Re: [cas-user] Change the Path of cas.properties file
Hi, Dan. Using Maven, I have a file src/main/resources/bootstrap.yml just to do that: content of bootstrap.yml is cas: standalone: configurationDirectory : /usr/local/etc/cas5/ hope that helps. On Wed, 16 Sep 2020 02:30:34 -0700 (PDT) Danny Tung wrote: > Hello all, > > I would like to change the path of cas.properties. According to the > document @ > https://apereo.github.io/cas/6.2.x/configuration/Configuration-Server-Management.html > , > ... ...*CAS by default will attempt to locate settings and properties > inside a given directory indicated under the setting name > cas.standalone.configurationDirectory and otherwise falls back to using > /etc/cas/config as the configuration directory* .. > > However, I have no idea how to config the setting name > *cas.standalone.configurationDirectory*. > Does any one have idea on how to config the value of *configurationDirectory*? -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20200916135534.a1f0789d294a9afe01fa2f47%40unex.es.
Re: [cas-user] mod_auth_cas returns 401 Unauthorized
Hi, Jakub Maybe it is some attributes problem, I remember something similar in my setup, will check it out. In the meanwhile: is it working if you just Require valid user instead of attribute? On Mon, 27 Jul 2020 05:01:54 -0700 (PDT) Jakub Fridrich wrote: > Hi, > I'm setting mod_auth_cas for Apache 2.4, in Debian. > Authentication not working. I always give *Unauthorized* error with message > *no > authenticated user yet*, after success login via CAS. See error log below. > > Redirect to Login PAGE working correctly. > > How to fix it? > Thanks > > Virtualhost Config: > > ServerName tester.conapny.cz > CASDebug on > LogLevel Debug > > > AuthType CAS > CASAuthNHeader On > Require cas-attribute given_name:Petr > > > > Error log: > mod_auth_cas.c(2058): Entering cas_authenticate() > mod_auth_cas.c(652): Modified r->args (now '') > mod_auth_cas.c(1761): entering getResponseFromServer() > mod_auth_cas.c(580): CAS Service 'http%3a%2f%2ftester.conapny.cz%2f' > mod_auth_cas.c(1838): Validation response: > > > > > > > > > > > > > > > > > > *http://www.yale.edu/tp/cas;> >petren > > 20200727112135Z > true > 2020-07-27T11:22:25.260081Z > > > > LdapAuthenticationHandler > >Petr > UsernamePasswordCredential > > LdapAuthenticationHandler > >petren > > false > >Rendl > pet...@conapny.cz > * > mod_auth_cas.c(1436): entering isValidCASTicket() > mod_auth_cas.c(1442): MOD_AUTH_CAS: response = > > > > > > > > > > > > > > > > > > *http://www.yale.edu/tp/cas;> >petren > > 20200727112135Z > true > 2020-07-27T11:22:25.260081Z > > > > LdapAuthenticationHandler > >Petr > UsernamePasswordCredential > > LdapAuthenticationHandler > >petren > > false > >Rendl > pet...@conapny.cz > * > mod_auth_cas.c(1268): entering createCASCookie() > mod_auth_cas.c(1063): entering CASCleanCache() > mod_auth_cas.c(1180): entering writeCASCacheEntry() > mod_auth_cas.c(1294): Cookie 'beb769f86a5c6460d9945cb3de349adf' created for > user 'petren' > mod_auth_cas.c(761): entering setCASCookie() > mod_auth_cas.c(460): Determining CAS scope (path: /, CASScope: (null), > CASRenew: (null), CASGateway: (null)) > mod_auth_cas.c(807): Adding outgoing header: Set-Cookie: > MOD_AUTH_CAS=beb769f86a5c6460d9945cb3de349adf;Path=/; HttpOnly > mod_auth_cas.c(2344): Entering cas_check_authorization. > > > mod_authz_core.c(809): AH01626: authorization result of Require > cas-attribute given_name:Petr: denied (*no authenticated user yet*) > mod_authz_core.c(809): AH01626: authorization result of : > denied (no authenticated user yet) > [authz_core:error] AH01631: user petren: authorization failure for "/": > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/ef4f7ec1-86fd-4069-8d0f-632a411cf9c3o%40apereo.org. -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20200727141812.3dca1f09965664df92c33a5a%40unex.es.
Re: [cas-user] CAS filter on user id ?
