08-31 14:59:25,034 DEBUG 
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder] - 
2020-08-31 14:59:25,034 ERROR 
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder] - 


--
UMUT ARUS
SİSTEM SORUMLUSU
SYSTEM SPECIALIST

Sabancı Üniversitesi
Üniversite Caddesi No:27
34956 Orta Mahalle, Tuzla – İstanbul
T   0 216 483 91 72
F   0 216 483 91 86
www.sabanciuniv.edu   
[https://www.sabanciuniv.edu/signature-image/signature_logo.png]

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4063e996a2f17095c5f005e610c9eb195dc1bd5.camel%40uvic.ca.

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Ray Bon]

Nguyen,

I am at this point in configuring cas management too.
Our 4.x deploy of cas management used to look up the user in ldap (you would 
use mongo), and get the ADMIN attribute there. But the 6.1 version does not 
seem to use ldap (I configured it but no calls to ldap were made).
Cas management uses cas protocol 3, which means that attributes can be 
returned. I have configured this and I am returning roles=[ADMIN]. This also 
seems to be ignored.

Perhaps one of the developers of cas management could comment if the .json file 
is the only way to identify users and roles.

Ray

On Mon, 2020-08-31 at 14:02 +0700, Nguyen Tran Thanh Lam wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi Mr Jérôme LELEU,
Yes I know this configuration but I have inconvenient process when I create new 
user.
It means, when I create new user in MongoDB, CAS Overlay can authenticated new 
user (I must not restart cas service) but with CAS Management Web App, I must 
add this role for new user to user.json file and restart CAS Management Web App 
service.
For example:
First:
I have already had one user with username is casuser and password =x1.
I could use casuser/x1 as CAS's account to use CAS Overlay and CAS Management 
Web app feature.
Next:
I add new user  with username is casuser2 and password =x2.
I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
But with CAS Management Web App, I need modified user.json file like this

{


 "casuser" : {


   "roles" : [ "ROLE_ADMIN" ]


 },




"casuser2" : {


   "roles" : [ "ROLE_ADMIN" ]


 },


}

Then restart CAS Management service. After that, I could use this casuser2 
account for CAS Management Web App.
It's very inconvenient, thus I hope any way to fix this role for all users.
Please help me.
Thank you in advance.

Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU 
mailto:lel...@gmail.com>> đã viết:
Hi,

You need to add a users.json (or users.yml in YAML format) file in the 
classpath.
For example:


{


 "casuser" : {


   "roles" : [ "ROLE_ADMIN" ]


 }


}

Thanks.
Best regards,
Jérôme


Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte 
mailto:naphaluan211...@gmail.com>> a écrit :

Hi,

I have succeeded config CAS Overlay template 6.2.x can authenticated user that 
registed in MongoDB.
Here is my config:

1. CAS Properties
"name":"cas.authn.mongo.name","value":"users"
"name":"cas.authn.mongo.database-name","value":"users"
"name":"cas.authn.mongo.collection","value":"users"
"name":"cas.authn.mongo.username-attribute","value":"username"
"name":"cas.authn.mongo.password-attribute","value":"password"
"name":"cas.authn.mongo.user-id","value":"casuser"
"name":"cas.authn.mongo.password","value":"Mellon"
"name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
"name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP:port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
2. And this is user properties in User collecion

"username":"root",
"password":"root",
"lastname":"VNPT ADMIN",
"useremail":"xxx",
"usertel":"xxx"

But,  I have faced with problem about CAS Management Web App service.
Here is CAS Management Web App log:

WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - 

Here is my service registry for CAS Manaement Web App:

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
  "name" : "casManagement",
  "id" : 1,
  "evaluationOrder" : 1,
  "allowedAttributes":["cn","mail"]
}

CAS server succeed create and authorized access token for user (id = root) but 
CAS Management missing user's role.

I don't know how to assign ROLE for user or indicate user's role fixed in 
service registry.
Please help me.
Thank you in advance.




--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 

[cas-user] SAML2.0 deployment

[Umut Arus]

Hi,

I am having an initial setup issue with CAS SAML2.0 deployment. I couldn't
authenticate account successfully yet.

