Re: [cas-user] CAS 5.0.x newer ldaptive?

['Richard Frovarp' via CAS Community]

For the Duo jar, you should put them in your own local repo? Or maybe the cache 
dir? I know that by default it feels like you have to hunt through a  variety 
of external repos to find that dependency. I run a local Nexus install for us 
so I only have to hunt down once.

For the LDAP problems, I think on the Shib list they say don't use the JNDI 
LDAP connector, in particular with JDK 11. But even then, I don't think the 1.8 
JNDI provider is that great. So, you may be able to move over to the UnboundID 
provider and have better success? To determine what version is being used, I 
would recommend looking at what is in your resulting build artifact. I'm 
building to a war, and therefore the place for me to look to see what is being 
placed in the war file. So if the file is present in the lib dir where you are 
running it, it might be using. I don't remember if there is an authoritative 
way the JRE loads libs or not. I generally assume that if there are two in the 
classpath, it is going to randomly load out of one of them. It's probably 
deterministic in some way, but if you have to ask about load order, you're 
probably in a space you don't want to be in.

I know that with overlays I've had trouble getting the version I want to be the 
only one. I don't think the normal Maven rules for dependency versions fully 
apply for overlays. You're best off putting excludes in to ensure the version 
you don't want is excluded.

You can also exclude out of the overlay, and I see that I'm doing that. I just 
don't remember why I'm doing that. I have spring and log4j in those excludes. 
I'm excluding Duo out of a normal dependency section. I have a different GAV 
bringing that dependency in.

We're using the UnboundID provider.

From: cas-user@apereo.org  on behalf of Baron Fujimoto 

Sent: Wednesday, January 27, 2021 19:06
To: CAS Users 
Subject: [cas-user] CAS 5.0.x newer ldaptive?

I'm working with Oracle to troubleshoot a bug we've encountered with their JDK 
(1.8u231+) and LDAP errors. According to their analysis, they're claiming that 
the problem lies with the ldaptive library being used by this old (I know) 
version of CAS. More specifically that the subsequent JDKs adhere to spec, and 
the ldaptive library appears to be testing for unspecified behaviour. They are 
recommending I try a newer version of the ldaptive library which does not 
appear to have the same code.

I added the following to our pom.xml:


org.ldaptive
ldaptive
2.0.1


When I ran "mvn clean package" I think it looked like it was including the 
2.0.1 version of ldaptive in the build. However, it seems like I'm still seeing 
LDAP problems. When I try to login, it will often result in the errors such as 
the following being logged:

2021-01-27 12:10:56,974 DEBUG 
[org.apereo.cas.authentication.LdapAuthenticationHandler] - 
2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] - 

2021-01-27 12:10:56,989 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


Eventually the validation succeeds, then so does the authentication.

How can I verify which version of ldaptive is being used by CAS? I don't think 
I saw anything indicating this in the logs. If I search for ldaptive in my 
overlay work directory I find the following:

=
$ grep -ilr ldaptive .
./target/cas.war
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/classes/log4j2.xml
./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar
./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar
./pom.xml
./etc/cas/config/log4j2.xml
=

I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but also 
ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions are always 
present after the build even if I delete them first, so something must be 
re-including them. How can I ensure that the new ldaptive is used in place of 
the old one?

Unrelated, but I'm also seeing the following errors in the build now that 
weren't present when I originally built this long ago:

Downloading: 
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata 
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to 
spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized , 
ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer 
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from 

[cas-user] CAS 5.0.x newer ldaptive?

[Baron Fujimoto]

I'm working with Oracle to troubleshoot a bug we've encountered with their
JDK (1.8u231+) and LDAP errors. According to their analysis, they're
claiming that the problem lies with the ldaptive library being used by this
old (I know) version of CAS. More specifically that the subsequent JDKs
adhere to spec, and the ldaptive library appears to be testing for
unspecified behaviour. They are recommending I try a newer version of the
ldaptive library which does not appear to have the same code.

I added the following to our pom.xml:


org.ldaptive
ldaptive
2.0.1


When I ran "mvn clean package" I think it looked like it was including the
2.0.1 version of ldaptive in the build. However, it seems like I'm still
seeing LDAP problems. When I try to login, it will often result in the
errors such as the following being logged:

2021-01-27 12:10:56,974 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - 
2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] -

2021-01-27 12:10:56,989 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -


Eventually the validation succeeds, then so does the authentication.

How can I verify which version of ldaptive is being used by CAS? I don't
think I saw anything indicating this in the logs. If I search for ldaptive
in my overlay work directory I find the following:

=
$ grep -ilr ldaptive .
./target/cas.war
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/classes/log4j2.xml
./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar
./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar
./pom.xml
./etc/cas/config/log4j2.xml
=

I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but
also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions
are always present after the build even if I delete them first, so
something must be re-including them. How can I ensure that the new ldaptive
is used in place of the old one?