Hello, If you are using Apache with auth_cas (I guess, seeing the "Require") you can achieve it with Require user user1 user2 Bear in mind that it is not CAS filtering users, but your application. Regards. On Mon, 4 May 2020 02:07:18 -0700 (PDT) Nowis wrote: > Hello, > > I did some research but did not find the answer I was looking for :/ > I would like my app to be accessible only by two users. > > Reading the documentation, I thought using "Require cas-attributes > :" was the thing to do, but my attributes only have "firstName" > and "LastName", which is not something I should rely on (not really secure > ^^ ). > > I would like to make a rule with the user id (or login) instead of > cas-attributes. Is it something I can and should do? > > Somthing like Require cas-user user:userid1, user:userId2 > > I am only a CAS user and can't manage anything on its service (but I can > make some demands if really necessary). > > Thank you :) > -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20200504112924.4200588db1fbaef36ffe9488%40unex.es.
Re: [cas-user] mod_auth_cas and attributes
On Mon, 4 Nov 2019 17:16:33 + Ray Bon wrote: > Alberto, > > My apologies. I missed the part about cas protocol v2. Attribute release > is available only with protocol v3 and saml 1.1 (and saml 2). No need to apologize, of course! A little more explanation is welcome, though... I read in mod_auth_cas docs (https://github.com/apereo/mod_auth_cas): Both the CAS 2.0 and SAML 1.1 protocols support including additional attributes in the CAS validation response, which may also be added as HTTP headers (see CASAttributePrefix and CASAttributeDelimiter). And then, among the NEW FEATURES AND FUNCTIONS IN THIS RELEASE is * CASv2 attributes. Then, I thought I was retrieving attributes with phpCAS and CASv2, but now I'm a little confused... Perhaps attributes release needs CASv3 only for mod_auth_cas? -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191106135905.282bc33fe1549ff65e8ca535%40unex.es.
Re: [cas-user] mod_auth_cas and attributes
On Fri, 25 Oct 2019 18:08:13 +
Ray Bon wrote:
> Alberto,
>
> To be sure CAS is releasing the attributes:
>
>
> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
> level="debug"/>
Thanks, Ray.
It seems to be right:
DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy]
I wonder how the "serviceValidate" endpoint is building the service response.
Could this be useful? The log shows attributes being used for access control
WHO: audit:unknown
WHAT: [result=Service Access
Granted,service=https://server.unex.es/examples/jsp/he...,principal=SimplePrincipal(id=alberto,
attributes={cn=[alberto], givenName=[alberto],
irisPersonalUniqueID=[DOC:12345678R], mail=[albe...@unex.es], sn=[cabello
sánchez], sn1=[cabello], sn2=[sánchez], uid=[alberto]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
but not for service ticket validation
WHO: alberto
WHAT: ST-16c60***d099 for
https://server.unex.es/examples/jsp/headers.jsp
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
Additionally: I can use attributes to control access in .htaccess (with
Require cas-attribute givenName:alberto) but -as expected- it works for me
only in the SAML scenario, not in the CASv2.
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191104131745.e9bf1d095e4c607b1214cc32%40unex.es.
Re: [cas-user] mod_auth_cas and attributes
Hi, thanks everyone for your help!
This worked like a charm, just adding the SAML dependency and changing two
lines in mod_auth_cas config ("CASValidateUrl" and "CASValidateSAML On").
I'll be investigating the cause of my CAS and mod_auth_cas not sharing the
attributes, anyway.
Best regards.
On Thu, 24 Oct 2019 08:13:18 -0400
David Curry wrote:
> In your service registry:
>
> {
> *...*
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> *...*}
>
> In /etc/httpd/conf.d/cas.conf:
>
> LoadModule auth_cas_module modules/mod_auth_cas.so
> mod_auth_cas.c>AuthTypeCAS
> CASAuthNHeader On
>
> Require valid-user
> CASLoginUrl https://casserver.example.org/cas/login
> CASValidateUrlhttps://casserver.example.org/cas/samlValidate
> CASCookiePath /var/cache/httpd/mod_auth_cas/
> CASValidateSAML On
> CASSSOEnabled On
> CASDebug Off
>
> Note that CASv2 uses SAML 1.1 to return attributes; hence the use of
> samlValidate. This is *not* the same thing as configuring the CAS server as
> a SAML2 IdP and using SAML instead of CAS to auhenticate.
>
> This will put all your attributes into Apache headers. You can access them
> in various ways; here's a simple PHP example that you can put into
> /var/www/html/secured-by-cas/index.php or whatever:
>
>
>
> Hello, World!
>
>
> href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
>
>
>
> Secured Content
> This is some secure content. You should not be able to
> see it until you have entered your username and password.
> Attributes Returned by CAS
>echo "";
>
> if (array_key_exists('REMOTE_USER', $_SERVER)) {
> echo "REMOTE_USER = " . $_SERVER['REMOTE_USER'] . "";
> }
>
> $headers = getallheaders();
> foreach ($headers as $key => $value) {
> if (strpos($key, 'CAS_') === 0) {
> echo substr($key, 4) . " = " . $value . "";
> }
> }
>
> echo "";
> ?>
>
>
>
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
>
> On Thu, Oct 24, 2019 at 6:26 AM Alberto Cabello Sánchez
> wrote:
>
> > Hi,
> >
> > I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
> > protocol (not SAML), but I'm not sure how to achieve it.