Getting the below error:

2020-08-31 16:10:36,575 INFO
[org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor]
- 
2020-08-31 16:10:36,576 ERROR
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder] - 

Config or deployment problem? Have you any suggestion?

Regards.


-- 
*UMUT ARUS*
SİSTEM SORUMLUSU
SYSTEM SPECIALIST
--
Sabancı Üniversitesi
Üniversite Caddesi No:27
34956 Orta Mahalle, Tuzla – İstanbul
*T*   0 216 483 91 72
*F*   0 216 483 91 86
* www.sabanciuniv.edu * 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALwryzFoacaTy006iCo_WsWfpeF1E8Mp_d2FY80S5FraFhptAw%40mail.gmail.com.

[cas-user] How to bypass user role in service registry?

[Napoleon Ponaparte]

Hi,

I have succeeded implement CAS Management Web App.
But I must have user's role in user.json file as bellow to run web app:

{
"casuser" : {
"roles" : [ "ROLE_ADMIN" ]
}
}
How to bypass user role in service registry?
P/s: here is my service registry for CAS Management Web App
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
  "name" : "casManagement",
  "id" : 1,
  "evaluationOrder" : 1,
  "allowedAttributes":["cn","mail"]
} 
Thank you in advance.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1e19b198-441c-4f71-9bee-9b2e9a725069n%40apereo.org.

[cas-user] CAS 6.1 git service registry

[King, Robert]

Attempting to implement the service registry via GIT on CAS 6.1.  Using the 
following settings:

# ==
# Service registry
# ==
cas.service-registry.initFromJson=false
# Git repo as supported by cas-management
cas.serviceRegistry.git.repositoryUrl=https:///cas/casServices.git
cas.serviceRegistry.git.branchesToClone=master
cas.serviceRegistry.git.activeBranch=master
cas.serviceRegistry.git.username=
cas.serviceRegistry.git.password=
cas.serviceRegistry.git.cloneDirectory=file:/tmp/casServices
cas.serviceRegistry.git.pushChanges=false
cas.serviceRegistry.git.timeout=PT10S
# cas.serviceRegistry.git.privateKeyPassphrase=
# cas.serviceRegistry.git.privateKeyPath=
# cas.serviceRegistry.git.sshSessionPassword=


When the CAS server starts up I get the following error:

[2020-08-31 11:41:17,208 ERROR 
[org.springframework.aop.interceptor.SimpleAsyncUncaughtExceptionHandler] - 
ESC[m
java.lang.ClassCastException: class org.eclipse.jgit.transport.TransportHttp 
cannot be cast to class org.eclipse.jgit.transport.SshTransport 
(org.eclipse.jgit.transport.TransportHttp and 
org.eclipse.jgit.transport.SshTransport are in unnamed module of loader 
org.apache.catalina.loader.ParallelWebappClassLoader @41beb473)
at 
org.apereo.cas.git.GitRepositoryBuilder.lambda$buildTransportConfigCallback$0(GitRepositoryBuilder.java:141)
 ~[cas-server-support-git-service-registry-6.1.6.jar:6.1.6]
at 
org.eclipse.jgit.api.TransportCommand.configure(TransportCommand.java:155) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:243) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:296) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
...snip...

and when the scheduled task to refresh the service registry attempts to run:

2020-08-31 11:41:36,914 ERROR 
[org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler] - 
ESC[m
java.lang.ClassCastException: class org.eclipse.jgit.transport.TransportHttp 
cannot be cast to class org.eclipse.jgit.transport.SshTransport 
(org.eclipse.jgit.transport.TransportHttp and 
org.eclipse.jgit.transport.SshTransport are in unnamed module of loader 
org.apache.catalina.loader.ParallelWebappClassLoader @41beb473)
at 
org.apereo.cas.git.GitRepositoryBuilder.lambda$buildTransportConfigCallback$0(GitRepositoryBuilder.java:141)
 ~[cas-server-support-git-service-registry-6.1.6.jar:6.1.6]
at 
org.eclipse.jgit.api.TransportCommand.configure(TransportCommand.java:155) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:243) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:296) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.apereo.cas.git.GitRepository.pull(GitRepository.java:170) 
~[cas-server-support-git-service-registry-6.1.6.jar:6.1.6]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]
at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 ~[?:?]
at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
...snip...


