[cas-user] How to hide "redirect_url" at loginProviders in CAS login page when used delegated authentication?

2020-09-14 Thread zl anson 
Hi all,
I used CAS to do delegate authenticate to another idp  used saml 
protocal, and this works fine. A thirdparty button will appears in login 
corner and when user clicks, it will generate saml url and redirect to 
idp's login page.
But question is ,when our website are doing audit, the login page's 
source will show the
"redirect_url  ", it include the third party's info, we need hide this and 
do it at backend, how to do this, any help thanks.
   

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/91309bf1-a49a-4bd0-aeab-db4912b9f2f0n%40apereo.org.

[cas-user] Deny the authentication with Google using Pac4j, when the email_verified = [false]

2020-09-14 Thread Fernando Gómez 
Hello, I am writing to see if you can guide me, I need to deny the 
authentication with Google using Pac4j, when the email_verified = [false], 
or when the email does not exist because for example it is private.

Thanks in advance

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1045796-a762-4eff-a55d-7db6baa4300dn%40apereo.org.

Re: [cas-user] [CAS As Authorization Server Problem]

2020-09-14 Thread Ray Bon 
Nguyen,

I am wonder if it is network access. I meant to try
curl "https://ssostandalone.vdc2.com.vn:8443/cas/login

to be sure cas is running correctly. I have not used oauth so maybe you already 
know cas is working correctly.

Ray


On Mon, 2020-09-14 at 23:09 +0700, Nguyen Tran Thanh Lam wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi Ray,
I have tried
root@ssostandalone:~# curl 
"https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https%3A%2F%2Fhello.*;
 | jq
But it still request nothing.
If I use
root@ssostandalone:~# curl 
"https://ssostandalone.vdc2.com.vn:8443/cas/login/oauth2.0/authorize?response_type=code_id=clientid_uri=https%3A%2F%2Fhello.*;
 | jq
It response
{
  "@class": "java.util.LinkedHashMap",
  "timestamp": [
"java.util.Date",
1600099585824
  ],
  "status": 404,
  "error": "Not Found",
  "message": "No message available",
  "path": "/cas/login/oauth2.0/authorize"
}
I thinks URL is https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/ is correct.
Here is my service registry again ( I hope it correct)
{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientid",
  "clientSecret": "clientSecret",
  "serviceId" : "^https://hello.*;,
  "name" : "OAuthService",
  "id" : 100,
  "codeExpirationPolicy": {
"@class": 
"org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthCodeExpirationPolicy",
"numberOfUses": 1,
"timeToLive": "60"
  }
}

Vào Th 2, 14 thg 9, 2020 vào lúc 22:57 Ray Bon 
mailto:r...@uvic.ca>> đã viết:
Nguyen,

Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F

Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login

Ray

On Mon, 2020-09-14 at 22:11 +0700, Nguyen Tran Thanh Lam wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hello Mr Sven Specker
I have tried
1. Using Ubuntu command line like this
root@ssostandalone:~# curl 
'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'
 | jq
End it responses nothing
2. Then I try to use POSTMAN
Like this
[image.png]

And it replies HTML page
I don't know, what are wrong.
Plase help me.
Thank you.



Vào Th 2, 14 thg 9, 2020 vào lúc 16:20 Sven Specker 
mailto:spec...@rz.uni-frankfurt.de>> đã viết:
On 2020-09-14 10:33, Napoleon Ponaparte wrote:
Hi!

> Step 2:
> I request Authorization code like this:
> Request
> curl
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> Response
> [1] 14428
> [2] 14429

That looks like a bash command line. You will need to do

curl
'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'

Otherwise &/*/? are interpreted in the command line and will break the
request.

Here, the 2 "&" caused the command line to spawn 2 background processes
that will try in vain to do anything.

If the screenshot just ate the '' around the curl command, disregard my
comment.