> >
> > I set
> >
> > CASAuthNHeader ATTR
> >
> > but it just gives the authenticated user, even if successful login page
> > shows
> > correctly the attributes defined in application.properties.
> >
> > Attribute release policy for that service is
> > "attributeReleasePolicy" : {
> > "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> > },
> >
> > My validation URL is
> >
> > CASValidateURL /serviceValidate
> >
> > I don't know if this is correct. I found another value when using SAML
> > validation, but I don't know if I have to change this one for CASv2 (only
> > found this information regarding the SAML version).
> >
> > Thanks in advance,
> >
> > --
> > Alberto Cabello Sánchez
> > Servicio de Informática
> > Universidad de Extremadura
> >
> > --
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "CAS Community" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to cas-user+unsubscr...@apereo.org.
> > To view this discussion on the web visit
> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es
> > .
> >
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because y
Re: [cas-user] mod_auth_cas and attributes
On Thu, 24 Oct 2019 16:20:09 -0400 David Hawes wrote: > Note that you can use /serviceValidate with mod_auth_cas v1.2 if your > server releases attributes. Well, it seems this is not the case: validation response is alberto No node named "attributes", so no mod_auth_cas problem here. -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191025124030.bc08488929993daee23722d8%40unex.es.
Re: [cas-user] mod_auth_cas and attributes
On Thu, 24 Oct 2019 16:12:58 -0400
David Hawes wrote:
> What version of mod_auth_cas are you using?
Sorry, I didn't included it in my question:
mod_auth_cas is 1.2, freshly cloned from
https://github.com/apereo/mod_auth_cas.git
CAS server is 5.3.12.1.
> v1.2 supports CASv2 attributes, which should work with /serviceValidate
> provided your server supports it.
>
> Turn "CASDebug On" and you should be able to see the validation
> response with the attributes returned from your server. With
> CASAuthnHeader set to some attribute like you've done, the released
> attributes should be in the HTTP headers.
This is the CAS info logged in Tomcat
INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
I can't find any reference to headers in Apache 2 logs, except
Adding outgoing header: Set-Cookie:
MOD_AUTH_CAS_S=6c60***d099;Secure;Path=/examples/jsp/;
HttpOnly, referer: /login?service=
I guess I will add some printf() statements in mod_auth_cas to gather more
info, and explore the SAML approach.
If it helps, I do get an "ATTR" header (CASAuthNHeader is set to ATTR),
but it just contains the REMOTE_USER value ("alberto" in this case).
Thanks for your help.
> On Thu, 24 Oct 2019 at 06:26, Alberto Cabello Sánchez wrote:
> >
> > Hi,
> >
> > I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
> > protocol (not SAML), but I'm not sure how to achieve it.
> >
> > I set
> >
> > CASAuthNHeader ATTR
> >
> > but it just gives the authenticated user, even if successful login page
> > shows
> > correctly the attributes defined in application.properties.
> >
> > Attribute release policy for that service is
> > "attributeReleasePolicy" : {
> > "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> > },
> >
> > My validation URL is
> >
> > CASValidateURL /serviceValidate
> >
> > I don't know if this is correct. I found another value when using SAML
> > validation, but I don't know if I have to change this one for CASv2 (only
> > found this information regarding the SAML version).
> >
> > Thanks in advance,
> >
> > --
> > Alberto Cabello Sánchez
> > Servicio de Informática
> > Universidad de Extremadura
> >
> > --
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "CAS Community" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to cas-user+unsubscr...@apereo.org.
> > To view this discussion on the web visit
> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com.
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191025114525.ebc9b494c5b68d121e09c3fa%40unex.es.
Re: [cas-user] mod_auth_cas and attributes
Thank you very much. I'll try later, hoping not to end in a SAML mess, as
I usually do.
Regarding Apache directives,
* Do I need "CASSSOEnabled On", even if I'm not using SSOut capabilities?
* Is "CASAuthNHeader On" correct? I just did that and ended with a "On"
header containing only the authenticated username, not what I wanted...
I thought CASAuthNHeader is not an On/Off directive but it takes a string
value to set the header name.
Regards.