Obviously, there is some error with my configuration, but I am at a dead end.  
Does anyone have any input as to what I have incorrectly in the configuration?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0b17b16c9b54610bb6f8ad9dc1c8993%40mun.ca.

Re: [cas-user] Re: How have you implemented password policies and management?

[Jeremiah Garmatter]

Thank you for the information,

I never thought about it like that. Basically, since they have to change
their passwords every X days, you're saying that people will choose similar
enough passwords that becomes predictable to others over time? The longer a
password lasts, the more secure people are likely to make it. The question
below it (Q-B06) is also interesting to me. I'd have to go through a few
layers to get changes like that made across campus but I think many people
would benefit from it. That seems like more of a long term change to me,
but good to know, thank you for that.

I am wondering if anyone has had luck implementing some sort of password
warning system into CAS though?

-Jeremiah Garmatter, Systems Administrator
-Ohio Northern University, Class of 2020
-Work: 419-772-1074 Cell: 419-672-8685
-j-garmat...@onu.edu


On Sat, Aug 29, 2020 at 11:01 AM Poddar, Amit  wrote:

> Hi,
>
> It is true that asking people to regularly change passwords and enforcing
> naive password complexity requirements like ad-hoc character mixture
> requirements does the exact opposite of people choosing passwords that meet
> those requirements but are easy to guess.
>
> Generally accepted best practice is to enforce a simple password
> complexity requirement that mostly entails
>
>- Password Length (>8)
>- Make sure the password is not easily guessable (to avoid password
>spray attack)
>
> and to enforce a comprehensive and secure multi-factor authentication.
>
> Thanks,
> Amit
> --
> *From:* cas-user@apereo.org  on behalf of Elijah
> Gagne 
> *Sent:* Friday, August 28, 2020 11:32 PM
> *To:* CAS Community 
> *Cc:* j-gar...@onu.edu 
> *Subject:* [cas-user] Re: How have you implemented password policies and
> management?
>
> I'm at a college of a comparable size. A few years ago, we removed the
> requirement for users to change their password. I would check out
> https://pages.nist.gov/800-63-FAQ/#q-b05
> .
>
>
> Regards,
> EWG
> On Friday, August 28, 2020 at 3:38:04 PM UTC-4 j-gar...@onu.edu wrote:
>
>
> Hello,
>
> I am looking for some general information on password policies and
> management.
>
> I am wondering how others have implemented LDAP password expiration
> warnings on their CAS installments (hoping for advice on CAS 6.2, but any
> advice is good). Do you use your LDAP provider's password policy?
> Notifications to email or phone? Intercept attributes with custom scripts?
> Change the login webflow in some way?
>
> How have you had success warning users that their password will expire
> soon (or already has expired) and guiding them to reset their passwords?
> Would you recommend any CAS features over others for password policies and
> management? Also, what size organization are you? I work at a relatively
> small university (~4000 students).
>
> --
> - Website: https://apereo.github.io/cas
> 
> - Gitter Chatroom: https://gitter.im/apereo/cas
> 
> - List Guidelines: https://goo.gl/1VRrw7
> 
> - Contributions: https://goo.gl/mh7qDG
> 
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/33e23fe8-5d91-4dc6-aa81-fb510be108bdn%40apereo.org
> 

RE: [cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)

[King, Robert]

I would suggest moving to CAS version 5.x or greater.  Version 4.x has been end 
of life for some time now.