Best regards,

Sven Specker
--
__
*** Sven Specker -- University of Frankfurt Computing Center   ***
*** UNIX System Administration (Auth/IDM) 
* spec...@rz.uni-frankfurt.de [Phone 
(+49)-69-798-15188] *
**
__
Johann Wolfgang Goethe Universitaet
   - Hochschulrechenzentrum -
 Theodor W. Adorno-Platz 1 (PA-1P16)

   D-60323 Frankfurt/Main
__
__ TeX-users do it in {groups}



--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit

Re: [cas-user] [CAS As Authorization Server Problem]

2020-09-14 Thread Nguyen Tran Thanh Lam 
Hi Ray,
I have tried
root@ssostandalone:~# curl "
https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https%3A%2F%2Fhello.*;
| jq
But it still request nothing.
If I use
root@ssostandalone:~# curl "
https://ssostandalone.vdc2.com.vn:8443/cas/login/oauth2.0/authorize?response_type=code_id=clientid_uri=https%3A%2F%2Fhello.*;
| jq
It response
{
  "@class": "java.util.LinkedHashMap",
  "timestamp": [
"java.util.Date",
1600099585824
  ],
  "status": 404,
  "error": "Not Found",
  "message": "No message available",
  "path": "/cas/login/oauth2.0/authorize"
}
I thinks URL is https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/ is
correct.
Here is my service registry again ( I hope it correct)
{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientid",
  "clientSecret": "clientSecret",
  "serviceId" : "^https://hello.*;,
  "name" : "OAuthService",
  "id" : 100,
  "codeExpirationPolicy": {
"@class":
"org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthCodeExpirationPolicy",
"numberOfUses": 1,
"timeToLive": "60"
  }
}

Vào Th 2, 14 thg 9, 2020 vào lúc 22:57 Ray Bon  đã viết:

> Nguyen,
>
> Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F
>
> Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login
>
> Ray
>
> On Mon, 2020-09-14 at 22:11 +0700, Nguyen Tran Thanh Lam wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hello Mr Sven Specker
> I have tried
> 1. Using Ubuntu command line like this
> root@ssostandalone:~# curl '
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'
> | jq
> End it responses nothing
> 2. Then I try to use POSTMAN
> Like this
> [image: image.png]
>
> And it replies HTML page
> I don't know, what are wrong.
> Plase help me.
> Thank you.
>
>
>
> Vào Th 2, 14 thg 9, 2020 vào lúc 16:20 Sven Specker <
> spec...@rz.uni-frankfurt.de> đã viết:
>
> On 2020-09-14 10:33, Napoleon Ponaparte wrote:
> Hi!
>
> > Step 2:
> > I request Authorization code like this:
> > Request
> > curl
> >
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> > Response
> > [1] 14428
> > [2] 14429
>
> That looks like a bash command line. You will need to do
>
> curl
> '
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> '
>
> Otherwise &/*/? are interpreted in the command line and will break the
> request.
>
> Here, the 2 "&" caused the command line to spawn 2 background processes
> that will try in vain to do anything.
>
> If the screenshot just ate the '' around the curl command, disregard my
> comment.
>
> Best regards,
>
> Sven Specker
> --
> __
> *** Sven Specker -- University of Frankfurt Computing Center   ***
> *** UNIX System Administration (Auth/IDM) 
> * spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
> **
> __
>
> Johann Wolfgang Goethe Universitaet
>- Hochschulrechenzentrum -
>  Theodor W. Adorno-Platz 1 (PA-1P16)
>
>D-60323 Frankfurt/Main
> __
> __ TeX-users do it in {groups}
>
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/366b92685260398e5ce9a4117cc58f392b960845.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from

Re: [cas-user] [CAS As Authorization Server Problem]

2020-09-14 Thread Ray Bon 
Nguyen,

Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F

Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login

Ray

On Mon, 2020-09-14 at 22:11 +0700, Nguyen Tran Thanh Lam wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hello Mr Sven Specker
I have tried
1. Using Ubuntu command line like this
root@ssostandalone:~# curl 
'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'
 | jq
End it responses nothing
2. Then I try to use POSTMAN
Like this
[image.png]

And it replies HTML page
I don't know, what are wrong.
Plase help me.
Thank you.



Vào Th 2, 14 thg 9, 2020 vào lúc 16:20 Sven Specker 
mailto:spec...@rz.uni-frankfurt.de>> đã viết:
On 2020-09-14 10:33, Napoleon Ponaparte wrote:
Hi!

> Step 2:
> I request Authorization code like this:
> Request
> curl
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> Response
> [1] 14428
> [2] 14429

That looks like a bash command line. You will need to do

curl
'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'

Otherwise &/*/? are interpreted in the command line and will break the
request.

Here, the 2 "&" caused the command line to spawn 2 background processes
that will try in vain to do anything.

If the screenshot just ate the '' around the curl command, disregard my
comment.

