[cas-user] [CAS5]

[Didier Capdevielle]

Hi all (those still alive despite the heat),

Is there a way to make a persistent session (never expires) only for a 
specific service (JSON file) ? 
NB: Global policy is SSO and Throttled Timeout Policy

Best regards,

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/76771836-5bfb-4de9-9d4f-f93cc3d0363e%40apereo.org.

[cas-user] [cas 5.3.x] Crash with 5.2.x' parameters

[Didier Capdevielle]

Hi all,

I am having problem when i want to migrate from 5.2.9 to 5.3.9

With these 2 parameters, Tomcat 8 crashes.

cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views

22-Mar-2019 08:47:54.919 SEVERE [localhost-startStop-1] 
org.apache.catalina.core.ContainerBase.addChildInternal 
ContainerBase.addChild: start:
 org.apache.catalina.LifecycleException: Failed to start component 
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas]]
at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
at 
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:952)
at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1823)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.factory.BeanCreationException: Error 
creating bean with name 'casBeanValidationPostProcessor' defined in class 
path resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]: 
BeanPostProcessor before instantiation of bean failed; nested exception is 
org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
creating bean with name 
'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration':
 
Unsatisfied dependency expressed through method 'setConfigurers' parameter 
0; nested exception is 
org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
creating bean with name 'casCoreTicketsConfiguration': Unsatisfied 
dependency expressed through field 'casProperties'; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 
'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not 
bind properties to CasConfigurationProperties (prefix=cas, 
ignoreInvalidFields=false, ignoreUnknownFields=false, 
ignoreNestedProperties=false); nested exception is 
org.springframework.beans.NotWritablePropertyException: Invalid property 
'themeResolver[defaultThemeName]' of bean class 
[org.apereo.cas.configuration.CasConfigurationProperties]: Cannot access 
indexed value in property referenced in indexed property path 
'themeResolver[defaultThemeName]'; nested exception is 
org.springframework.beans.NotReadablePropertyException: Invalid property 
'themeResolver[defaultThemeName]' of bean class 
[org.apereo.cas.configuration.CasConfigurationProperties]: Bean property 
'themeResolver[defaultThemeName]' is not readable or has an invalid getter 
method: Does the return type of the getter match the parameter type of the 
setter?
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:477)
at 
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
at 
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at 
org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:237)
at 
org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:703)
at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:528)
at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:124)
at 
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at 
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at 
org.springframework.boot.web.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:156)
at 
org.springframework.boot.web.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:136)
at 
org.springframework.boot.web.support.SpringBootServletInitializer.onStartup(SpringBootSe

[cas-user] [CAS 5.2.5] Reading JWT when cas.authn.token.crypto.encryptionEnabled=true

[Didier Capdevielle]

Hi and happy new year, 

I have a cas server using JWT Service Tickets (testing).
When cas.authn.token.crypto.encryptionEnabled=false, i can read my token 
using jwt.io. No problem. I see the payload and so on.
When cas.authn.token.crypto.encryptionEnabled=true, I can't read the token. 
Payload = {}.
What do i forget ?

Other question : what about secret in JWT ST Use ?

Thanks in advance,

Best wishes,

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b89f8a8-6d69-4a03-b49c-f0fd0de536ca%40apereo.org.

Re: [cas-user][CAS 5.X] Proxy Mode and 5.2.x

[Didier Capdevielle]

Hi Luke,
Sorry to answer so late.
We are in version 4.x but i don't know exactly what sub-version. Sorry we 
just manage authentication (CAS, Shibboleth) and so on.
Do you want i ask my colleague or version 4 is enough ?

Best regards,

Le lundi 26 février 2018 20:09:13 UTC+1, Luke Whittington a écrit :
>
> Hi, Didier. We're also experiencing some WebProxy and ClearPass issues 
> with CAS 5.2.x and uPortal 4. What version of uPortal are you running?
>
> thanks,
> Luke
>
> OK, I answer by myself.
> Found the solution by a colleague in a French list. Thanks a lot to him.
> I try to explain (sorry for my english) :
> Problem is in our UPortal behind a web front-end server. We have to add 
> *allowedProxyChains 
> *parameter in the web.xml of UPortal.
> CAS Server 5.2.x needs this parameter (CAS Server 5.1.x NO).
> Thanks 
> Best regards 
> - hide quoted text -
>
> Le jeudi 22 février 2018 16:40:22 UTC+1, Didier Capdevielle a écrit : 
>>
>> Hello CAS' Experts,
>>
> We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x. 
> SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME 
> configuration (except json-service-registry dependency and json location 
> directory : different names). SAME Json files.
> 5.1.7 / 5.1.8 : NO problem with proxy mode (CAS 2 protocol) 
> 2018-02-22 16:35:02,692 DEBUG 
> [org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of 
> [PGTIOU-*jIOaCR1nRg-cas-test] 
> for service: [https://xx.xx/uPortal/CasProxyServlet"; rel="nofollow" 
> target="_blank" onmousedown="this.href='
> https://www.google.com/url?q\x3dhttps%3A%2F%2Fxx.xx%2FuPortal%2FCasProxyServlet\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return
>  
> <https://www.google.com/url?q%5Cx3dhttps%3A%2F%2Fxx.xx%2FuPortal%2FCasProxyServlet%5Cx26sa%5Cx3dD%5Cx26sntz%5Cx3d1%5Cx26usg%5Cx3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return>
>  
> true;" onclick="this.href='
> https://www.google.com/url?q\x3dhttps%3A%2F%2Fxx.xx%2FuPortal%2FCasProxyServlet\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return
>  
> <https://www.google.com/url?q%5Cx3dhttps%3A%2F%2Fxx.xx%2FuPortal%2FCasProxyServlet%5Cx26sa%5Cx3dD%5Cx26sntz%5Cx3d1%5Cx26usg%5Cx3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return>
>  
> true;">https://xx.xx/uPortal/CasProxyServlet 
> <https://xx.xx/uPortal/%3Cwbr%3ECasProxyServlet%3C/a%3E>]
> 2018-02-22 16:35:02,692 DEBUG 
> [org.apereo.cas.web.AbstractServiceValidateController] - Successfully 
> validated service ticket [ST-2-jML5LiuPAf2x4cQMZlbt-cas-test] for service [
> https://x.xx/uPortal/Login"; rel="nofollow" target="_blank" 
> onmousedown="this.href='
> https://www.google.com/url?q\x3dhttps%3A%2F%2Fx.xx%2FuPortal%2FLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return
>  
> <https://www.google.com/url?q%5Cx3dhttps%3A%2F%2Fx.xx%2FuPortal%2FLogin%5Cx26sa%5Cx3dD%5Cx26sntz%5Cx3d1%5Cx26usg%5Cx3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return>
>  
> true;" onclick="this.href='
> https://www.google.com/url?q\x3dhttps%3A%2F%2Fx.xx%2FuPortal%2FLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return
>  
> <https://www.google.com/url?q%5Cx3dhttps%3A%2F%2Fx.xx%2FuPortal%2FLogin%5Cx26sa%5Cx3dD%5Cx26sntz%5Cx3d1%5Cx26usg%5Cx3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return>
>  
> true;">https://x.xx/uPortal/Login 
> <https://x.xx/uPortal/%3Cwbr%3ELogin%3C/a%3E>]
>
> 5.2.x : No error in logs but Impossible to have PGT Iou
>
> What is changing in 5.2.x ?
>
> Thanks in Advance,
>
> Best regards.
> 
> 
>
>
>
> -- 
>
> Luke Whittington
> Software Developer
> Development Services, University of Victoria
> lwhi...@uvic.ca  - 250-472-5696
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/28d88908-319f-4768-b7b8-c6e50d81b05e%40apereo.org.