From: saimir pollogati 
Sent: Monday, August 31, 2020 9:50 AM
To: CAS Community 
Cc: King, Robert 
Subject: Re: [cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)

thank you for your answer,
do you have any suggestion  please,  in what ways or how can I handle this 
problem



Regards,
Saimir


On Monday, August 31, 2020 at 1:54:46 PM UTC+2 
ro...@mun.ca wrote:
CAS v 4.2.7 does not support SAML version 2.  Please see the bottom of this 
webpage for reference.

https://apereo.github.io/cas/4.2.x/protocol/SAML-Protocol.html


From: cas-...@apereo.org  On Behalf Of saimir pollogati
Sent: Monday, August 31, 2020 7:39 AM
To: CAS Community 
Subject: [cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)

Hello!

I am using cas v. 4.2.7,  I use authentication from database and   everything 
works perfect,
now I have to add also  authentication  from idp provider (idp delegation  with 
saml).
After a successful auth on idp login page,  cas  redirect me  on login page 
again
CAS Login link :
 Hyr 
nga e-Test
I did configs as on attached files. I followed cas documentations bud I don't 
know what I am  missing

Any help is welcomed!

Regards
Saimir
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+u...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d56e6db-4f5f-4370-8277-3eab74233010n%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0c8d6fe1e65b4da9bf8d9c465d319c69%40mun.ca.

Re: [cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)

[saimir pollogati]

thank you for your answer,  
do you have any suggestion  please,  in what ways or how can I handle this 
problem



Regards,
Saimir



On Monday, August 31, 2020 at 1:54:46 PM UTC+2 ro...@mun.ca wrote:

> CAS v 4.2.7 does not support SAML version 2.  Please see the bottom of 
> this webpage for reference.
>
>  
>
> https://apereo.github.io/cas/4.2.x/protocol/SAML-Protocol.html
>
>  
>
>  
>
> *From:* cas-...@apereo.org  *On Behalf Of *saimir 
> pollogati
> *Sent:* Monday, August 31, 2020 7:39 AM
> *To:* CAS Community 
> *Subject:* [cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)
>
>  
>
> Hello!
>
>  
>
> I am using cas v. 4.2.7,  I use authentication from database and  
>  everything works perfect,
>
> now I have to add also  authentication  from idp provider (idp delegation  
> with saml). 
>
> After a successful auth on idp login page,  cas  redirect me  on login 
> page again
>
> CAS Login link :
>
> *  href="/cas/login?client_name=SAML2Client_client_redirection=true">Hyr 
> nga e-Test*
>
> I did configs as on attached files. I followed cas documentations bud I 
> don't know what I am  missing 
>
>  
>
> Any help is welcomed!
>
>  
>
> Regards
>
> Saimir
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d56e6db-4f5f-4370-8277-3eab74233010n%40apereo.org
>  
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/56995c5c-a474-4f76-a162-f26c57d08430n%40apereo.org.

[cas-user] Invalid request for SAML 2 Error

[Umut Arus]

Hi,

I'm trying to configure for the first time SAML2.0 for an application but
I'm getting the below ERROR. How can I overcome this?

thanks..

...
2020-08-31 14:59:25,026 DEBUG
[org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder]
- 
2020-08-31 14:59:25,026 DEBUG
[org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder]
- 
2020-08-31 14:59:25,028 DEBUG
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder] - 
2020-08-31 14:59:25,034 DEBUG
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder] - 
2020-08-31 14:59:25,034 *ERROR
*[org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder]
- 


-- 
*UMUT ARUS*
SİSTEM SORUMLUSU
SYSTEM SPECIALIST
--
Sabancı Üniversitesi
Üniversite Caddesi No:27
34956 Orta Mahalle, Tuzla – İstanbul
*T*   0 216 483 91 72
*F*   0 216 483 91 86
* www.sabanciuniv.edu * 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALwryzHdMm_6PUKFLjmMET1FBSdNX0PaHjVJSs%3DMCJj%2BbSr%2Buw%40mail.gmail.com.

RE: [cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)

[King, Robert]

CAS v 4.2.7 does not support SAML version 2.  Please see the bottom of this 
webpage for reference.

https://apereo.github.io/cas/4.2.x/protocol/SAML-Protocol.html


From: cas-user@apereo.org  On Behalf Of saimir pollogati
Sent: Monday, August 31, 2020 7:39 AM
To: CAS Community 
Subject: [cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)

Hello!