Best regards,

Sven Specker
--
__
*** Sven Specker -- University of Frankfurt Computing Center   ***
*** UNIX System Administration (Auth/IDM) 
* spec...@rz.uni-frankfurt.de [Phone 
(+49)-69-798-15188] *
**
__
Johann Wolfgang Goethe Universitaet
   - Hochschulrechenzentrum -
 Theodor W. Adorno-Platz 1 (PA-1P16)

   D-60323 Frankfurt/Main
__
__ TeX-users do it in {groups}



--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/366b92685260398e5ce9a4117cc58f392b960845.camel%40uvic.ca.

Re: [cas-user] CAS 6.2.1: InvalidTicketException after Login with OIDC

2020-09-14 Thread Ray Bon 
Frederik,

This sounds like something that could be fixed with user education. Why would a 
user bookmark a log in page?

cas.view.default-redirect-url will only be triggered if no service is provided.

Ray

On Mon, 2020-09-14 at 05:16 -0700, 'Frederik B.' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

We use CAS as an OIDC Provider for our service. After upgrading from 6.0 to 6.2 
we received reports from some of our users that they weren't able to login 
anymore but were presented an error page with a 
org.apereo.cas.ticket.InvalidTicketException.
We found that the users reporting the problem use a bookmark of the CAS Login 
URL 
https://www.example.com/cas/login?service=https%3A%2F%2Fwww.example.com%2Fcas%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D123%26redirect_uri%3Dhttps%253A%252F%252Fwww.example.com%252Fmyservice%252Flogin%252Foauth2%252Fcode%252Fcas-oidc%26response_type%3Dcode%26client_name%3DCasOAuthClient
 to reach our service. This causes the 
OAuth20CallbackAuthorizeEndpointController to redirect the request to the 
default value 'context.getFullRequestURL()' because the actual service URL was 
not previously stored by the SavedRequestHandler. Since 
context.getFullRequestURL() returns '/oauth2.0/callbackAuthorize' with the 
current Service Ticket as URL parameter, the redirect results in an 
InvalidTicketException because the Service Ticket was already consumed by the 
previous request.
In CAS 6.0 bookmarking /cas/login worked for us because the default behavior 
was a redirect to '/' which is configured to redirect to our service on our 
side.
I understand, that redirecting to '/' may not be generally useful behavior but 
the current default of 'context.getFullRequestURL()' seems worse, since it 
immediately fails. Wouldn't the 'cas.view.default-redirect-url' (if set) or 
'cas/login' be better defaults?


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/59319c77523f3667017cf66853ac0ec16f725035.camel%40uvic.ca.

[cas-user] RE: CAS 6.1 git service registry

2020-09-14 Thread King, Robert 
I found the solution to my configuration issues.  The service registry Git 
option is using SSH to do git pull/push as the tomcat user.  For the system to 
work properly you should setup your tomcat user to be able to do git push/pull 
via console.  I had to set up that user with a SSH key pair and then setup the 
public key in the per repository key.

Final cas.properties entries:

# ==
# Service registry
# ==
#
# JSON registry
cas.serviceRegistry.init-from-json=false
#
# Git repo as supported by cas-management
cas.serviceRegistry.git.repositoryUrl=https:///cas/casServices.git
cas.serviceRegistry.git.cloneDirectory=file:/etc/cas/services-repo


And a tomcat user setup with SSH keys in both on system home directory and on 
the git repository.


From: cas-user@apereo.org  On Behalf Of King, Robert
Sent: Monday, August 31, 2020 12:01 PM
To: CAS Community 
Subject: [cas-user] CAS 6.1 git service registry

Attempting to implement the service registry via GIT on CAS 6.1.  Using the 
following settings:

# ==
# Service registry
# ==
cas.service-registry.initFromJson=false
# Git repo as supported by cas-management
cas.serviceRegistry.git.repositoryUrl=https:///cas/casServices.git
cas.serviceRegistry.git.branchesToClone=master
cas.serviceRegistry.git.activeBranch=master
cas.serviceRegistry.git.username=
cas.serviceRegistry.git.password=
cas.serviceRegistry.git.cloneDirectory=file:/tmp/casServices
cas.serviceRegistry.git.pushChanges=false
cas.serviceRegistry.git.timeout=PT10S
# cas.serviceRegistry.git.privateKeyPassphrase=
# cas.serviceRegistry.git.privateKeyPath=
# cas.serviceRegistry.git.sshSessionPassword=


When the CAS server starts up I get the following error:

[2020-08-31 11:41:17,208 ERROR 
[org.springframework.aop.interceptor.SimpleAsyncUncaughtExceptionHandler] - 
ESC[m
java.lang.ClassCastException: class org.eclipse.jgit.transport.TransportHttp 
cannot be cast to class org.eclipse.jgit.transport.SshTransport 
(org.eclipse.jgit.transport.TransportHttp and 
org.eclipse.jgit.transport.SshTransport are in unnamed module of loader 
org.apache.catalina.loader.ParallelWebappClassLoader @41beb473)
at 
org.apereo.cas.git.GitRepositoryBuilder.lambda$buildTransportConfigCallback$0(GitRepositoryBuilder.java:141)
 ~[cas-server-support-git-service-registry-6.1.6.jar:6.1.6]
at 
org.eclipse.jgit.api.TransportCommand.configure(TransportCommand.java:155) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:243) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:296) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
…snip…

and when the scheduled task to refresh the service registry attempts to run:

2020-08-31 11:41:36,914 ERROR 
[org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler] - 
ESC[m
java.lang.ClassCastException: class org.eclipse.jgit.transport.TransportHttp 
cannot be cast to class org.eclipse.jgit.transport.SshTransport 
(org.eclipse.jgit.transport.TransportHttp and 
org.eclipse.jgit.transport.SshTransport are in unnamed module of loader 
org.apache.catalina.loader.ParallelWebappClassLoader @41beb473)
at 
org.apereo.cas.git.GitRepositoryBuilder.lambda$buildTransportConfigCallback$0(GitRepositoryBuilder.java:141)
 ~[cas-server-support-git-service-registry-6.1.6.jar:6.1.6]
at 
org.eclipse.jgit.api.TransportCommand.configure(TransportCommand.java:155) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:243) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.eclipse.jgit.api.PullCommand.call(PullCommand.java:296) 
~[org.eclipse.jgit-5.5.1.201910021850-r.jar:5.5.1.201910021850-r]
at org.apereo.cas.git.GitRepository.pull(GitRepository.java:170) 
~[cas-server-support-git-service-registry-6.1.6.jar:6.1.6]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]
at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 ~[?:?]
at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
…snip…


Obviously, there is some error with my configuration, but I am at a dead end.  
Does anyone have any input as to what I have incorrectly in the configuration?

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving

Re: [cas-user] how to config CAS in Java code?

2020-09-14 Thread Ray Bon 
James

There is the spring configuration server, 
https://apereo.github.io/cas/6.1.x/configuration/Configuration-Server-Management.html

Is this what you mean?

Ray

On Mon, 2020-09-14 at 02:12 -0700, jm wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi,

We have a configuration center service in our company, who holds every 
application's configuraions. I have to use this configuration service because 
it's very hard to use a configuration file on our K8S cluster.

Is there any way to convert those settings from our configuration server to CAS 
configruation properties?

James

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f2218608147062e208f702d618b976bbf44b5d8b.camel%40uvic.ca.

Re: [cas-user] [CAS As Authorization Server Problem]

2020-09-14 Thread Nguyen Tran Thanh Lam 
Hello Mr Sven Specker
I have tried
1. Using Ubuntu command line like this
root@ssostandalone:~# curl '
https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'
| jq
End it responses nothing
2. Then I try to use POSTMAN
Like this
[image: image.png]

And it replies HTML page
I don't know, what are wrong.
Plase help me.
Thank you.



Vào Th 2, 14 thg 9, 2020 vào lúc 16:20 Sven Specker <
spec...@rz.uni-frankfurt.de> đã viết:

> On 2020-09-14 10:33, Napoleon Ponaparte wrote:
> Hi!
>
> > Step 2:
> > I request Authorization code like this:
> > Request
> > curl
> >
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> > Response
> > [1] 14428
> > [2] 14429
>
> That looks like a bash command line. You will need to do
>
> curl
> '
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> '
>
> Otherwise &/*/? are interpreted in the command line and will break the
> request.
>
> Here, the 2 "&" caused the command line to spawn 2 background processes
> that will try in vain to do anything.
>
> If the screenshot just ate the '' around the curl command, disregard my
> comment.
>
> Best regards,
>
> Sven Specker
> --
> __
> *** Sven Specker -- University of Frankfurt Computing Center   ***
> *** UNIX System Administration (Auth/IDM) 
> * spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
> **
> __
>
> Johann Wolfgang Goethe Universitaet
>- Hochschulrechenzentrum -
>  Theodor W. Adorno-Platz 1 (PA-1P16)
>
>D-60323 Frankfurt/Main
> __
> __ TeX-users do it in {groups}
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAhG1kz-dGME_9e6RRsP8ESyCespC02d2faVzDHdDo7BJQ%40mail.gmail.com.