[cas-user] Re: [CAS 5.X] Proxy Mode and 5.2.x

[Didier Capdevielle]

OK, I answer by myself.
Found the solution by a colleague in a French list. Thanks a lot to him.
I try to explain (sorry for my english) :
Problem is in our UPortal behind a web front-end server. We have to add 
*allowedProxyChains 
*parameter in the web.xml of UPortal.
CAS Server 5.2.x needs this parameter (CAS Server 5.1.x NO).
Thanks 
Best regards

Le jeudi 22 février 2018 16:40:22 UTC+1, Didier Capdevielle a écrit :
>
> Hello CAS' Experts,
> We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x. 
> SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME configuration 
> (except json-service-registry dependency and json location directory : 
> different names). SAME Json files.
> 5.1.7 / 5.1.8 : NO problem with proxy mode (CAS 2 protocol) 
> 2018-02-22 16:35:02,692 DEBUG 
> [org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of 
> [PGTIOU-*jIOaCR1nRg-cas-test] 
> for service: [https://xx.xx/uPortal/CasProxyServlet]
> 2018-02-22 16:35:02,692 DEBUG 
> [org.apereo.cas.web.AbstractServiceValidateController] - Successfully 
> validated service ticket [ST-2-jML5LiuPAf2x4cQMZlbt-cas-test] for service [
> https://x.xx/uPortal/Login]
>
> 5.2.x : No error in logs but Impossible to have PGT Iou
>
> What is changing in 5.2.x ?
>
> Thanks in Advance,
>
> Best regards.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2da9b336-c3ac-4d0a-91b7-4fc42ffa942e%40apereo.org.

[cas-user] [CAS 5.X] Proxy Mode and 5.2.x

[Didier Capdevielle]

Hello CAS' Experts,
We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x. 
SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME configuration 
(except json-service-registry dependency and json location directory : 
different names). SAME Json files.
5.1.7 / 5.1.8 : NO problem with proxy mode (CAS 2 protocol) 
2018-02-22 16:35:02,692 DEBUG 
[org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of 
[PGTIOU-*jIOaCR1nRg-cas-test] 
for service: [https://xx.xx/uPortal/CasProxyServlet]
2018-02-22 16:35:02,692 DEBUG 
[org.apereo.cas.web.AbstractServiceValidateController] - Successfully 
validated service ticket [ST-2-jML5LiuPAf2x4cQMZlbt-cas-test] for service 
[https://x.xx/uPortal/Login]

5.2.x : No error in logs but Impossible to have PGT Iou

What is changing in 5.2.x ?

Thanks in Advance,

Best regards.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d5f257d-f07f-48aa-b99b-29f57611483e%40apereo.org.

[cas-user] Re: [CAS 5.1.6 and 5.2.0] JWT : Last call before nervous breakdown

[Didier Capdevielle]

from beyond the grave : happy new year !


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c664ff09-db72-4532-9c0e-1edc428c93b3%40apereo.org.

[cas-user] [CAS 5.1.6 and 5.2.0] JWT : Last call before nervous breakdown

[Didier Capdevielle]

Hi all,

I try since a too long time to make JWT Service Ticket works.

no problerm with dependencies cas-server-support-token-tickets (and 
cas-server-support-token-webflow) in pom.xml

In cas.properties (version 5.2.0, names of parameters have changed)
...
## JWT authentification :
#
# cas.authn.token.name=

# cas.authn.token.principalTransformation.pattern=(.+)@example.org
# 
cas.authn.token.principalTransformation.groovy.location=file:///etc/cas/config/principal.groovy
# cas.authn.token.principalTransformation.suffix=
# 
cas.authn.token.principalTransformation.caseConversion=NONE|UPPERCASE|LOWERCASE
# cas.authn.token.principalTransformation.prefix=

## JWT Service Tickets :
#
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.encryptionEnabled=true
cas.authn.token.crypto.signing.key=S..(the signing 
key).w
cas.authn.token.crypto.signing.keySize=512
cas.authn.token.crypto.encryption.key=Q (the encryption key) .BM
cas.authn.token.crypto.encryption.keySize=256
cas.authn.token.crypto.alg=AES
...

Tests with a CAS client (php-cas) and JSON File for Service Registry :
{
   "@class" : "org.apereo.cas.services.RegexRegisteredService",
   "serviceId" : "^https://v-testcas01.*";,
   "name" : "Service(s) Tickets JWT",
   "id" : 1008,
   "evaluationOrder" : 15,
   "properties" : {
  "@class" : "java.util.HashMap",
  "jwtAsServiceTicket" : {
 "@class" : 
"org.apereo.cas.services.DefaultRegisteredServiceProperty",
 "values" : [ "java.util.HashSet", [ "true" ] ]
   }
   }
}

What exactly do jwtAsServiceTicket vs jwtAsResponse ?

No errors in log : TGT then ST then ST Validate but after that, nothing. No 
trace of JWT (and TGC looks same).

How to be sure application received JWT and how to decrypt that ? 
Where am i wrong in configuration ?
 
Many thanks for any help,

Best regards,

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b33c1343-c7c9-49b5-90cf-cfd9a1faf6f4%40apereo.org.

Re: [cas-user] Re: Migrate From Cas 5.1.6 to Cas 5.2.0 and JWT Problem

[Didier Capdevielle]

Yes. Thanks a lot.
I believed renaming parameters was finished since 5.1.x but not :-(
Thanks for your help.