I am using cas v. 4.2.7,  I use authentication from database and   everything 
works perfect,
now I have to add also  authentication  from idp provider (idp delegation  with 
saml).
After a successful auth on idp login page,  cas  redirect me  on login page 
again
CAS Login link :
 Hyr 
nga e-Test
I did configs as on attached files. I followed cas documentations bud I don't 
know what I am  missing

Any help is welcomed!

Regards
Saimir
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d56e6db-4f5f-4370-8277-3eab74233010n%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5383e91ce27545ee9778b5857ec98655%40mun.ca.

[cas-user] Re: OIDC with bypassApprovalPrompt

[Charl Thiem]

I have figured it out.

Turns out our external service using OIDC was sending a param to prompt for
consent.
I figured this out by browsing through source code and finding
org.apereo.cas.oidc.web.OidcConsentApprovalViewResolver#isConsentApprovalBypassed.


https://cas.domain.co.za/cas/oidc/authorize?*prompt=consent*_type=
code_uri=https://the-redirect-uri_id=client=
f19fe52f7d988708bb7bcb51f80984d2=27d138365aabe3282e15b4a88999b042&
scope=email offline_access openid

Regards / Groete
*Charl Thiem*
Senior Developer | +27 (0) 21 970 4000 | i...@opencollab.co.za |
www.opencollab.co.za | @opencollab



-- Forwarded message -
From: Charl Thiem 
Date: Tue, Aug 25, 2020 at 1:55 PM
Subject: OIDC with bypassApprovalPrompt
To: 


Hi

I'm using CAS 6.1.7 with OIDC Server
In my service definition I have

{
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "clientId": "client",
  "clientSecret": "secret",
  "serviceId" : "https://the-redirect-uri;,
  "name": "Test",
  "id": 1,
  "supportedResponseTypes":  [ "java.util.HashSet", [ "code" ] ],
  "supportedGrantTypes":  [ "java.util.HashSet", [ "authorization_code" ] ],
  *"bypassApprovalPrompt" : true,*
  "scopes" : [ "java.util.HashSet",
[  "openid", "email", "offline_access"]
  ]
}

But after sign in I still get this prompt
[image: image.png]
Is this screen expected while having bypassApprovalPrompt=true?
I was hoping to avoid this screen.

Regards / Groete
*Charl Thiem*
Senior Developer | +27 (0) 21 970 4000 | i...@opencollab.co.za |
www.opencollab.co.za | @opencollab

-- 


See OpenCollab email disclaimer at 
http://www.opencollab.co.za/email-disclaimer 


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAK5fTW4eQjAL1nfKSwivDXu90utMQ-H2m4fRRb-J%2BJOX%3DTCbLA%40mail.gmail.com.

[cas-user] Re: CAS 4.2.7 Authentication Delegation Problems (PAC4J)

[saimir pollogati]

attached my config files and logs
On Monday, August 31, 2020 at 12:08:47 PM UTC+2 saimir pollogati wrote:

> Hello!
>
> I am using cas v. 4.2.7,  I use authentication from database and  
>  everything works perfect,
> now I have to add also  authentication  from idp provider (idp delegation  
> with saml). 
> After a successful auth on idp login page,  cas  redirect me  on login 
> page again
> CAS Login link :
> *  href="/cas/login?client_name=SAML2Client_client_redirection=true">Hyr 
> nga e-Test*
> I did configs as on attached files. I followed cas documentations bud I 
> don't know what I am  missing 
>
> Any help is welcomed!
>
> Regards
> Saimir
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/19446797-2c2e-4176-97c8-abe00766abd7n%40apereo.org.
# TEST properties #
#
# Licensed to Apereo under one or more contributor license
# agreements. See the NOTICE file distributed with this work
# for additional information regarding copyright ownership.
# Apereo licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file
# except in compliance with the License.  You may obtain a
# copy of the License at the following location:
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#

server.name=https://geotest
#server.name=https://localhost
server.prefix=${server.name}/cas