On Thu, 24 Oct 2019 08:13:18 -0400
David Curry wrote:
> In your service registry:
>
> {
> *...*
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> *...*}
>
> In /etc/httpd/conf.d/cas.conf:
>
> LoadModule auth_cas_module modules/mod_auth_cas.so
> mod_auth_cas.c>AuthTypeCAS
> CASAuthNHeader On
>
> Require valid-user
> CASLoginUrl https://casserver.example.org/cas/login
> CASValidateUrlhttps://casserver.example.org/cas/samlValidate
> CASCookiePath /var/cache/httpd/mod_auth_cas/
> CASValidateSAML On
> CASSSOEnabled On
> CASDebug Off
>
> Note that CASv2 uses SAML 1.1 to return attributes; hence the use of
> samlValidate. This is *not* the same thing as configuring the CAS server as
> a SAML2 IdP and using SAML instead of CAS to auhenticate.
>
> This will put all your attributes into Apache headers. You can access them
> in various ways; here's a simple PHP example that you can put into
> /var/www/html/secured-by-cas/index.php or whatever:
>
>
>
> Hello, World!
>
>
> href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
>
>
>
> Secured Content
> This is some secure content. You should not be able to
> see it until you have entered your username and password.
> Attributes Returned by CAS
>echo "";
>
> if (array_key_exists('REMOTE_USER', $_SERVER)) {
> echo "REMOTE_USER = " . $_SERVER['REMOTE_USER'] . "";
> }
>
> $headers = getallheaders();
> foreach ($headers as $key => $value) {
> if (strpos($key, 'CAS_') === 0) {
> echo substr($key, 4) . " = " . $value . "";
> }
> }
>
> echo "";
> ?>
>
>
>
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
>
> On Thu, Oct 24, 2019 at 6:26 AM Alberto Cabello Sánchez
> wrote:
>
> > Hi,
> >
> > I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
> > protocol (not SAML), but I'm not sure how to achieve it.
> >
> > I set
> >
> > CASAuthNHeader ATTR
> >
> > but it just gives the authenticated user, even if successful login page
> > shows
> > correctly the attributes defined in application.properties.
> >
> > Attribute release policy for that service is
> > "attributeReleasePolicy" : {
> > "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> > },
> >
> > My validation URL is
> >
> > CASValidateURL /serviceValidate
> >
> > I don't know if this is correct. I found another value when using SAML
> > validation, but I don't know if I have to change this one for CASv2 (only
> > found this information regarding the SAML version).
> >
> > Thanks in advance,
> >
> > --
> > Alberto Cabello Sánchez
> > Servicio de Informática
> > Universidad de Extremadura
> >
> > --
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "CAS Community" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to cas-user+unsubscr...@apereo.org.
> > To view this discussion on the web visit
> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es
> > .
> >
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://git
[cas-user] mod_auth_cas and attributes
Hi,
I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
protocol (not SAML), but I'm not sure how to achieve it.
I set
CASAuthNHeader ATTR
but it just gives the authenticated user, even if successful login page shows
correctly the attributes defined in application.properties.
Attribute release policy for that service is
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
My validation URL is
CASValidateURL /serviceValidate
I don't know if this is correct. I found another value when using SAML
validation, but I don't know if I have to change this one for CASv2 (only
found this information regarding the SAML version).
Thanks in advance,
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es.
Re: [cas-user] CAS 6.0 How to authenticate user/password with LDAP
On Thu, 10 Oct 2019 07:52:19 -0700 (PDT) ratm wrote: > How to verify what's wrong ? For example when i put a wrong baseDn or > searchFilter i have the same error. How to perform simple login/password > test to eliminate error ? Setting log level DEBUG or TRACE in some packages (e. g. org.ldaptive) is often useful to me. It writes lots of information to the logs, including the actual LDAP queries being issued. > How cas deal with password, ie is the ldap who perform the password > compare or cas ? LDAP. CAS has no access to LDAP stored passwords. By the way, this cas.authn.ldap[0].bindDn=cn=Directory Manager doesn't look like a DN to me. I guess this is not your actual setting, though. -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024120044.198f17173a24a3b2d67b72d7%40unex.es.
Re: [cas-user] Unable to use CAS v6
Hi, David,
I am currently working on CAS 6 customization and it works pretty well
without Password Management.
The problem you refer to claims to be caused by
java.lang.NullPointerException: null at
org.apereo.cas.util.LdapUtils.lambda$newLdaptiveSearchFilter$3
(LdapUtils.java:530)
In org/apereo/cas/util/LdapUtils.java there is a debug statement related
to it:
LOGGER.debug("Constructed LDAP search filter [{}]", filter.format());
So maybe setting a more verbose log level and checking the constructed search
filter will be helpful.
Regards
On Sat, 05 Oct 2019 21:22:53 + (UTC)
David Kowis wrote:
> https://www.mail-archive.com/cas-dev@apereo.org/msg00663.html
>
> Seems as though there's a pretty significant problem with LDAP password
> reset email stuff. :(
>
> I haven't been able to figure out what the actual problem is, so I'm
> having to go back to 5.3.x...