Le lundi 11 décembre 2017 15:33:07 UTC+1, William E. a écrit :
>
> I believe in 5.2.x it was renamed to cas.serviceRegistry.json.location
>
> -W
>
>
> On Monday, December 11, 2017 at 3:12:51 AM UTC-6, Didier Capdevielle wrote:
>>
>> Hi,
>> Thanks for your answer. It better works with the good dependency ;)
>>
>> But now, i have another problem.
>> With *same* configuration (just rebuild and deploy)
>> *cas.serviceRegistry.config.location: file:/etc/cas/json/ * (in 
>> cas.properties) works fine in 5.1.6 but not in  5.2.0 
>> Is there a new syntax ?
>>
>> ThanKs.
>> Best regards,
>>
>>  
>>
>> Le vendredi 8 décembre 2017 15:15:51 UTC+1, leleuj a écrit :
>>>
>>> Hi,
>>>
>>> In version 5.2, the artifact is now named: 
>>> cas-server-support-token-tickets, see: 
>>> https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> On Fri, Dec 8, 2017 at 3:02 PM, Didier Capdevielle  
>>> wrote:
>>>
>>>> Oups ! Sorry, i was *NOT* in 5.2.0 (back to 5.1.6)  and i also can't 
>>>> build cas.war 
>>>>
>>>> [ERROR] Failed to execute goal on project cas-overlay: Could not 
>>>> resolve dependencies for project org.apereo.cas:cas-overlay:war:1.0: Could 
>>>> not find artifact org.apereo.cas:*cas-server-support-token:jar:5.2.0* 
>>>> in sonatype-releases (
>>>> http://oss.sonatype.org/content/repositories/releases/)
>>>>
>>>> Really sorry, 
>>>> Best regards,
>>>>
>>>>
>>>> Le mardi 5 décembre 2017 07:44:17 UTC+1, hadi a écrit :
>>>>>
>>>>> Hi 
>>>>>
>>>>> when i download Cas 5.2.0 maven overlay and add my recent dependencies 
>>>>> the cas-server-support-token jar file does not resolve for 5.2.0 version
>>>>> I added below dependencies : 
>>>>>
>>>>> 
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-server-webapp${app.server}
>>>>> ${cas.version}
>>>>> war
>>>>> runtime
>>>>> 
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-server-support-json-service-registry
>>>>> ${cas.version}
>>>>> 
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-server-support-ldap
>>>>> ${cas.version}
>>>>> 
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-server-support-hazelcast-ticket-registry
>>>>> ${cas.version}
>>>>>  
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-server-core-logout
>>>>> ${cas.version}
>>>>> 
>>>>>
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-server-support-token
>>>>> ${cas.version}
>>>>> 
>>>>> 
>>>>>
>>>>> I want to use jwt service ticket and because of that i added 
>>>>> cas-server-support-token as cas document but i think there is no 
>>>>> specified 
>>>>> version for that 
>>>>> anybody knows what happend ?
>>>>> thanks
>>>>>  
>>>>>
>>>> -- 
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> --- 
>>>> You received this message because you are subscribed to the Google 
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit 
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/de7a601f-5fb7-4731-a94f-fe641b162093%40apereo.org
>>>>  
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/de7a601f-5fb7-4731-a94f-fe641b162093%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/96980edc-8172-451e-8392-cba017cb2016%40apereo.org.

Re: [cas-user] Re: Migrate From Cas 5.1.6 to Cas 5.2.0 and JWT Problem

[Didier Capdevielle]

Hi,
Thanks for your answer. It better works with the good dependency ;)

But now, i have another problem.
With *same* configuration (just rebuild and deploy)
*cas.serviceRegistry.config.location: file:/etc/cas/json/ * (in 
cas.properties) works fine in 5.1.6 but not in  5.2.0 
Is there a new syntax ?

ThanKs.
Best regards,

 

Le vendredi 8 décembre 2017 15:15:51 UTC+1, leleuj a écrit :
>
> Hi,
>
> In version 5.2, the artifact is now named: 
> cas-server-support-token-tickets, see: 
> https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html
>
> Thanks.
> Best regards,
> Jérôme
>
>
> On Fri, Dec 8, 2017 at 3:02 PM, Didier Capdevielle  > wrote:
>
>> Oups ! Sorry, i was *NOT* in 5.2.0 (back to 5.1.6)  and i also can't 
>> build cas.war 
>>
>> [ERROR] Failed to execute goal on project cas-overlay: Could not resolve 
>> dependencies for project org.apereo.cas:cas-overlay:war:1.0: Could not find 
>> artifact org.apereo.cas:*cas-server-support-token:jar:5.2.0* in 
>> sonatype-releases (http://oss.sonatype.org/content/repositories/releases/
>> )
>>
>> Really sorry, 
>> Best regards,
>>
>>
>> Le mardi 5 décembre 2017 07:44:17 UTC+1, hadi a écrit :
>>>
>>> Hi 
>>>
>>> when i download Cas 5.2.0 maven overlay and add my recent dependencies 
>>> the cas-server-support-token jar file does not resolve for 5.2.0 version
>>> I added below dependencies : 
>>>
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-webapp${app.server}
>>> ${cas.version}
>>> war
>>> runtime
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-json-service-registry
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-ldap
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-hazelcast-ticket-registry
>>> ${cas.version}
>>>  
>>> 
>>> org.apereo.cas
>>> cas-server-core-logout
>>> ${cas.version}
>>> 
>>>
>>> 
>>> org.apereo.cas
>>> cas-server-support-token
>>> ${cas.version}
>>> 
>>> 
>>>
>>> I want to use jwt service ticket and because of that i added 
>>> cas-server-support-token as cas document but i think there is no specified 
>>> version for that 
>>> anybody knows what happend ?
>>> thanks
>>>  
>>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/de7a601f-5fb7-4731-a94f-fe641b162093%40apereo.org
>>  
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/de7a601f-5fb7-4731-a94f-fe641b162093%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c064804f-277a-48a0-ae67-50a001298749%40apereo.org.

[cas-user] Re: Migrate From Cas 5.1.6 to Cas 5.2.0 and JWT Problem

[Didier Capdevielle]

Oups ! Sorry, i was *NOT* in 5.2.0 (back to 5.1.6)  and i also can't build 
cas.war 

[ERROR] Failed to execute goal on project cas-overlay: Could not resolve 
dependencies for project org.apereo.cas:cas-overlay:war:1.0: Could not find 
artifact org.apereo.cas:*cas-server-support-token:jar:5.2.0* in 
sonatype-releases (http://oss.sonatype.org/content/repositories/releases/)

Really sorry, 
Best regards,


Le mardi 5 décembre 2017 07:44:17 UTC+1, hadi a écrit :
>
> Hi 
>
> when i download Cas 5.2.0 maven overlay and add my recent dependencies 
> the cas-server-support-token jar file does not resolve for 5.2.0 version
> I added below dependencies : 
>
> 
> 
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-hazelcast-ticket-registry
> ${cas.version}
>  
> 
> org.apereo.cas
> cas-server-core-logout
> ${cas.version}
> 
>
> 
> org.apereo.cas
> cas-server-support-token
> ${cas.version}
> 
> 
>
> I want to use jwt service ticket and because of that i added 
> cas-server-support-token as cas document but i think there is no specified 
> version for that 
> anybody knows what happend ?
> thanks
>  
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/de7a601f-5fb7-4731-a94f-fe641b162093%40apereo.org.