Unrelated, but I'm also seeing the following errors in the build now that
weren't present when I originally built this long ago:

Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from
https://repo.spring.io/libs-snapshot was cached in the local repository,
resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error:
Could not transfer metadata
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from https://repo.spring.io/libs-snapshot was cached in the local
repository, resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error:
Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from https://repo.spring.io/libs-snapshot was cached in the local
repository, resolution will not be reattempted until the update interval of
spring-libs-snapshots 

[cas-user] CAS 6.1.* / OAuth and RSA Signing JWT token configuration

[Cédric Soret]

Hello,

I'm facing an issue. I'm trying to configure OAuth JWT access tokens for 
one service signed with RSA (RS512) but keeping the payload unencrypted.
Current tokens signed with HS512 work fine actually.

Do someone know a proper way to achieve that goal please ?  

Here are some configs samples :

# OAuth token
cas.authn.oauth.crypto.encryption.key=Xt- ...  vCuVdT_URQ
cas.authn.oauth.crypto.signing.key
=file:/etc/cas/config/svmlx-cas-dev_private.key
cas.authn.oauth.crypto.alg=??? A256GCM | RSA | RS512
cas.authn.oauth.crypto.enabled=false
cas.authn.oauth.crypto.signingEnabled=true
cas.authn.oauth.crypto.encryptionEnabled=false

cas.authn.oauth.accessToken.crypto.encryption.key=Xt-YRnk ... URQ
cas.authn.oauth.accessToken.crypto.signing.key
=file:/etc/cas/config/private.key
cas.authn.oauth.accessToken.crypto.alg=A256GCM
cas.authn.oauth.accessToken.crypto.enabled=false
cas.authn.oauth.accessToken.crypto.signingEnabled=true
cas.authn.oauth.accessToken.crypto.encryptionEnabled=false

Thank you in advance.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/aa07cb9f-d829-4487-a107-ec491da5af06n%40apereo.org.

Re: [cas-user] duo-client missing again!

[Andrew Marker]

Thanks Ray.  I'll give it a try, I did get 6.3 to build this morning 
locally.  I have something to compare it to if it continues to fail in my 
build env.

On Tuesday, January 26, 2021 at 4:02:13 PM UTC-6 Ray Bon wrote:

> Andrew,
>
> To see the project dependencies (and isolate references to duo):
> ./gradlew -q dependencies | grep -i duo
>
> I have duo-client:0.2.2 in cas 6.2.4. It looks to be needed since it is 
> included in a number of duo dependencies.
>
> I am including duo with:
>
> implementation 
> "org.apereo.cas:cas-server-support-duo:${project.'cas.version'}"
>
> Right now my build is in disrepair so I can not test for your particular 
> problem (and since it built last week, I would have the package locally).
>
> You can try to exclude it like this (taken from 
> https://docs.gradle.org/current/userguide/dependency_downgrade_and_exclude.html
> ):
> implementation('commons-beanutils:commons-beanutils:1.9.4') {
> exclude group: 'commons-collections', module: 'commons-collections'
> }
>
> Ray
>
> On Tue, 2021-01-26 at 12:27 -0800, Andrew Marker wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> Hey all,
>
> I'm moving from 5.3.x to 6.3.x and new to Gradle. It is super easy to pick 
> up, however, I lack the experience in troubleshooting issues as they come 
> up.
>
> Yesterday and today, I started to see a failure when using the CAS Overlay 
> and doing a clean build.
> https://jcenter.bintray.com/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
>  
> not found  --  It's definitely not there at the moment.
>
> I've tried v6.2.7, v6.3.0, v6.3.1 and v 6.2.5
>
> I've copied it locally to my .m2/repository  and i can get it to compile, 
> but I feel as though it's something there should either be a more graceful 
> way to correct in the properties files or within the dependencies. 
>
> Any suggestions?  I'd be grateful for the feedback.
>
> Andrew Marker
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/53fc3cbf-2878-4199-95e2-008a8c619e55n%40apereo.org.

Re: [cas-user] CAS Authentication by PKE usb token

[Ray Bon]

That is exactly what I am planning to do. Here is hoping management gives me 
the time.

Ray

On Wed, 2021-01-27 at 11:21 -0800, Meysam Shirazi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Thanks,
As you know all of MFA providers are implemented in separate packages in 
support category, so they 
can be added(activate) as a dependencies to the main project as a separate 
modules.  Is it possible to build a custom MFA provider as a new module just 
like other providers?

On Wednesday, January 27, 2021 at 8:43:58 PM UTC+3:30 Ray Bon wrote:
Meysam,

Here are some resources on custom MFA:
https://fawnoos.com/2016/10/19/mfacas5-extcfg/
https://fawnoos.com/2018/06/19/cas53webflow-extensions/

and mix those with the cas documentation.