>
> I was wondering if anyone else has had this problem, or most people are
> just on 5.3.x for the time being?
>
> Thanks!
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191008120234.7268fae7901209bc25e475c3%40unex.es.
Re: [cas-user] CAS 6.1.0 - questions about java version and EOL
On Fri, 21 Jun 2019 00:54:32 -0700 (PDT) Alexandre Ficheux wrote: > Hello, > > 2/ > The java requirement for the CAS server 6.1.0 is java 11, or OpenJDK 11 > That is a silly question, but can it work on java 8? At least in my experience, the 6.0.4 Maven build downloads some artifacts which won't load with JAVA 8, so even if you could make it work (I don't know if it is possible at all) you would be possibly getting some problems. I wouldn't trust so much a CAS 6-JAVA 8 setup. -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190621204008.1bd021bcd18e2c994a82cb01%40unex.es.
[cas-user] Trying to understand Authentication Throttling
Hi, I want to prevent a CAS server from being used to guess passwords, so I'm reading the docs about Authentication Throttling. I find it somewhat confusing, because it is not clear how period and threshold work together. >From the docs: > All login throttling components that ship with CAS limit successive > failed login attempts that exceed a threshold rate in failures per > second. The following properties are provided to define the failure > rate: > > failureRangeInSeconds: > Period of time in seconds during which the threshold applies. > failureThreshold: > Number of failed login attempts permitted in the above period. On the other hand, I've read in this group > Those throttle settings get reduced to a common denominator. When you > set 3 failures within 15 seconds, it is converted to 1 in 5 seconds. If I'm understanding it correctly, there is no point having two different properties instead of just a hypotetical "secondsBetweenConsecutiveFailures". Besides that, the logged message (e. g. "More than [3] failed login attempts within [15] seconds. Authentication attempt exceeds the failure threshold [3]") is very misleading, as it can be triggered just after two quick failed logins. There is no way for sending the IP/username to the waiting room when failing four times in a minute but not when failing two times in 30 seconds? Regards, -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190530122543.2bf99b71381af36ccfc48061%40unex.es.
[cas-user] Re: Several CAS webapps in one tomcat server (SOLVED)
On Tue, 21 May 2019 05:32:35 -0700 (PDT)
Andy Ng wrote:
> instead of cas.standalone.config=/etc/cas/config
> - bootstrap.properties load before application.properties or
> application.yml, that's why your modification didn't work
> - One way to do it (I don't know if recommended or not...)
> is to put your cas.standalone.config:
> /etc/cas/config inside *bootstrap.yml* instead
> - yml load after properties, so bootstrap.yml will override
> bootstrap.properties.
Thank you, Andy.
This worked like a charm. For anyone interested, I have now
...
casldap1
/usr/local/etc/casldap1/
...
in the section of the pom.xml, and the command
mvn -Pldap1 clean package
fills the values in my src/main/resources/bootstrap.yml, which reads
cas:
standalone:
config : ${casStandaloneConfig}
spring:
application:
name : ${springApplicationName}
> I also agrees that using config is the sometime the better option,
> especially when you already have a system to manage config files,
> just didn't see the benefit of switching to spring config.
Sure, I'll look into spring config, but at this stage I'm just
trying to avoid brain overload.
Thank you very much again,
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190523124839.1201c5600ca0dde6ae5b8b2c%40unex.es.
[cas-user] Several CAS webapps in one tomcat server
Hi all, I have the need of setting up a few CAS servers with different auth backends, if possible in the same server (I'm not familiar with Spring config, so I'm using just old-fashioned config files). Indeed, it is easy to do it just changing the line # cas.standalone.config=/etc/cas/config or spring.application.name=cas in bootstrap.properties. But, as it is not recommended to modify this file or application.properties, I'm trying to override that value with a WEB-INF/classes/application.yml file like this one: cas: standalone: config : /usr/local/etc/cascert which has no effect. Is this correct? Can I safely modify the spring.application.name property in bootstrap.properties (as I did previoulsy with success)? Best regards, -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190520110615.fdd82f24a7a976e022c21906%40unex.es.
Re: [cas-user] Re: CAS documentation for a new user is terrible
On Thu, 16 May 2019 09:35:21 -0400 David Curry wrote: > Va, > > The link I gave you was to documentation that I developed for use in my > organization. It was produced to meet our needs (not yours) and it does > that quite well. We contributed it to the community in the hopes that > others might find it useful, too. Among others, the original poster of this thread, who wrote: > Only now, when wanting to post this message, did I find this helpful > guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the > CAS team incorporate some step-by-step tutorial like this into the > official documentation? I think a lot of people would benefit from some posts like the ones we can find in Apereo Community Blog (https://apereo.github.io/) focused on more basic tasks. Finally: it is too easy to forget that people only tell what is missing, so even if official documentation is hard to follow (indeed, it is), I'd like to thank both the developers and the helpful community that make CAS. Best regards, -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190517132226.e0df4c9fd1a172f4aab67cf9%40unex.es.