[cas-user] Re: Migrate From Cas 5.1.6 to Cas 5.2.0 and JWT Problem

[Didier Capdevielle]

Other lead : did you clear your Maven repository (/root/.m2/repository/ in 
Debian) before building 5.2.0 ?

Le vendredi 8 décembre 2017 14:29:26 UTC+1, Didier Capdevielle a écrit :
>
> HI, 
> Not sure to well understand your problem.
> Building cas.war with cas-server-support-token (AND 
> cas-server-support-token-webflow is it necessary ?) dependencies seems to 
> work well with Cas 5.2.0 maven overlay.
> For me problems happen with json file configuration in registry.
> First time, json file directory was not taken in account ()
> Second time, problem in evaluationOrder (here, it's my fault).
> I'm not a specialist. Sorry if i am out of your mind.
>
> In 5.1.6, i can't make JWT Service ticket works. I can't configure service 
> in registry (json file) or may be it is in cas.properties. 
> Where did you find sample and/or documentation (apart Apereo) ?
>
> Best regards,
>
> Le mardi 5 décembre 2017 07:44:17 UTC+1, hadi a écrit :
>>
>> Hi 
>>
>> when i download Cas 5.2.0 maven overlay and add my recent dependencies 
>> the cas-server-support-token jar file does not resolve for 5.2.0 version
>> I added below dependencies : 
>>
>> 
>> 
>> org.apereo.cas
>> cas-server-webapp${app.server}
>> ${cas.version}
>> war
>> runtime
>> 
>> 
>> org.apereo.cas
>> cas-server-support-json-service-registry
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-support-hazelcast-ticket-registry
>> ${cas.version}
>>  
>> 
>> org.apereo.cas
>> cas-server-core-logout
>> ${cas.version}
>> 
>>
>> 
>> org.apereo.cas
>> cas-server-support-token
>> ${cas.version}
>> 
>> 
>>
>> I want to use jwt service ticket and because of that i added 
>> cas-server-support-token as cas document but i think there is no specified 
>> version for that 
>> anybody knows what happend ?
>> thanks
>>  
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/be5f76d9-f2cc-42df-8256-6720d6f2dd08%40apereo.org.

[cas-user] Re: Migrate From Cas 5.1.6 to Cas 5.2.0 and JWT Problem

[Didier Capdevielle]

HI, 
Not sure to well understand your problem.
Building cas.war with cas-server-support-token (AND 
cas-server-support-token-webflow is it necessary ?) dependencies seems to 
work well with Cas 5.2.0 maven overlay.
For me problems happen with json file configuration in registry.
First time, json file directory was not taken in account ()
Second time, problem in evaluationOrder (here, it's my fault).
I'm not a specialist. Sorry if i am out of your mind.

In 5.1.6, i can't make JWT Service ticket works. I can't configure service 
in registry (json file) or may be it is in cas.properties. 
Where did you find sample and/or documentation (apart Apereo) ?

Best regards,

Le mardi 5 décembre 2017 07:44:17 UTC+1, hadi a écrit :
>
> Hi 
>
> when i download Cas 5.2.0 maven overlay and add my recent dependencies 
> the cas-server-support-token jar file does not resolve for 5.2.0 version
> I added below dependencies : 
>
> 
> 
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-hazelcast-ticket-registry
> ${cas.version}
>  
> 
> org.apereo.cas
> cas-server-core-logout
> ${cas.version}
> 
>
> 
> org.apereo.cas
> cas-server-support-token
> ${cas.version}
> 
> 
>
> I want to use jwt service ticket and because of that i added 
> cas-server-support-token as cas document but i think there is no specified 
> version for that 
> anybody knows what happend ?
> thanks
>  
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fc79c5f-908d-4250-a713-3fb1cc9f9609%40apereo.org.

[cas-user] Re: 5.1.x JWT Authentication

[Didier Capdevielle]

Hi everyone,

*Is someone having explanation, how to configure or example for the JWT 
parameters ?*

## JWT authentification :
#
# cas.authn.token.name=
# cas.authn.token.principalTransformation.suffix=
# cas.authn.token.principalTransformation.caseConversion=NONE| 
UPPERCASE|LOWERCASE
# cas.authn.token.principalTransformation.prefix=
Thanks in advance,
Regards,

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5db0932a-81dc-4da7-b52f-e102267691cb%40apereo.org.

[cas-user] Re: 5.1.x JWT Authentication

[Didier Capdevielle]

Nobody knows ?  :-(

Le vendredi 6 octobre 2017 16:40:45 UTC+2, Didier Capdevielle a écrit :
>
> Hi all,
> I am testing JWT Authentication on a testing CAS Server.
> Here is the URL i passed to the server : 
> https:///cas/login?service=https://&token= 
>
>  is valid on https://jwt.io/ debugger
>
> Here is the log (cas.log) :
>
> *ERROR 
> [org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractWrapperAuthenticationHandler]
>  
> - Failed to validate credentials*
>
> *org.pac4j.core.exception.CredentialsException: No signature algorithm 
> found for JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...*
>
> **
>
> AND
>
>
>
> *[org.apereo.cas.token.authentication.TokenCredential@4957b789[service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@56809aec[id=https://,originalUrl=https://,artifactId=,principal=,loggedOutAlready=false,format=XML]]]
>  
> of type [TokenCredential], which suggests a configuration problem.*
>
>
>
> *OK. But i don't find anything about configuration, cas.properties i must 
> change or this algorithm not found. Could anybody give some help (links, 
> samples, ...) ?*
>
> *Thanks in advance,*
>
>
> *Best regards,*
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/76707601-b4c3-428a-80f5-4097a05746bb%40apereo.org.

[cas-user] 5.1.x JWT Authentication

[Didier Capdevielle]

Hi all,
I am testing JWT Authentication on a testing CAS Server.
Here is the URL i passed to the server : 
https:///cas/login?service=https://&token= 

 is valid on https://jwt.io/ debugger

Here is the log (cas.log) :

*ERROR 
[org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractWrapperAuthenticationHandler]
 
- Failed to validate credentials*

*org.pac4j.core.exception.CredentialsException: No signature algorithm 
found for JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...*

**

AND



*[org.apereo.cas.token.authentication.TokenCredential@4957b789[service=org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@56809aec[id=https://,originalUrl=https://,artifactId=,principal=,loggedOutAlready=false,format=XML]]]
 
of type [TokenCredential], which suggests a configuration problem.*



*OK. But i don't find anything about configuration, cas.properties i must 
change or this algorithm not found. Could anybody give some help (links, 
samples, ...) ?*

*Thanks in advance,*


*Best regards,*

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e025523-378b-4c71-8508-e6c34451d0cd%40apereo.org.