[cas-user] CAS 6.2.1: InvalidTicketException after Login with OIDC

2020-09-14 Thread 'Frederik B.' via CAS Community 
 We use CAS as an OIDC Provider for our service. After upgrading from 6.0 
to 6.2 we received reports from some of our users that they weren't able to 
login anymore but were presented an error page with a 
org.apereo.cas.ticket.InvalidTicketException.
We found that the users reporting the problem use a bookmark of the CAS 
Login URL 
https://www.example.com/cas/login?service=https%3A%2F%2Fwww.example.com%2Fcas%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D123%26redirect_uri%3Dhttps%253A%252F%252Fwww.example.com%252Fmyservice%252Flogin%252Foauth2%252Fcode%252Fcas-oidc%26response_type%3Dcode%26client_name%3DCasOAuthClient
 
to reach our service. This causes the 
OAuth20CallbackAuthorizeEndpointController to redirect the request to the 
default value 'context.getFullRequestURL()' because the actual service URL 
was not previously stored by the SavedRequestHandler. Since 
context.getFullRequestURL() returns '/oauth2.0/callbackAuthorize' with the 
current Service Ticket as URL parameter, the redirect results in an 
InvalidTicketException because the Service Ticket was already consumed by 
the previous request.
In CAS 6.0 bookmarking /cas/login worked for us because the default 
behavior was a redirect to '/' which is configured to redirect to our 
service on our side.
I understand, that redirecting to '/' may not be generally useful behavior 
but the current default of 'context.getFullRequestURL()' seems worse, since 
it immediately fails. Wouldn't the 'cas.view.default-redirect-url' (if set) 
or 'cas/login' be better defaults?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dcb9ffeb-2024-4e0d-a824-d5bc8c657ab4n%40apereo.org.

[cas-user] CAS 5.3.8 EhCache & DiskStorage Problem

2020-09-14 Thread Artur Stöcklin 
Hi Community

Currently we use the CAS in version 5.3.8. There are two instances which 
share tickets through the ehcache (version 2.10.5). The CAS gets his 
property data from the cas config server. The problem we are facing applies 
to the EhCache disk storage.

Unfortunately the tickets are not saved to disk although disk overflow is 
configured. I have spent some time with debugging but currently I am not 
able to find the problem.
The ehcache ticket registry works well in memory but as soon as the memory 
max ticket size is reached the tickets will be deleted from memory. the 
configured storage on disk stays empty without any cache file.

here is the ehcache configuration from the cas config server:

*## CAS EhCache Parameters*
cas.ticket.registry.ehcache.replicateUpdatesViaCopy=true
#cas.ticket.registry.ehcache.cacheManagerName=ehCacheTicketRegistryCache
cas.ticket.registry.ehcache.cacheManagerName=ehcacheTicketCacheManager
cas.ticket.registry.ehcache.replicatePuts=true
cas.ticket.registry.ehcache.replicateUpdates=true
cas.ticket.registry.ehcache.memoryStoreEvictionPolicy=LRU
cas.ticket.registry.ehcache.configLocation=classpath:/xy/fakedomain/config/${environment.target}/${xy.fakedomain.node.id}/ehcache-replicated.xml
cas.ticket.registry.ehcache.maximumBatchSize=100
cas.ticket.registry.ehcache.shared=true
cas.ticket.registry.ehcache.replicationInterval=1
#cas.ticket.registry.ehcache.cacheTimeToLive=15724800
cas.ticket.registry.ehcache.diskExpiryThreadIntervalSeconds=240
cas.ticket.registry.ehcache.replicateRemovals=true
cas.ticket.registry.ehcache.maxChunkSize=500
cas.ticket.registry.ehcache.maxElementsOnDisk=10
#cas.ticket.registry.ehcache.maxElementsInCache=5
cas.ticket.registry.ehcache.maxElementsInMemory=1
cas.ticket.registry.ehcache.eternal=false
cas.ticket.registry.ehcache.loaderAsync=true
cas.ticket.registry.ehcache.replicatePutsViaCopy=true
#cas.ticket.registry.ehcache.cacheTimeToIdle=604800
cas.ticket.registry.ehcache.persistence=DISTRIBUTED
cas.ticket.registry.ehcache.synchronousWrites=false