Re: [cas-user] phpCAS logging logins
On Thu, 16 May 2019 15:38:51 -1000 Austin wrote: > Hello CAS-Users, > > I am using phpCAS 1.3.7 and have the basic functionality working using > your simple example, which I include on all of the pages I want to be > authenticated. However, I would also like to log the user logins in my > database after the initial authentication. However, is there any way to > tell if the authentication is due to a CAS login or if it's just > authenticating against the phpCAS session cookie? Hi, Austin, I think CAS logins will show in your logs as having a CAS server referrer. At least, they do in my mod_auth_cas setup. I'm not sure, but you can give it a try. Hope that helps, -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190517142110.403640b7ba82467a353b8c9d%40unex.es.
Re: [cas-user] CAS modification class
On Mon, 20 Aug 2018 07:52:34 -0700 (PDT) Sabrina Lanzotti wrote: > I’m new to CAS but we managed to decompile the jar with the > Jira44CasAuthenticator.java and saw that a Null pointer that it was > giving us is supposedly from this class. > > We want to make a small change on it and re-create the jar file to test > it, but when we create a java project we are missing several packages. > > Can you please tell us how can we make a compiling project to make changes > on this class? I'm not sure this is the "best practice", but if you can use Git and Maven, you can try this: Clone the java-cas-client repository: git clone https://github.com/apereo/java-cas-client/ then go into the Atlassian-related area: cd java-cas-client/cas-client-integration-atlassian/ make the desired changes in src/main/java/org/jasig/cas/client/integration/atlassian/Jira44CasAuthenticator.java and re-build your .jar: mvn clean package Maven should take care of all the needed dependency packaegs. If everything goes OK, you will have a .jar in target/. Mine is cas-client-integration-atlassian-3.5.1-SNAPSHOT.jar Hope that helps, Alberto -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180822101024.d5df97ba782226c5675b%40unex.es.
Re: [cas-user] Cas5 Ldap Authentication
On Thu, 8 Mar 2018 06:32:52 -0800 (PST) yashwanth chowdary <ryashwanthkumarchowd...@gmail.com> wrote: > I have written my .own classes handler,configuration(please refer to > the attached files).What i observe is My handler is getting registered > properly but when i give the credentials the method > "authenticateUsernamePasswordInternal" is not getting called. > Properties are same as above. How does CAS know that cas.authn.ldap[0].* properties refer to your handler rather than a "regular" LDAP handler? -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180309083359.da0ed1d9e05b1a1b67a65ee4%40unex.es.
[cas-user] Re: CAS5.2 Connect to LDAP
On Thu, 22 Feb 2018 13:43:05 -0800 (PST) Kevin Liu <annihil8...@gmail.com> wrote: > Correct me if I'm wrong but looking at the directory, not everyone > has a DN. Some users are only members of a group it looks like. I don't think so. DN is the ultimate identifier in LDAP/AD. As stated in MSDN: «The LDAP API references an LDAP object by its distinguished name (DN)». Even a group have a DN so you can perform operations on it. ( Source: https://msdn.microsoft.com/en-us/library/aa366101(v=vs.85).aspx ) -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180223131728.2e9164b15c72d7ad44301d6c%40unex.es.
Re: [POSIBLE SPAM]Re: [cas-user] SAML and signing configuration
On Tue, 20 Feb 2018 10:38:06 -0300 Man H <info.ings...@gmail.com> wrote: > Do you hace mod_auth_cas installed I just disabled mod_auth_cas and the error is still appearing. I will test it in a fresh install, though. -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180221151426.a010a76279089bf6927cbd35%40unex.es.
Re: [cas-user] SAML and signing configuration
Yes, I do.
I'll disable it and/or test the setup in a fresh install to see if it
is the source of the problem.
Thanks for the hint.
On Tue, 20 Feb 2018 10:38:06 -0300
Man H <info.ings...@gmail.com> wrote:
> Do you hace mod_auth_cas installed
>
> El martes, 20 de febrero de 2018, Alberto Cabello Sánchez <albe...@unex.es>
> escribió:
>
> > Hi,
> >
> > I'm getting a strange error when running the Onelogin SSO Wordpress
> > plugin to authenticate users with a CAS with SAML support. I managed
> > to get the plugin working with simpleSAMLphp so I think the problem
> > is in the CAS side.