I am looking into a custom MFA flow now. I will let you know my progress.

Ray

On Wed, 2021-01-27 at 03:06 -0800, Meysam Shirazi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

OK, it seems that using custom webflow is not a good idea for some one how is 
not "one must possess a reasonable level of understanding of the webflow’s 
internals and injection policies."
So is it a clear way to develop a new CAS module(Authentication Method or MFA) 
with Webflow Auto Configuration?

On Tuesday, January 26, 2021 at 7:56:15 PM UTC+3:30 Ray Bon wrote:
Meysam,

There is custom webflow, 
https://apereo.github.io/cas/6.3.x/webflow/Webflow-Customization.html, for 
changing or adding steps/pages to the log in steps.

Ray

On Mon, 2021-01-25 at 23:48 -0800, Meysam Shirazi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Thanks Ray for your reply.
OK, It's a good idea. I found Custom Authentication Strategies here 
:https://apereo.github.io/cas/6.3.x/installation/Configuring-Custom-Authentication.html
 so it says I can do it in 3 steps:

  1.  Design the authentication handler.
  2.  Register the authentication handler with the CAS authentication engine.
  3.  Let CAS to recognize the authentication configuration.

that's all about authentication handler but what's about custom login page (may 
contains a random from backend for sign)? is that any way to customize other 
authentication components just like authentication handler?

Meysam
On Monday, January 25, 2021 at 8:25:03 PM UTC+3:30 Ray Bon wrote:
Meysam,

Start with reviewing Authentication|Methods and Multifactor Authentication in  
cas docs, https://apereo.github.io/cas/6.3.x/index.html.
There are a lot of options, one of which is custom where you write groovy 
scripts (instead of modifying or adding to cas code).

Ray

On Sat, 2021-01-23 at 01:22 -0800, Meysam Shirazi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hello every one
I'm looking for a way to develop a solution bade on Apereo CAS to authenticate 
user by PKI enabled usb token like this 
one(https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token).
I will appreciate any help to do that.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Re: [cas-user] CAS Authentication by PKE usb token

[Meysam Shirazi]

Thanks,
As you know all of MFA providers are implemented in separate packages in 
support  category, so 
they can be added(activate) as a dependencies to the main project as a 
separate modules.  Is it possible to build a custom MFA provider as a new 
module just like other providers? 

On Wednesday, January 27, 2021 at 8:43:58 PM UTC+3:30 Ray Bon wrote:

> Meysam,
>
> Here are some resources on custom MFA:
> https://fawnoos.com/2016/10/19/mfacas5-extcfg/
> https://fawnoos.com/2018/06/19/cas53webflow-extensions/
>
> and mix those with the cas documentation.
>
> I am looking into a custom MFA flow now. I will let you know my progress.
>
> Ray
>
> On Wed, 2021-01-27 at 03:06 -0800, Meysam Shirazi wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
> OK, it seems that using custom webflow is not a good idea for some one how 
> is not "*one must possess a reasonable level of understanding of the 
> webflow’s internals and injection policies*."  
> So is it a clear way to develop a new CAS module(Authentication Method or 
> MFA) with Webflow Auto Configuration?
>
> On Tuesday, January 26, 2021 at 7:56:15 PM UTC+3:30 Ray Bon wrote:
>
> Meysam,
>
> There is custom webflow, 
> https://apereo.github.io/cas/6.3.x/webflow/Webflow-Customization.html, 
> for changing or adding steps/pages to the log in steps.
>
> Ray
>
> On Mon, 2021-01-25 at 23:48 -0800, Meysam Shirazi wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
> Thanks Ray for your reply. 
> OK, It's a good idea. I found Custom Authentication Strategies here :
> https://apereo.github.io/cas/6.3.x/installation/Configuring-Custom-Authentication.html
>  so 
> it says I can do it in 3 steps:
>
>1. Design the authentication handler.
>2. Register the authentication handler with the CAS authentication 
>engine.
>3. Let CAS to recognize the authentication configuration.
>
> that's all about authentication handler but what's about custom login page 
> (may contains a random from backend for sign)? is that any way to customize 
> other authentication components just like authentication handler?
>
> Meysam
> On Monday, January 25, 2021 at 8:25:03 PM UTC+3:30 Ray Bon wrote:
>
> Meysam,
>
> Start with reviewing Authentication|Methods and Multifactor Authentication 
> in  cas docs, https://apereo.github.io/cas/6.3.x/index.html.
> There are a lot of options, one of which is custom where you write groovy 
> scripts (instead of modifying or adding to cas code).
>
> Ray
>
> On Sat, 2021-01-23 at 01:22 -0800, Meysam Shirazi wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> Hello every one 
> I'm looking for a way to develop a solution bade on Apereo CAS to 
> authenticate user by PKI enabled usb token like this one(
> https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token
> ).
> I will appreciate any help to do that.
>
> -- 
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>
> -- 
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/48c282dd-7b6e-422e-a47d-164a44a01bdcn%40apereo.org.

