Re: [cas-user] SAML IdP keys and metadata problems

2023-01-09 Thread 'Richard Frovarp' via CAS Community 
Ideally it would generate the metadata when it can't find that, and leave the 
keys alone. Not a whole lot changes between versions as far as the idp metadata 
is concerned, but it would be nice if it could generate it when needed.

Even with it generated with the git meatadata bit commented out in the 
build.gradle file, I still get the exception when I add it back. The repo is 
initialized and checked out. It's also set in CAS to not get updates and not 
get IdP metadata. My setup is less than ideal, as the config area is owned by 
the user I'm running CAS as at the moment, so it has all of the write 
permissions it needs. So I think it is a bug. I don't see where one can submit 
bugs.

Richard

On Mon, 2023-01-09 at 17:42 +, Ray Bon wrote:
Richard,

Cas only generates the metadata and keys if it can not find them. You can 
always swap in your metadata and keys to whatever location cas thinks is 
correct.
Not sure about the exception. Perhaps it is missing something related to git; 
path, write permissions, initialized repo, etc.

Ray


On Fri, 2023-01-06 at 15:42 -0600, 'Richard Frovarp' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.


I'm having two different problems related to SAML 2 keys and metadata on
6.6.3.

If I have org.apereo.cas:cas-server-support-saml-idp-metadata-git
enabled, I get an NPE when trying to access the metadata URL. I have
enforced the default false flag to indicate that the IdP metadata
shouldn't expect to be found in there. The NPE isn't very helpful:

023-01-06 15:34:25,629 ERROR
[org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]]
- 
java.lang.NullPointerException: null
 at
org.apereo.cas.support.saml.web.idp.metadata.SamlIdPMetadataController.generateMetadataForIdp(SamlIdPMetadataController.java:61)
~[cas-server-support-saml-idp-web-6.6.3.jar!/:6.6.3]
 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method) ~[?:?]
 at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:?]
 at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]

If I don't have idp metadata git enabled, then if I don't have the
metadata file in the directory, it replaces my keys and generates a new
metadata file. I ideally would like to keep my existing keys and have it
generate a new metadata file for the new version. Guessing I just need
to create it with bogus keys elsewhere and swap in my certs and put it
somewhere that CAS can't write to it? It seems wrong for it to
regenerate the keys, and I haven't found the correct section of the
documentation at this point in time.

Thanks,

Richard

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
tocas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/85e046b9-04e5-da3c-c27c-428423af4f4a%40ndsu.edu.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3aeb50ba2d667035d4f179f638e6770dab2060f8.camel%40ndsu.edu.

Re: [cas-user] SAML IdP keys and metadata problems

2023-01-09 Thread Ray Bon 
Richard,

Cas only generates the metadata and keys if it can not find them. You can 
always swap in your metadata and keys to whatever location cas thinks is 
correct.
Not sure about the exception. Perhaps it is missing something related to git; 
path, write permissions, initialized repo, etc.

Ray


On Fri, 2023-01-06 at 15:42 -0600, 'Richard Frovarp' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.


I'm having two different problems related to SAML 2 keys and metadata on
6.6.3.

If I have org.apereo.cas:cas-server-support-saml-idp-metadata-git
enabled, I get an NPE when trying to access the metadata URL. I have
enforced the default false flag to indicate that the IdP metadata
shouldn't expect to be found in there. The NPE isn't very helpful:

023-01-06 15:34:25,629 ERROR
[org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]]
- 
java.lang.NullPointerException: null
 at
org.apereo.cas.support.saml.web.idp.metadata.SamlIdPMetadataController.generateMetadataForIdp(SamlIdPMetadataController.java:61)
~[cas-server-support-saml-idp-web-6.6.3.jar!/:6.6.3]
 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method) ~[?:?]
 at
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:?]
 at
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]

If I don't have idp metadata git enabled, then if I don't have the
metadata file in the directory, it replaces my keys and generates a new
metadata file. I ideally would like to keep my existing keys and have it
generate a new metadata file for the new version. Guessing I just need
to create it with bogus keys elsewhere and swap in my certs and put it
somewhere that CAS can't write to it? It seems wrong for it to
regenerate the keys, and I haven't found the correct section of the
documentation at this point in time.

Thanks,

Richard

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/85e046b9-04e5-da3c-c27c-428423af4f4a%40ndsu.edu.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce3280d10ef3218e305a2f8df2c79a948b05ee4d.camel%40uvic.ca.

[cas-user] Username field population after failed login

2023-01-09 Thread Jason Cole 
In CAS 5.x, our login page would include the username, as entered, after a 
failed login. This was a convenience, for sure, but it would also allow the 
user to know if the username was initially typed incorrectly. In CAS 6.6.1, 
we no longer see that occurring and the username field is blank after a 
failed login.

I've looked at and compared the loginform.html fragment between versions, 
but neither contain a value attribute on the username element. In 6.6.1, 
the value attribute is present when viewing browser source, but it is not 
set to any value.

Is there a way to auto populate the username field after a failed login in 
6.x?

Thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f58c47f-0b7e-4c7b-8405-614e0099162an%40apereo.org.