*ehcache-replicated.xml (one of both files)*
http://www.w3.org/2001/XMLSchema-instance;
 xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd;>



   







*Logfile 1 - set to log net.sf.ehcache*
attached as file ehcache.log

*Logfile 2 - set to log *
*org.apereo.cas.config.EhcacheTicketRegistryConfiguration*
*org.apereo.cas.config.EhcacheTicketRegistryTicketCatalogConfiguration*
*org.apereo.cas.ticket.registry*
attached as file ehcacheCas.log

Any help would be very appreciated
Many thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/93ff7025-2a5d-4625-b864-58a7049c3931n%40apereo.org.
2020-09-14 11:47:22,248 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 
2020-09-14 11:47:22,624 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 
2020-09-14 11:47:22,624 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:22,624 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:22,625 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:22,625 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:22,625 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:22,625 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:22,625 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:22,625 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,198 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 
2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 
2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,222 DEBUG 
[org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 

2020-09-14 11:47:26,222 DEBUG

[cas-user] how to config CAS in Java code?

2020-09-14 Thread jm 
Hi, 

We have a configuration center service in our company, who holds every 
application's configuraions. I have to use this configuration service 
because it's very hard to use a configuration file on our K8S cluster.

Is there any way to convert those settings from our configuration server to 
CAS configruation properties?

James

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e51ac407-46d2-408c-90f8-9fa083c39a25n%40apereo.org.

Re: [cas-user] [CAS As Authorization Server Problem]

2020-09-14 Thread Sven Specker 

On 2020-09-14 10:33, Napoleon Ponaparte wrote:
Hi!


Step 2:
I request Authorization code like this:
Request
curl 
https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*

Response
[1] 14428
[2] 14429


That looks like a bash command line. You will need to do

curl 
'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'


Otherwise &/*/? are interpreted in the command line and will break the 
request.


Here, the 2 "&" caused the command line to spawn 2 background processes 
that will try in vain to do anything.


If the screenshot just ate the '' around the curl command, disregard my 
comment.


Best regards,

Sven Specker
--
__
*** Sven Specker -- University of Frankfurt Computing Center   ***
*** UNIX System Administration (Auth/IDM) 
* spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
**
__  
Johann Wolfgang Goethe Universitaet
   - Hochschulrechenzentrum -
 Theodor W. Adorno-Platz 1 (PA-1P16)

   D-60323 Frankfurt/Main
__
__ TeX-users do it in {groups}

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8287d684-6b1e-0f3b-d2bc-d451b299946f%40rz.uni-frankfurt.de.


smime.p7s
Description: S/MIME Cryptographic Signature

[cas-user] How can i set cas servises (defined in json file) to use indexed auth: cas.authn.ldap[x] ?

2020-09-14 Thread artur mis 
Hello: 

 I have got :
cas.authn.ldap[0]
etc for index 0
and 
cas.authn.ldap[1]
etc for index 1

service  A  I want that use  definistion in index 0. This one is  defined 
for let say wab page A
service B  i want that it use aut deinfied in index 1. This one is definded 
lets say for wab service B. In all services thera are other users from 
difrent groups in AD.

-- 
AM

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/733d140a-d53f-49bb-b93b-c201c37311cfn%40apereo.org.

[cas-user] [CAS As Authorization Server Problem]

2020-09-14 Thread Napoleon Ponaparte 
Hi, 
I am using CAS Apereo version 6.1.7 and I want to user CAS server as 
Authorization server.
Here is my service registry:
Step 1:
Register service
cat /etc/cas/services-repo/MyOAuthservice-100.json
{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientid",
  "clientSecret": "clientSecret",
  "serviceId" : "^https://hello.*;,
  "name" : "MyOAuthservice",
  "id" : 100,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}
Step 2:
I request Authorization code like this:
Request
curl 
https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
Response
[1] 14428
[2] 14429
[image: author1.PNG]
Step 3: 
Request access token
root@ssostandalone:~# curl 
https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/accessToken?grant_type=authorization_code_id=clientid_secret=clientSecret=14429_uri=https://hello.*
Response
{"@class":"java.util.LinkedHashMap","timestamp":["java.util.Date",1600072348620],"status":401,"error":"Unauthorized","message":"No
 
message available","path":"/cas/oauth2.0/accessToken"}
I don't know what is wrong.
Thank you in advance.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e2bab2f-0dfc-452d-97a4-a6023259ba34n%40apereo.org.