Re: [cas-user] CAS Authentication by PKE usb token

[Ray Bon]

Meysam,

Here are some resources on custom MFA:
https://fawnoos.com/2016/10/19/mfacas5-extcfg/
https://fawnoos.com/2018/06/19/cas53webflow-extensions/

and mix those with the cas documentation.

I am looking into a custom MFA flow now. I will let you know my progress.

Ray

On Wed, 2021-01-27 at 03:06 -0800, Meysam Shirazi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

OK, it seems that using custom webflow is not a good idea for some one how is 
not "one must possess a reasonable level of understanding of the webflow’s 
internals and injection policies."
So is it a clear way to develop a new CAS module(Authentication Method or MFA) 
with Webflow Auto Configuration?

On Tuesday, January 26, 2021 at 7:56:15 PM UTC+3:30 Ray Bon wrote:
Meysam,

There is custom webflow, 
https://apereo.github.io/cas/6.3.x/webflow/Webflow-Customization.html, for 
changing or adding steps/pages to the log in steps.

Ray

On Mon, 2021-01-25 at 23:48 -0800, Meysam Shirazi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Thanks Ray for your reply.
OK, It's a good idea. I found Custom Authentication Strategies here 
:https://apereo.github.io/cas/6.3.x/installation/Configuring-Custom-Authentication.html
 so it says I can do it in 3 steps:

  1.  Design the authentication handler.
  2.  Register the authentication handler with the CAS authentication engine.
  3.  Let CAS to recognize the authentication configuration.

that's all about authentication handler but what's about custom login page (may 
contains a random from backend for sign)? is that any way to customize other 
authentication components just like authentication handler?

Meysam
On Monday, January 25, 2021 at 8:25:03 PM UTC+3:30 Ray Bon wrote:
Meysam,

Start with reviewing Authentication|Methods and Multifactor Authentication in  
cas docs, https://apereo.github.io/cas/6.3.x/index.html.
There are a lot of options, one of which is custom where you write groovy 
scripts (instead of modifying or adding to cas code).

Ray

On Sat, 2021-01-23 at 01:22 -0800, Meysam Shirazi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hello every one
I'm looking for a way to develop a solution bade on Apereo CAS to authenticate 
user by PKI enabled usb token like this 
one(https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token).
I will appreciate any help to do that.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0ee7774628f7de2e1fea97407da8c14822f0bbd7.camel%40uvic.ca.

Re: [cas-user] CAS Authentication by PKE usb token

[Meysam Shirazi]

OK, it seems that using custom webflow is not a good idea for some one how 
is not "*one must possess a reasonable level of understanding of the 
webflow’s internals and injection policies*." 
So is it a clear way to develop a new CAS module(Authentication Method or 
MFA) with Webflow Auto Configuration?

On Tuesday, January 26, 2021 at 7:56:15 PM UTC+3:30 Ray Bon wrote:

> Meysam,
>
> There is custom webflow, 
> https://apereo.github.io/cas/6.3.x/webflow/Webflow-Customization.html, 
> for changing or adding steps/pages to the log in steps.
>
> Ray
>
> On Mon, 2021-01-25 at 23:48 -0800, Meysam Shirazi wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
> Thanks Ray for your reply. 
> OK, It's a good idea. I found Custom Authentication Strategies here :
> https://apereo.github.io/cas/6.3.x/installation/Configuring-Custom-Authentication.html
>  so 
> it says I can do it in 3 steps:
>
>1. Design the authentication handler.
>2. Register the authentication handler with the CAS authentication 
>engine.
>3. Let CAS to recognize the authentication configuration.
>
> that's all about authentication handler but what's about custom login page 
> (may contains a random from backend for sign)? is that any way to customize 
> other authentication components just like authentication handler?
>
> Meysam
> On Monday, January 25, 2021 at 8:25:03 PM UTC+3:30 Ray Bon wrote:
>
> Meysam,
>
> Start with reviewing Authentication|Methods and Multifactor Authentication 
> in  cas docs, https://apereo.github.io/cas/6.3.x/index.html.
> There are a lot of options, one of which is custom where you write groovy 
> scripts (instead of modifying or adding to cas code).
>
> Ray
>
> On Sat, 2021-01-23 at 01:22 -0800, Meysam Shirazi wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> Hello every one 
> I'm looking for a way to develop a solution bade on Apereo CAS to 
> authenticate user by PKI enabled usb token like this one(
> https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token
> ).
> I will appreciate any help to do that.
>
> -- 
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b327e6e-0fbe-481b-bcb3-d3bebf695478n%40apereo.org.