[cas-user] Re: Service registry initialisation using JSON files. Help needed

[Didier Capdevielle]

PS: Many syntax work fine (with = or with :). The problem was not here.
>
> I'm not sure of that. I beleived that but my Ansible role was not 
up-to-date.
Sorry.
Best regards, 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/720894ea-40ad-4fe0-a3da-d6d02db9ec35%40apereo.org.

[cas-user] Re: Service registry initialisation using JSON files. Help needed

[Didier Capdevielle]

Thanks all (and especially David) for your response,
Stupid i am. Problem was a right access to the directory (and files). Of 
course.
Making the directory and files accessible by the "tomcat" user (tomcat8 in 
my case) is the solution (in my case).
Thanks,
Best regards 
PS: Many syntax work fine (with = or with :). The problem was not here.




-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f4a47d5b-7e90-4784-a4cf-04d3ef189642%40apereo.org.

[cas-user] Re: Service registry initialisation using JSON files. Help needed

[Didier Capdevielle]

Hi Andy,
Thanks for your answer.
Unfortunately, that don't work.
I yet try any possibilities : file:///etc/cas/json ; file://etc/cas/json ; 
file:/etc/cas/json ; /etc/cas/json ; ...
In 5.0.x (and perhaps in 4.2.x), it worked but i don't remember the 
thing(s) i did to make this working (and i delete cas VM).
Thanks.
Best regards,



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa40dae-3a90-4a35-a6eb-7de3c6f2f51c%40apereo.org.

[cas-user] [CAS 5.1.3] status/config page is displayed but without parameters

[Didier Capdevielle]

Hi all,
I use CAS Server 5.1.3 on debian stretch witj tomcat8 and Java 1.8.
I can display all status pages but status/config is empty with messages "No 
data available in table" and "Showing 0 to 0 of 0 entries".
I suppose there is a new security (comparing to 5.0.x) but how to display 
config ?
Any idea ?
Thanks in advance
Best regards,

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/97d4732c-c59f-4b53-b616-3349811d5456%40apereo.org.

[cas-user] Re: Service registry initialisation using JSON files. Help needed

[Didier Capdevielle]

Hi all,
I use CAS server 5.1.3 on Debian Stretch with Tomcat8 and Java 1.8
In cas.properties,
*cas.serviceRegistry.initFromJson=true*
*cas.serviceRegistry.config.location=file://etc/cas/json*
In pom.xml, the needed dependency.
But don't work (NB: It works if i cas.serviceRedistry.config.location is in 
comment)

When i want to start Tomcat8, here is the catalina.out :
2017-09-20 10:15:56,974 WARN 
[org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext]
 
- 
2017-09-20 10:15:56,974 WARN 
[org.apereo.cas.services.ServiceRegistryConfigWatcher] - 
Exception in thread "org.apereo.cas.services.JsonServiceRegistryDao" 
java.nio.file.ClosedWatchServiceException
at 
sun.nio.fs.AbstractWatchService.checkOpen(AbstractWatchService.java:80)
at 
sun.nio.fs.AbstractWatchService.checkKey(AbstractWatchService.java:92)
at 
sun.nio.fs.AbstractWatchService.take(AbstractWatchService.java:119)
at 
org.apereo.cas.services.ServiceRegistryConfigWatcher.run(ServiceRegistryConfigWatcher.java:72)
at java.lang.Thread.run(Thread.java:748)
2017-09-20 10:15:57.000 INFO net.spy.memcached.MemcachedClient:  
Suppressing duplicate attempt to shut down
2017-09-20 10:15:57.005 INFO net.spy.memcached.MemcachedConnection:  Shut 
down memcached client
20-Sep-2017 10:15:57.024 SEVERE [localhost-startStop-1] 
org.apache.catalina.core.ContainerBase.addChildInternal 
ContainerBase.addChild: start:
 org.apache.catalina.LifecycleException: Failed to start component 
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas]]
at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
at 
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:952)
at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1823)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.factory.BeanCreationException: Error 
creating bean with name 'serviceRegistryInitializer': Invocation of init 
method failed; nested exception is java.lang.IllegalArgumentException: IO 
error opening file stream.
(and so on)

Any idea ? any help ?
Thanks in advance.

Best regards,




-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a98cda0c-83ab-4eb8-91ef-b6f5000b224d%40apereo.org.

[cas-user] Change local repository for maven War Overlay

[Didier Capdevielle]

Hello everybody,
(Sorry for my english)
I am making many tests and install of Cas Server 5.0.x using Maven War 
Overlay.
I often fill my server's filesystem and want to change local repository.
With Maven, no problem : change is on /etc/maven/settings.xml but this 
change doesn't work for mvnw.
I spent many time searching in the Net but i did not find anything.
Do someone know what to do to change local repository for mvnw ?
TIA.
Best regards,  

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/efb493ab-9916-4da5-a1de-433f80dca325%40apereo.org.

[cas-user] Re: [CAS 5.0.x] json and inmemory all together in

[Didier Capdevielle]

Hi all,
It was a problem with an old installation of cas-management. 
Sorry.
Regards,