> >
> > The displayed error message is:
> >
> >
> > CAS is unable to process this request: "500:Internal Server Error"
> >
> > Error: org.opensaml.saml.common.SAMLException:
> > No signature signing parameter is available
> >
> >
> >
> > I think the problem is some metadata parameter, but I cannot find a working
> > example to give some light. I configured the service in a JSON this way:
> > (file name is lvs05saml-1003.json)
> >
> > {
> > "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
> > "serviceId" : "lvs05saml",
> > "name" : "lvs05saml",
> > "id" : 1003,
> > "attributeReleasePolicy" : {
> > "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> > },
> > "metadataLocation" : "http://HERE_I_PUT_MY_WORDPRESS_URL/wp-login.php?
> > saml_metadata",
> > "metadataSignatureLocation" : "file:/usr/local/etc/cas/
> > certs/ONE_LOGIN_PLUGIN_CERT.pub",
> > }
> >
> > Uppercase HERE_I_PUT_MY_WORDPRESS_URL and ONE_LOGIN_PLUGIN_CERT are
> > substituted by the actual conf values.
> >
> > I'm basically stucked at this point, so I feel I need some hint to
> > carry further research and solve this error.
> >
> > Thanks for your help,
> >
> > --
> > Alberto Cabello Sánchez
> > Servicio de Informática
> > Universidad de Extremadura
> >
> > --
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "CAS Community" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to cas-user+unsubscr...@apereo.org.
> > To view this discussion on the web visit https://groups.google.com/a/
> > apereo.org/d/msgid/cas-user/20180220104515.e69c1fad30ace2e22815f049%
> > 40unex.es.
> >
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5miexpX%3DjD4LsuhKRzAuipS83i8iYvg-uY_N6qfZfesQbJQ%40mail.gmail.com.
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180221143256.027b1d59fa80b0550f5a5e0f%40unex.es.
[cas-user] SAML and signing configuration
Hi,
I'm getting a strange error when running the Onelogin SSO Wordpress
plugin to authenticate users with a CAS with SAML support. I managed
to get the plugin working with simpleSAMLphp so I think the problem
is in the CAS side.
The displayed error message is:
CAS is unable to process this request: "500:Internal Server Error"
Error: org.opensaml.saml.common.SAMLException:
No signature signing parameter is available
I think the problem is some metadata parameter, but I cannot find a working
example to give some light. I configured the service in a JSON this way:
(file name is lvs05saml-1003.json)
{
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId" : "lvs05saml",
"name" : "lvs05saml",
"id" : 1003,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"metadataLocation" :
"http://HERE_I_PUT_MY_WORDPRESS_URL/wp-login.php?saml_metadata;,
"metadataSignatureLocation" :
"file:/usr/local/etc/cas/certs/ONE_LOGIN_PLUGIN_CERT.pub",
}
Uppercase HERE_I_PUT_MY_WORDPRESS_URL and ONE_LOGIN_PLUGIN_CERT are
substituted by the actual conf values.
I'm basically stucked at this point, so I feel I need some hint to
carry further research and solve this error.
Thanks for your help,
--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180220104515.e69c1fad30ace2e22815f049%40unex.es.
Re: [cas-user] Problems building/running 5.3.0-RC1 and/or 5.3.0-RC2-SNAPSHOT with Maven overlay
On Thu, 18 Jan 2018 12:05:50 -0500 David Curry <david.cu...@newschool.edu> wrote: > Thanks, Alberto. Of course, when I go try to rebuild things this morning to > try that suggestion, it errors out with a completely different > error.(before I even apply that correction) having nothing to do with the > original error. > > I think 5.3.0-RC2-SNAPSHOIT building with Maven is just broken right now. > Would love to hear from someone (anyone) else who's tried it. I just did git clone https://github.com/apereo/cas-overlay-template.git cd cas-overlay-template/ mv pom.xml pom.original.xml sed -e 's#.*#5.3.0-RC2-SNAPSHOT#' \ pom.original.xml > pom.xml ./mvnw clean package cp target/cas.war /opt/apache-tomcat/webapps/ and it seems to work without further configuration (/etc/cas/logs and /etc/cas/config previously exist and are writeable). Later on, when I apply my current CAS 5.2.0 + OpenLDAP config, I get org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: Failed to bind 'cas.authn.ldap[0].userFilter' from 'applicationProfilesProperties' to 'authn.ldap[0].userFilter' property on 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties' -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180119105323.2aeb47f37b8c10291ae91d35%40unex.es.