# security configuration based on IP address to access the /status and 
/statistics pages
cas.securityContext.adminpages.ip=127\.0\.0\.1|0:0:0:0:0:0:0:1|172.24.16.105


##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts.  
This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label so 
long as it is unique in the cluster.
host.name=geotest

##
# JPA Ticket Registry Database Configuration
#
# ticketreg.database.ddl.auto=create-drop
# 
ticketreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
# ticketreg.database.batchSize=10
# ticketreg.database.driverClass=org.hsqldb.jdbcDriver
# ticketreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
# ticketreg.database.user=sa
# ticketreg.database.password=
# ticketreg.database.pool.minSize=6
# ticketreg.database.pool.maxSize=18
# ticketreg.database.pool.maxWait=1
# ticketreg.database.pool.maxIdleTime=120
# ticketreg.database.pool.acquireIncrement=6
# ticketreg.database.pool.idleConnectionTestPeriod=30
# ticketreg.database.pool.connectionHealthQuery=select 1
# ticketreg.database.pool.acquireRetryAttempts=5
# ticketreg.database.pool.acquireRetryDelay=2000
# ticketreg.database.pool.connectionHealthQuery=select 1

##
# JPA Service Registry Database Configuration
#
#svcreg.database.ddl.auto=create
#svcreg.database.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
#svcreg.database.hibernate.batchSize=10
#svcreg.database.driverClass=org.postgresql.Driver
#svcreg.database.url=jdbc:postgresql://localhost:5432/postgres
#svcreg.database.user=postgres
#svcreg.database.password=postgres
#svcreg.database.pool.minSize=6
#svcreg.database.pool.maxSize=18
#svcreg.database.pool.maxWait=1
#svcreg.database.pool.maxIdleTime=120
#svcreg.database.pool.acquireIncrement=6
#svcreg.database.pool.idleConnectionTestPeriod=30
#svcreg.database.pool.connectionHealthQuery=select 1
#svcreg.database.pool.acquireRetryAttempts=5
#svcreg.database.pool.acquireRetryDelay=2000
#svcreg.database.pool.connectionHealthQuery=select 1

##
# CAS SSO Cookie Generation & Security
# See https://github.com/mitreid-connect/json-web-key-generator
#
# Do note that the following settings MUST be generated per deployment.
#
# The encryption secret key. By default, must be a octet string of size 256.
# tgc.encryption.key=

# The signing secret key. By default, must be a octet string of size 512.
# tgc.signing.key=

# Decides whether SSO cookie should be created only under secure connections.
# tgc.secure=true

# The expiration value of the SSO cookie
# tgc.maxAge=-1

# The name of the SSO cookie
# tgc.name=TGC

# The path to which the SSO cookie will be scoped
# tgc.path=/cas

# The expiration value of the SSO cookie for long-term authentications
# tgc.remember.me.maxAge=1209600

# Decides whether SSO Warning 

[cas-user] CAS 4.2.7 Authentication Delegation Problems (PAC4J)

[saimir pollogati]

Hello!

I am using cas v. 4.2.7,  I use authentication from database and  
 everything works perfect,
now I have to add also  authentication  from idp provider (idp delegation  
with saml). 
After a successful auth on idp login page,  cas  redirect me  on login page 
again
CAS Login link :
* Hyr 
nga e-Test*
I did configs as on attached files. I followed cas documentations bud I 
don't know what I am  missing 

Any help is welcomed!

Regards
Saimir

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d56e6db-4f5f-4370-8277-3eab74233010n%40apereo.org.

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

Hi Mr Jérôme LELEU,
Yes I know this configuration but I have inconvenient process when I create
new user.
It means, when I create new user in MongoDB, CAS Overlay can authenticated
new user (I must not restart cas service) but with CAS Management Web App,
I must add this role for new user to user.json file and restart CAS
Management Web App service.
For example:
First:
I have already had one user with username is casuser and password =x1.
I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
Management Web app feature.
Next:
I add new user  with username is casuser2 and password =x2.
I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
But with CAS Management Web App, I need modified user.json file like this

{
 "casuser" : {
   "roles" : [ "ROLE_ADMIN" ]
 },
  "casuser2" : {
   "roles" : [ "ROLE_ADMIN" ]
 },
}

Then restart CAS Management service. After that, I could use this casuser2
account for CAS Management Web App.
It's very inconvenient, thus I hope any way to fix this role for all users.
Please help me.
Thank you in advance.

Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU  đã
viết:

> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file in
> the classpath.
> For example:
>
> {
>  "casuser" : {
>"roles" : [ "ROLE_ADMIN" ]
>  }
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>>
>> Hi,
>>
>> I have succeeded config CAS Overlay template 6.2.x can authenticated user
>> that registed in MongoDB.
>> Here is my config:
>>
>> 1. CAS Properties
>> "name":"cas.authn.mongo.name","value":"users"
>> "name":"cas.authn.mongo.database-name","value":"users"
>> "name":"cas.authn.mongo.collection","value":"users"
>> "name":"cas.authn.mongo.username-attribute","value":"username"
>> "name":"cas.authn.mongo.password-attribute","value":"password"
>> "name":"cas.authn.mongo.user-id","value":"casuser"
>> "name":"cas.authn.mongo.password","value":"Mellon"
>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>> 2. And this is user properties in User collecion
>>
>> "username":"root",
>> "password":"root",
>> "lastname":"VNPT ADMIN",
>> "useremail":"xxx",
>> "usertel":"xxx"
>>
>> But,  I have faced with problem about CAS Management Web App service.
>> Here is CAS Management Web App log:
>>
>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - > authorize access, since the authenticated profile [#CasProfile# | id: root
>> | attributes: {credentialType=UsernamePasswordCredential,
>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
>> authenticationMethod=users, successfulAuthenticationHandlers=users,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
>> not contain any required roles*>
>>
>> Here is my service registry for CAS Manaement Web App:
>>
>> {
>>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>>   "name" : "casManagement",
>>   "id" : 1,
>>   "evaluationOrder" : 1,
>>   "allowedAttributes":["cn","mail"]
>> }
>>
>> CAS server succeed create and authorized access token for user (id =
>> root) but CAS Management missing user's role.
>>
>> I don't know how to assign ROLE for user or indicate user's role fixed in
>> service registry.
>> Please help me.
>> Thank you in advance.
>>
>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com
> 

Re: [cas-user] Redirection after authentication from https to http

[Jérôme LELEU]

Hi,

This redirection relies on: request.getRequestURL()
Do you have some reverse proxy in front of your Tomcat?
Thanks.
Best regards,
Jérôme


Le jeu. 27 août 2020 à 17:20, Joe Manavalan  a
écrit :

> I have cas6.1 deployed and working with cas.authn.pac4j.oauth2. The app
> works fine in my local windows machine on an https port
> When deployed in unix with the same setting [except the url has domain
> name instead of server name] the app after authenticating with the external
> oauth2 provider redirects the url to an http port as shown below
> This is the redirect url configured and get successfully redirected after
> authentication and authorization based on the browser trace
> https://
> :/cas/login/?code==_name=
> It then gets redirected to the below http port instead of the expected
> https port
>
> http//:/cas/login?code==_name=
>
> Is this some configuration in CAS  or need to be investigated on the
> network side ?
> Any help appreciated
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com.

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Jérôme LELEU]

Hi,

You need to add a *users.json* (or *users.yml* in YAML format) file in the
classpath.
For example:

{
 "casuser" : {
   "roles" : [ "ROLE_ADMIN" ]
 }
}


Thanks.
Best regards,
Jérôme


Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte 
a écrit :

>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated user
> that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But,  I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] -  authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
> not contain any required roles*>
>
> Here is my service registry for CAS Manaement Web App:
>
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>   "name" : "casManagement",
>   "id" : 1,
>   "evaluationOrder" : 1,
>   "allowedAttributes":["cn","mail"]
> }
>
> CAS server succeed create and authorized access token for user (id = root)
> but CAS Management missing user's role.
>
> I don't know how to assign ROLE for user or indicate user's role fixed in
> service registry.
> Please help me.
> Thank you in advance.
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com.