Le mardi 6 juin 2017 16:25:11 UTC+2, Didier Capdevielle a écrit :
>
> Sorry, bad manip'
>
> I follow.
>
> Le mardi 6 juin 2017 16:20:22 UTC+2, Didier Capdevielle a écrit :
>>
>> Hi all,
>> Maybe is there something i don't understand but ...
>>
>> I add cas-server-support-json-service-registry dependency.
>> I add parameters in cas.properties :
>> ...
>> ## Service Registry
>> # cas.serviceRegistry.watcherEnabled=true  OR uncommented
>> # cas.serviceRegistry.repeatInterval=12 OR uncommented
>> # cas.serviceRegistry.startDelay=15000   OR uncommented
>> cas.serviceRegistry.initFromJson=true
>>
>> ##
>> # JSON Service Registry
>> #
>> # Directory location where JSON service files may be found.
>> # v42x: service.registry.config.location=/etc/cas/json
>> # cas.serviceRegistry.config.location: classpath:/services
>> cas.serviceRegistry.config.location=file:///etc/cas/json/
>> ...
>>
>> I build and deploy and here is catalina.out :
>>
> 2017-06-06 15:53:15,323 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
> 2017-06-06 15:53:47,544 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from InMemoryServiceRegistryDaoImpl.>
> 2017-06-06 15:54:15,323 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
> 2017-06-06 15:54:47,544 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from InMemoryServiceRegistryDaoImpl.>
> 2017-06-06 15:55:15,324 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
> 2017-06-06 15:55:47,545 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from InMemoryServiceRegistryDaoImpl.>
> 2017-06-06 15:56:15,326 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
> 2017-06-06 15:56:47,545 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from InMemoryServiceRegistryDaoImpl.>
> 2017-06-06 15:57:15,327 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
> 2017-06-06 15:57:47,546 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from InMemoryServiceRegistryDaoImpl.>
> 2017-06-06 15:58:15,327 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
> 2017-06-06 15:58:47,546 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from InMemoryServiceRegistryDaoImpl.>
> 2017-06-06 15:59:15,328 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
> 2017-06-06 15:59:47,547 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from InMemoryServiceRegistryDaoImpl.>
> 2017-06-06 16:00:15,329 INFO 
> [org.apereo.cas.services.DefaultServicesManagerImpl] -  from JsonServiceRegistryDao.>
>
> And so on
>
> In 4.2.1, i choosed JSON on deployerConfigContext.xml but now ?
>
> What's wrong ? 
> How to stop inMemoryService ? Where ?
>
> Thanks in advance,
> Best regards.
>  
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1cb84650-20e2-4e27-a449-40b27e0ad666%40apereo.org.

[cas-user] Re: [CAS 5.0.x] json and inmemory all together in

[Didier Capdevielle]

Sorry, bad manip'

I follow.

Le mardi 6 juin 2017 16:20:22 UTC+2, Didier Capdevielle a écrit :
>
> Hi all,
> Maybe is there something i don't understand but ...
>
> I add cas-server-support-json-service-registry dependency.
> I add parameters in cas.properties :
> ...
> ## Service Registry
> # cas.serviceRegistry.watcherEnabled=true  OR uncommented
> # cas.serviceRegistry.repeatInterval=12 OR uncommented
> # cas.serviceRegistry.startDelay=15000   OR uncommented
> cas.serviceRegistry.initFromJson=true
>
> ##
> # JSON Service Registry
> #
> # Directory location where JSON service files may be found.
> # v42x: service.registry.config.location=/etc/cas/json
> # cas.serviceRegistry.config.location: classpath:/services
> cas.serviceRegistry.config.location=file:///etc/cas/json/
> ...
>
> I build and deploy and here is catalina.out :
>
2017-06-06 15:53:15,323 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:53:47,544 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:54:15,323 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:54:47,544 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:55:15,324 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:55:47,545 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:56:15,326 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:56:47,545 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:57:15,327 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:57:47,546 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:58:15,327 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:58:47,546 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:59:15,328 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 15:59:47,547 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 
2017-06-06 16:00:15,329 INFO 
[org.apereo.cas.services.DefaultServicesManagerImpl] - 

And so on

In 4.2.1, i choosed JSON on deployerConfigContext.xml but now ?

What's wrong ? 
How to stop inMemoryService ? Where ?

Thanks in advance,
Best regards.
 

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/69e41caa-1641-4424-b459-ecb2ebed10df%40apereo.org.

[cas-user] [CAS 5.0.x] json and inmemory all together in

[Didier Capdevielle]

Hi all,
Maybe is there something i don't understand but ...

I add cas-server-support-json-service-registry dependency.
I add parameters in cas.properties :
...
## Service Registry
# cas.serviceRegistry.watcherEnabled=true  OR uncommented
# cas.serviceRegistry.repeatInterval=12 OR uncommented
# cas.serviceRegistry.startDelay=15000
cas.serviceRegistry.initFromJson=true

##
# JSON Service Registry
#
# Directory location where JSON service files may be found.
# v42x: service.registry.config.location=/etc/cas/json
# cas.serviceRegistry.config.location: classpath:/services
cas.serviceRegistry.config.location=file:///etc/cas/json/
...


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ca6cbda-a022-4e34-8015-ada04cbe7dc9%40apereo.org.

Re: [cas-user] CAS with two ldap servers

[Didier Capdevielle]

Hi,

We use a similar configuration : 

ldap.url=ldap://localhost ldaps://remote_ldap(Please: Note ldap for 
localhost and ldaps for remote)

LDAP Handler is ldapAuthenticationHandler

It works but we notice that remote LDAP is rather used than local. Is it 
because configuration is made for LDAPS ?

Is it possible to give an order of use ?

Thanks in advance for yous answer.

best regards,


Le mercredi 21 septembre 2016 16:19:45 UTC+2, Josep Manel Andrés a écrit :
>
> ldap.url=ldap://opsld01.domain.com ldap://opsld02.domain.com 
>
> This is what we use and when one goes offline, it goes straight to the 
> active. 
>
> On 21/09/16 10:28, Philippe MARASSE wrote: 
> > Hello, 
> > 
> > We use this kind of declaration : 
> > 
> > cas.authn.ldap[0].ldapUrl=ldap://ldap1.example.com ldap2.example.com 
> > 
> > Ldaptive seems happy with that. 
> > 
> > Regards 
> > 
> > Le 16/09/2016 à 16:39, Nikolas Stylianides a écrit : 
> >> Hi. 
> >> Does anyone know how to configure a CAS server with two ldap servers 
> >> (in MirrorMode)? 
> >> Thank you in advance. 
> >> 
> >> -- 
> >> You received this message because you are subscribed to the Google 
> >> Groups "CAS Community" group. 
> >> To unsubscribe from this group and stop receiving emails from it, send 
> >> an email to cas-user+u...@apereo.org  
> >> . 
> >> To post to this group, send email to cas-...@apereo.org  
> >> . 
> >> Visit this group at 
> >> https://groups.google.com/a/apereo.org/group/cas-user/. 
> >> To view this discussion on the web visit 
> >> 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org
>  
> >> <
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org?utm_medium=email&utm_source=footer>.
>  
>
> >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. 
>
> > 
> > -- 
> > Philippe MARASSE 
> > 
> > Responsable pôle Infrastructures - DSIO 
> > Centre Hospitalier Henri Laborit 
> > CS 10587 - 370 avenue Jacques Cœur 
> > 86021 Poitiers Cedex 
> > Tel : 05.49.44.57.19 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "CAS Community" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to cas-user+u...@apereo.org  
> > . 
> > To post to this group, send email to cas-...@apereo.org  
> > . 
> > Visit this group at 
> https://groups.google.com/a/apereo.org/group/cas-user/. 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ecbb27-f534-eb99-e9c0-35e410f1a20e%40ch-poitiers.fr
>  
> > <
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ecbb27-f534-eb99-e9c0-35e410f1a20e%40ch-poitiers.fr?utm_medium=email&utm_source=footer>.
>  
>
> > For more options, visit https://groups.google.com/a/apereo.org/d/optout. 
>
>
> -- 
> Josep Manel Andrés (josep@bsc.es ) 
> Operations - Barcelona Supercomputing Center 
> C/ Jordi Girona, 31  http://www.bsc.es 
> 08034 Barcelona, Spain Tel: +34-93-405 42 14 
> e-mail: sys...@bsc.es  Fax: +34-93-413 77 21 
> --- 
>
> WARNING / LEGAL TEXT: This message is intended only for the use of the 
> individual or entity to which it is addressed and may contain 
> information which is privileged, confidential, proprietary, or exempt 
> from disclosure under applicable law. If you are not the intended 
> recipient or the person responsible for delivering the message to the 
> intended recipient, you are strictly prohibited from disclosing, 
> distributing, copying, or in any way using this message. If you have 
> received this communication in error, please notify the sender and 
> destroy and delete any copies you may have received. 
>
> http://www.bsc.es/disclaimer 
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6bdc16d9-b20d-4aa8-b341-3334e7179ff7%40apereo.org.

