Re: [cas-user] cas6.3.7 SSO Session is no shared between web applications.

[He Vincent]

Sure, I have already changed those parameters.

Ray Bon在 2021年10月22日星期五上午10:34:00 [UTC+8]寫道：

> Vincent,
>
> Some of the properties may have changed key names. Verify that the 
> properties are correct for 6.3.
>
> Ray
>
> On Thu, 2021-10-21 at 17:39 -0700, He Vincent wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> I have upgraded cas from 5.3 to 6.3.7 recently with similar settings. 
> Then I found one issue. 
> It seems that the SSO session is not shared.
> In the same brower.
> If I have loggined in application A.
> Then I tiried to access other applications, it will ask me to login it 
> again in some cases. I am not sure about why?
>
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional 
> territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ 
> peoples whose historical relationships with the land continue to this day.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1aa79457-7fc0-4a92-8cd9-9fd5a517edebn%40apereo.org.

Re: [cas-user] cas6.3.7 SSO Session is no shared between web applications.

[Ray Bon]

Vincent,

Some of the properties may have changed key names. Verify that the properties 
are correct for 6.3.

Ray

On Thu, 2021-10-21 at 17:39 -0700, He Vincent wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

I have upgraded cas from 5.3 to 6.3.7 recently with similar settings.
Then I found one issue.
It seems that the SSO session is not shared.
In the same brower.
If I have loggined in application A.
Then I tiried to access other applications, it will ask me to login it again in 
some cases. I am not sure about why?



--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory 
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose 
historical relationships with the land continue to this day.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0458436b41fe9a2f117f9e2b0cb405161d3d2348.camel%40uvic.ca.

[cas-user] cas6.3.7 SSO Session is no shared between web applications.

[He Vincent]

I have upgraded cas from 5.3 to 6.3.7 recently with similar settings.
Then I found one issue.
It seems that the SSO session is not shared.
In the same brower.
If I have loggined in application A.
Then I tiried to access other applications, it will ask me to login it 
again in some cases. I am not sure about why?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c0c971ab-5f23-4b38-9786-bfd0c14ba85fn%40apereo.org.

Re: [cas-user] CAS v6.4: Not redirect login-page in safari (macOS Catalina) when I register a service

[Ray Bon]

Jordi,

When you say that the login form reloads, is authentication successful; is 
there a redirect with ST to the target application?

You can check your logs for the above.

Ray

On Thu, 2021-10-21 at 00:41 -0700, Jordi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.



CAS v6.4 does not work for me in Safari (macOS Catalina).

I have done a basic CAS configuration using cas-overlay-template 
(cas-overlay-template).
 These are the steps I have done:

  1.  I have configured it to boot into an External Apache Tomcat v9.
  2.  I configure CAS to authentificate with LDAP Authentication.
  3.  I have registered a service in LDAP.

When i try to login in Chrome, Firefox or Edge on Windows, all works fine, but 
in Safari and Chrome on macOS Catalnia dosen't work, the login form reload 
again.

I tried to modify the HTML and do a basic login, without using the default 
HTML, but the result is the same.

In version 5.2 it worked perfectly, but it does not work in versions 6.2 and 
6.4.

I have only detected this problem when I have a registered service and the 
login has to redirect to the service page.

This is the log when call CAS from Firefox, the authentication works well: 


https://i.stack.imgur.com/8xlPf.png

but, in Safari, the authentication dosen't work: 


https://i.stack.imgur.com/GDs4e.png

Any suggestions?

Many thanks in advance!

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory 
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose 
historical relationships with the land continue to this day.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ad3978b428cb5953257d23e593a40841f30ade43.camel%40uvic.ca.

Re: [cas-user] Clarification on ADFS/CAS integration possibilities

[Nathan Lewan]

Thank you very much, that was all helpful, and along the lines of what I 
was thinking. 

In regards to the developers, some are in a linux environment and they 
'like' dealing with CAS, while others are in a windows environment and they 
'like' dealing with ADFS. It unfortunately goes no deeper than that at the 
moment.