Re: [cas-user] Problems building/running 5.3.0-RC1 and/or 5.3.0-RC2-SNAPSHOT with Maven overlay
This error > Bean instantiation via factory method failed; nested exception is > org.springframework.beans.BeanInstantiationException: Failed to > instantiate [nz.net.ultraq.thymeleaf.LayoutDialect]: Factory method > 'layoutDialect' threw exception; nested exception is > java.lang.NoClassDefFoundError: org/thymeleaf/dom/Attribute looks like a Spring - Thymeleaf - Dialect compatible versions issue. Check this (quite short) thread: https://stackoverflow.com/questions/41388332/thymeleaf-3-0-spring-boot-security-integration-does-not-work/41416861 -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180118090721.ce33a5100986d2d516bfd297%40unex.es.
Re: [cas-user] CAS installation on Apache Tomcat
On Sat, 30 Dec 2017 20:57:43 -0500 David Curry <david.cu...@newschool.edu> wrote: > It's not "official" documentation, but I've been sharing my > documentation as I get it written up... that includes installing > into an external (non-embedded) Tomcat. > > https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html > > Hope you find it useful. Great job! And a lot of work, I guess. Thanks for sharing. Regards, -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180103100839.8ed58eb73895576edd5ed3da%40unex.es.
Re: [cas-user] Cas 4.0.0 and OpenLDAP
On Tue, 28 Nov 2017 03:39:57 -0800 (PST) NMD <ndeyem.diedh...@uvs.edu.sn> wrote: > Hello everyone, > > I've been tryng to set up cas with my Ldap for weeks now and I really need > help. I can't find any great documentation. If anyone succeed please HELP > ME. If you can read French, here is a pretty good step-by-step example: https://www-public.tem-tsp.eu/~procacci/dok/doku.php?id=docpublic:systemes:ssocas:cas4install -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20171128142731.241a2c6a0564c6db13acb22f%40unex.es.
Re: [cas-user] Logging/Debugging doesn't work in CAS 5.0.2
On Fri, 17 Feb 2017 10:26:28 -0600 John Wynstra <jdwyns...@gmail.com> wrote: > I have also had issues trying to get logging to work - I posted something > earlier but got no response from the list. > > Considering the overlay concept is supposed to be a good starting point, > I am finding the learning curve steep and frustrating. The documentation > seems to assume that I have a point of reference that I actually don't > have yet. 100% agreed. But I think the flashing notice in the docs says CAS 5 is not yet aimed for widespread deploying. I'm writing a "getting started" guide with my progress, I will post it to the list as it improves. -- Alberto Cabello Sánchez <albe...@unex.es> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20170221213232.1bdc8e776947c6db7c275fb9%40unex.es.
Re: [cas-user] Logging/Debugging doesn't work in CAS 5.0.2
On Thu, 16 Feb 2017 22:17:11 -0500 RJ Guroo <ssogu...@gmail.com> wrote: > Am I the only one with logging/debugging challenges ? > > Log config: > http://pastebin.com/irNhfDs8 My config is pretty similar and it is working OK. No logging-related errors, at least. Maybe I'm doing something wrong, as I had to change /opt/tomcat/logs/ to to get some logging. Just in case org.apereo.cas.logging.CasAppender is the missing class, check for cas-server-core-logging-5.0.2.jar in your build. -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20170221123305.27aa62044abf652666762196%40unex.es.
Re: [cas-user] CAS 5.0.2 compilation and deployment
On Thu, 26 Jan 2017 06:03:46 -0500 dkopyle...@unicon.net wrote: > > On Jan 26, 2017, 05:57 -0500, Jean-Michel Zigna <jm.zi...@gmail.com>, wrote: > > > > I started with the > > cas-server-webapp/build/libs/cas-server-webapp-5.0.2.war, but it seems > > to be not sufficient because I can't find the cas.properties > > configuration file for instance. > > > > Could you please tell me how to complete the instalation/configuration > > to connect to an LDAP? > > > https://apereo.github.io/cas/5.0.x/installation/Maven-Overlay-Installation.html Am I the only one who finds that page utterly confusing? I did a few CAS 4 deployments and suddenly I can't grasp anything about how to get CAS 5 up and running. -- Alberto Cabello Sánchez Universidad de Extremadura -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20170130144646.7d14ecdfc00d028f9e79ac30%40unex.es.
Re: [cas-user] Compiling mod_auth_cas on debian 8 (missing aclocal-1.15)
On Mon, 21 Mar 2016 16:00:40 +0100 Philippe MARASSE <philippe.mara...@ch-poitiers.fr> wrote: > Hello, > > I'm trying to compile mod_auth_cas on a Debian 8 jessie, sources are > cloned from github. ./configure works but make complains about missing > aclocal-1.15. That's really strange, as I can build mod_auth_cas on my Jessie box just exploding the ZIP downloaded from https://codeload.github.com/Jasig/mod_auth_cas/zip/master but, as you wrote, not in the directory git-cloned from https://github.com/Jasig/mod_auth_cas.git -- Alberto Cabello Sánchez <albe...@unex.es> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