[cas-user] cas-management doesn't access to my json directory

[Didier Capdevielle]

Hello everybody,
(Sorry for my english)

I have a problem reading my JSON directory. Maybe i do not understand how 
it works.

When i installed Cas Server (4.2.7), i use JSON as Service Management and 
change the directory of JSON Files (i can't create new JSON files on 
existing directory, by default).
My new directory is /etc/cas/json

After that, i installed cas-management webapp (5.0.x) on the same server 
and it works fine BUT reading JSON files are those which are in the default 
directory 

In /etc/cas/config/management.properties, i add : 
service.registry.config.location=file:/etc/cas/json but without success.
I don't find other way. I try other syntax. Stille reading the same.

How to make cas-management reading my directory ?  

Thanks in advance,

Best regards,

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3301cd21-fe7c-43df-a79f-9812d1c130a8%40apereo.org.

Re: [cas-user] Cas-Service-Management-Overlay still not working (more info)

[Didier Capdevielle]

Hi everybody,

I answer by myself.
Problem was in server.xml access valve (It is necessary to declare 
application server's IP or to uncomment valve).

Hope this help !
Best regards,

Le vendredi 7 avril 2017 14:47:01 UTC+2, Didier Capdevielle a écrit :
>
> Hi everybody,
>
> I'm a newbie too in CAS and i have the same problem.
>
> I installed a CAS server 4.2.7 with Maven War Overlay, OpenJDK 7 and 
> Tomcat8.
> I installed an Apache Server to redirect request with AJP.
>
> Directly using CAS, no problem.
>
> But using CAS via an application (IdP for example), the same problem 
> occurs.
> Login is OK but ServiceValidate is forbidden.
>
> Her are the logs from Apache ssl_access.log :
>
> 147.210.233.170 - - [07/Apr/2017:14:01:36 +0200] "GET 
> /cas/login?service=https%3A%2F%2Ftestidp.u-bordeaux.fr
> %2Fidp%2FAuthn%2FExtCas%3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D%
> 3Fconversation%3De1s1&entityId=https%3A%2F%2Fkrusty.u-bordeaux.fr%2Fshowlazy 
> HTTP/1.1" 200 9705 "
> https://idp-ubx.u-bordeaux.fr/WTST/wayf.php?entityID=https%3A%2F%2Fkrusty.u-bordeau
> x.fr%2Fshowlazy&return=https%3A%2F%2Fkrusty.u-bordeaux.fr%2Fshowlazy%2FShibboleth.sso%2FWAYF%3FSAMLDS%3D1%26target%3Dcookie%253A1491566493_4fae"
>  
> "Mozilla/5.0 (Windows NT 10.0; WOW6
> 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 
> Safari/537.36"
> 147.210.233.170 - - [07/Apr/2017:14:01:45 +0200] "POST 
> /cas/login?service=https%3A%2F%2Ftestidp.u-bordeaux.fr
> %2Fidp%2FAuthn%2FExtCas%3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D
> %3Fconversation%3De1s1&entityId=https%3A%2F%2Fkrusty.u-bordeaux.fr%2Fshowlazy 
> HTTP/1.1" 302 1429 "
> https://cas3.u-bordeaux.fr/cas/login?service=https%3A%2F%2Ftestidp.u-bordeaux.fr%2
>
> Fidp%2FAuthn%2FExtCas%3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D%3Fconversation%3De1s1&entityId=https%3A%2F%
> 2Fkrusty.u-bordeaux.fr%2Fshowlazy" "Mozilla/5.0 (Windows NT 10.0; W
> OW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 
> Safari/537.36"
> 172.29.52.88 - - [07/Apr/2017:14:01:45 +0200] "GET 
> /cas/serviceValidate?ticket=ST-4-b9WKP1g9E5K0rgXe5Nwj-cas-ubx&service=https%3A%2F%
> 2Ftestidp.u-bordeaux.fr%2Fidp%2FAuthn%2FExtCas%
> 3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D%3Fconversation%3De1s1 
> HTTP/1.1" 403 406 "-" "Java/1.7.0_121"
>
> Looking at messages, it seems like browser user-agent are authorized but 
> java user-agent (Java/1.7.0_121) - and probably others non browser agent - 
> is blocked.
>
> Is one or more certificates missing ? If yes, where and what kind of 
> certificates ? What else ?
>
> Thanks for your help ! 
> Best regards, 
>
>
>
>   
>
> Le jeudi 19 janvier 2017 22:42:36 UTC+1, Daniel Alzate a écrit :
>>
>> Hi, 
>>
>> I'm new to CAS and also the community.
>>
>> I have a new CAS setup working, but I'm facing this same problem reported 
>> by Conan. I wonder if you found a solution or the cause of this issue?
>>
>>
>> Best regards.
>>
>> Daniel.
>>
>> On Friday, May 27, 2016 at 2:33:53 AM UTC-5, Conan Malone wrote:
>>>
>>> cas.log shows nothing at all and cas-management.log shows the 
>>> '[org.jasig.cas.client.util.CommonUtils] - Server returned HTTP response 
>>> code: 403 for URL:' error that I posted above.  The only apps I have 
>>> installed right now are cas and the management app, can log into CAS fine 
>>> with casuser goes to the 'Login successful' page.
>>>
>>> On Thursday, May 26, 2016 at 5:53:41 PM UTC+1, Misagh Moayyed wrote:
>>>>
>>>> Does the CAS server produce any logs when it attempts to validate that 
>>>> ticket? Can you log into any other apps beside the management webapp? 
>>>>
>>>>  
>>>>
>>>> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of 
>>>> *Conan 
>>>> Malone
>>>> *Sent:* Thursday, May 26, 2016 2:11 AM
>>>> *To:* CAS Community 
>>>> *Subject:* [cas-user] Cas-Service-Management-Overlay still not working 
>>>> (more info)
>>>>
>>>>  
>>>>
>>>> Hi,
>>>>
>>>>  
>>>>
>>>> I'm making a new post as I feel there maybe wasn't enough information 
>>>> in my last one for anyone to help me out.
>>>>
>>>>  
>>>>
>>>> I have downloaded the cas-overlay-template and 
>>>> cas-service-management-overlay (4.2.2), copied t

Re: [cas-user] Cas-Service-Management-Overlay still not working (more info)

[Didier Capdevielle]

Hi everybody,

I'm a newbie too in CAS and i have the same problem.