I have the ammo I need now when I bring this up, thanks again.

On Thursday, October 21, 2021 at 12:58:23 PM UTC-4 Misagh Moayyed wrote:

> > Is it possible if USER-A logs into an ADFS application, and then tries 
> to log into a CAS application, CAS can check to see if they are already 
> authenticated with ADFS and if so, let them in, SSO-style?
>
> What you likely want to do, as most organizations do, is to make CAS
> invisible and a proxy that defers authentication to ADFS. Applications
> that talk to ADFS will do as instructed. Applications that talk to CAS
> will be redirected to ADFS, and either will be asked to login, or will
> be redirected back to CAS and then the application, having taken
> advantage of the ADFS session.
>
> This is if you want to keep both, and then you have to worry about
> session management, and logout, and all that. Not fun, but doable.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0bf626bd-a8d0-403e-bb63-c0643e508b8en%40apereo.org.

Re: [cas-user] Clarification on ADFS/CAS integration possibilities

[Misagh]

> Is it possible if USER-A logs into an ADFS application, and then tries to log 
> into a CAS application, CAS can check to see if they are already 
> authenticated with ADFS and if so, let them in, SSO-style?

What you likely want to do, as most organizations do, is to make CAS
invisible and a proxy that defers authentication to ADFS. Applications
that talk to ADFS will do as instructed. Applications that talk to CAS
will be redirected to ADFS, and either will be asked to login, or will
be redirected back to CAS and then the application, having taken
advantage of the ADFS session.

This is if you want to keep both, and then you have to worry about
session management, and logout, and all that. Not fun, but doable.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGSBKkeWFmw%2BZg4Vs2JKBGzrC8B4ceqW%2Bs9O1ttYmyj8ziG%3DRw%40mail.gmail.com.

Re: [cas-user] Clarification on ADFS/CAS integration possibilities

['Richard Frovarp' via CAS Community]

"I understand you can make CAS use ADFS for backend authentication, or 
vise-a-versa, but i'm not sure that's exactly what i'm asking here... or 
is it?"


Yes, that is what you are asking. Otherwise they are two independent 
applications that know nothing about the state of one another, even 
though both are your systems. If you are starting from the beginning, 
you may want to examine the support status for ADFS. MS is putting most 
of their effort into Azure, so you may be better off starting there.


You should also consider what protocols are needed, and what external 
systems you need to federate with. You said "developers that aren't 
agreeing", that should be a protocol level concern. CAS can handle most 
of the protocols, including the odd WS-Fed protocol that ADFS provides. 
So, with an IdP that can support multiple different protocols, it 
shouldn't matter what IdP product you are running to support developers. 
That said, I'm a developer that operates and configures our IdPs. So 
that may be of concern.


On 10/21/21 11:26 AM, Nathan Lewan wrote:

hello all!

I have been reading through the CAS/ADFS configurations, and feel I 
somewhat get it, but I wanted to confirm something:


Important not to scenario: Both ADFS and CAS are aware of who *USER-A* is.

Is it possible if *USER-A* logs into an *ADFS* application, and then 
tries to log into a *CAS* application, *CAS* can check to see if they 
are already authenticated with *ADFS* and if so, let them in, SSO-style?


and on the flip side:

Is it possible if *USER-A* logs into a *CAS* application, and then 
tries to log into an *ADFS* application, *ADFS* can check to see if 
they are already authenticated with *CAS* and if so, let them in, 
SSO-style?


I have developers that aren't agreeing on one system or the other for 
SSO, and am looking into any possibility of having the two share info.


I understand you can make CAS use ADFS for backend authentication, or 
vise-a-versa, but i'm not sure that's exactly what i'm asking here... 
or is it?


thanks for any clarifications!
--
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 


- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/417d82f2-b60d-4173-a8e6-5fc7ce079613n%40apereo.org 
.



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0795478-2241-c5d8-8bfd-a4e96f3e3d8b%40ndsu.edu.

[cas-user] Clarification on ADFS/CAS integration possibilities

[Nathan Lewan]

hello all!

I have been reading through the CAS/ADFS configurations, and feel I 
somewhat get it, but I wanted to confirm something:

Important not to scenario: Both ADFS and CAS are aware of who *USER-A* is.

Is it possible if *USER-A* logs into an *ADFS* application, and then tries 
to log into a *CAS* application, *CAS* can check to see if they are already 
authenticated with *ADFS* and if so, let them in, SSO-style?

and on the flip side:

Is it possible if *USER-A* logs into a *CAS* application, and then tries to 
log into an *ADFS* application, *ADFS* can check to see if they are already 
authenticated with *CAS* and if so, let them in, SSO-style?

I have developers that aren't agreeing on one system or the other for SSO, 
and am looking into any possibility of having the two share info.

I understand you can make CAS use ADFS for backend authentication, or 
vise-a-versa, but i'm not sure that's exactly what i'm asking here... or is 
it?

thanks for any clarifications!

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/417d82f2-b60d-4173-a8e6-5fc7ce079613n%40apereo.org.

Re: [cas-user] CAS v6.4: Not redirect login-page in safari (macOS Catalina) when I register a service

[Baba Ndiaye]

Hi can you do a tutorial video step by step how to configure CAS with LDAP
authentication please and share the link

Le jeu. 21 oct. 2021 à 07:42, Jordi  a écrit :

> 
>
> CAS v6.4 does not work for me in Safari (macOS Catalina).
>
> I have done a basic CAS configuration using cas-overlay-template (
> cas-overlay-template
> ). These are the
> steps I have done:
>
>1. I have configured it to boot into an External Apache Tomcat v9.
>2. I configure CAS to authentificate with LDAP Authentication.
>3. I have registered a service in LDAP.
>
> When i try to login in Chrome, Firefox or Edge on Windows, all works fine,
> but in Safari and Chrome on macOS Catalnia dosen't work, the login form
> reload again.
>
> I tried to modify the HTML and do a basic login, without using the default
> HTML, but the result is the same.
>
> In version 5.2 it worked perfectly, but it does not work in versions 6.2
> and 6.4.
>
> I have only detected this problem when I have a registered service and the
> login has to redirect to the service page.
>
> This is the log when call CAS from Firefox, the authentication works well:
> 
>
> https://i.stack.imgur.com/8xlPf.png
>
> but, in Safari, the authentication dosen't work:
> 
>
> https://i.stack.imgur.com/GDs4e.png
>
> Any suggestions?
>
> Many thanks in advance!
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b541fa1-6c7f-4d26-b5a1-b7b1940151d2n%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFu1ZRtdrfKrMgpai1HoO86eaD1J9OA%3D3ALZMsCbSsvLepmAhg%40mail.gmail.com.

[cas-user] CAS v6.4: Not redirect login-page in safari (macOS Catalina) when I register a service

[Jordi]

 

CAS v6.4 does not work for me in Safari (macOS Catalina).

I have done a basic CAS configuration using cas-overlay-template (
cas-overlay-template 
). These are the 
steps I have done:

   1. I have configured it to boot into an External Apache Tomcat v9. 
   2. I configure CAS to authentificate with LDAP Authentication. 
   3. I have registered a service in LDAP. 

When i try to login in Chrome, Firefox or Edge on Windows, all works fine, 
but in Safari and Chrome on macOS Catalnia dosen't work, the login form 
reload again.

I tried to modify the HTML and do a basic login, without using the default 
HTML, but the result is the same.

In version 5.2 it worked perfectly, but it does not work in versions 6.2 
and 6.4.

I have only detected this problem when I have a registered service and the 
login has to redirect to the service page.

This is the log when call CAS from Firefox, the authentication works well: 


https://i.stack.imgur.com/8xlPf.png

but, in Safari, the authentication dosen't work: 


https://i.stack.imgur.com/GDs4e.png

Any suggestions?

Many thanks in advance!

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b541fa1-6c7f-4d26-b5a1-b7b1940151d2n%40apereo.org.