I installed a CAS server 4.2.7 with Maven War Overlay, OpenJDK 7 and 
Tomcat8.
I installed an Apache Server to redirect request with AJP.

Directly using CAS, no problem.

But using CAS via an application (IdP for example), the same problem occurs.
Login is OK but ServiceValidate is forbidden.

Her are the logs from Apache ssl_access.log :

147.210.233.170 - - [07/Apr/2017:14:01:36 +0200] "GET 
/cas/login?service=https%3A%2F%2Ftestidp.u-bordeaux.fr%2Fidp%2FAuthn%2FExtCas%3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D%
3Fconversation%3De1s1&entityId=https%3A%2F%2Fkrusty.u-bordeaux.fr%2Fshowlazy 
HTTP/1.1" 200 9705 
"https://idp-ubx.u-bordeaux.fr/WTST/wayf.php?entityID=https%3A%2F%2Fkrusty.u-bordeau
x.fr%2Fshowlazy&return=https%3A%2F%2Fkrusty.u-bordeaux.fr%2Fshowlazy%2FShibboleth.sso%2FWAYF%3FSAMLDS%3D1%26target%3Dcookie%253A1491566493_4fae"
 
"Mozilla/5.0 (Windows NT 10.0; WOW6
4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 
Safari/537.36"
147.210.233.170 - - [07/Apr/2017:14:01:45 +0200] "POST 
/cas/login?service=https%3A%2F%2Ftestidp.u-bordeaux.fr%2Fidp%2FAuthn%2FExtCas%3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D
%3Fconversation%3De1s1&entityId=https%3A%2F%2Fkrusty.u-bordeaux.fr%2Fshowlazy 
HTTP/1.1" 302 1429 
"https://cas3.u-bordeaux.fr/cas/login?service=https%3A%2F%2Ftestidp.u-bordeaux.fr%2
Fidp%2FAuthn%2FExtCas%3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D%3Fconversation%3De1s1&entityId=https%3A%2F%2Fkrusty.u-bordeaux.fr%2Fshowlazy"
 
"Mozilla/5.0 (Windows NT 10.0; W
OW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 
Safari/537.36"
172.29.52.88 - - [07/Apr/2017:14:01:45 +0200] "GET 
/cas/serviceValidate?ticket=ST-4-b9WKP1g9E5K0rgXe5Nwj-cas-ubx&service=https%3A%2F%2Ftestidp.u-bordeaux.fr%2Fidp%2FAuthn%2FExtCas%
3Bjsessionid%3D415E0BB45E1B68E7666829960DEEB70D%3Fconversation%3De1s1 
HTTP/1.1" 403 406 "-" "Java/1.7.0_121"

Looking at messages, it seems like browser user-agent are authorized but 
java user-agent (Java/1.7.0_121) - and probably others non browser agent - 
is blocked.

Is one or more certificates missing ? If yes, where and what kind of 
certificates ? What else ?

Thanks for your help ! 
Best regards, 



  

Le jeudi 19 janvier 2017 22:42:36 UTC+1, Daniel Alzate a écrit :
>
> Hi, 
>
> I'm new to CAS and also the community.
>
> I have a new CAS setup working, but I'm facing this same problem reported 
> by Conan. I wonder if you found a solution or the cause of this issue?
>
>
> Best regards.
>
> Daniel.
>
> On Friday, May 27, 2016 at 2:33:53 AM UTC-5, Conan Malone wrote:
>>
>> cas.log shows nothing at all and cas-management.log shows the 
>> '[org.jasig.cas.client.util.CommonUtils] - Server returned HTTP response 
>> code: 403 for URL:' error that I posted above.  The only apps I have 
>> installed right now are cas and the management app, can log into CAS fine 
>> with casuser goes to the 'Login successful' page.
>>
>> On Thursday, May 26, 2016 at 5:53:41 PM UTC+1, Misagh Moayyed wrote:
>>>
>>> Does the CAS server produce any logs when it attempts to validate that 
>>> ticket? Can you log into any other apps beside the management webapp? 
>>>
>>>  
>>>
>>> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *Conan 
>>> Malone
>>> *Sent:* Thursday, May 26, 2016 2:11 AM
>>> *To:* CAS Community 
>>> *Subject:* [cas-user] Cas-Service-Management-Overlay still not working 
>>> (more info)
>>>
>>>  
>>>
>>> Hi,
>>>
>>>  
>>>
>>> I'm making a new post as I feel there maybe wasn't enough information in 
>>> my last one for anyone to help me out.
>>>
>>>  
>>>
>>> I have downloaded the cas-overlay-template and 
>>> cas-service-management-overlay (4.2.2), copied the correct files to 
>>> /etc/cas/ and ran mvnw clean package on both of them with build success so 
>>> that all seems fine.  (both deployed in tomcat as ROOT.war and 
>>> cas-services.war).
>>>
>>>  
>>>
>>> I can go to https://mycasdomain.com/ and it goes to the login page, I 
>>> can then log in with casuser,Mellon and this works fine (also can do RADIUS 
>>> authentication).  My problem seems to be with the cas-services-management 
>>> as when I go to https://mycasdomain.com/cas-services/ (looking at 
>>> network on chrome) I get redirected to manage.html which redirects to the 
>>> login page as expected with url '
>>> https://mycasdomain/login?service=https%3A%2F%2Fmycasdomain%2Fcas-services%2Fcallback%3Fclient_name%3DCasClient'.
>>>  
>>>  The page has the 'Services Management Web Application' box at the top so I 
>>> assume services are correctly set up.  I then log in with casuser,Mellon 
>>> and get 'The CAS management webapp is unavailable' screen.
>>>
>>>  
>>>
>>> The login page redirected me to '
>>> https://mycasdomain.com/cas-services/callback?client_name=CasClient&ticket=ST-7-1df43YSsUctajcAt1miS-mycasdomain.com'
>>>  
>>> and gave a HTTP status 500.
>>>
>>>  
>>>
>>> But looking through logs I find th