[cas-user] redirect to CAS cache control
Hi, We've recently moved our CAS server to a new server/URL. We've updated our web-sites/application to point to the new URL. However we're still seeing clients hitting the old CAS server. My guess is that the 302 redirect is cached on the client's web browser. Does this stand? How do you manage this on your applications? In at least one site (apache) I've added Header unset Pragma Header unset Cache-Control but this does not affect some of the clients. G -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8045fc0-9a95-693c-a59d-0e414fab3176%40edu.physics.uoc.gr.
Re: [cas-user] Shibboleth integration and MDUI
I found the problem.
URL comes like:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
If I replace entityId%3D -> entityId= then it works
CAS does not decode %3D which is for = sign, thus leaving the attribute
empty.
'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
- org.springframework.webflow.mvc.servlet.MvcExternalContext@4c2a6e41 with
input map['service' -> 'https://idp.example.com/idp/Authn/External',
'entityId=https://www.example.com/sp' -> ''
-
G
On 14/01/2022 12:28, Kapetanakis Giannis wrote:
Hi,
I've configured CAS to be SSO for Shibboleth IdP (External). This works fine.
I'm trying to display SAML MDUI (logo) but it cannot detect the entityId so
nothing happens.
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] -
implementation
"org.apereo.cas:cas-server-support-saml-mdui:${project.'cas.version'}" in
build.gradle
cas.saml-metadata-ui.resources=file:///etc/cas/config/idp-metadata/sp.xml
Log says:
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
INFO [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
However when I'm redirected to CAS, to login to this SP (via shibboleth)
with URL:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
I get in logs:
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] -
Service registry lists the SP's entityId as serviceId:
--- !
serviceId:"https://www.example.com/sp;
...
logo:"https://www.example.com/images/logo-idp.png;
...
In advance the metadata loaded also have mdui relevant info:
http://www.w3.org/2000/09/xmldsig#;
entityID="https: //www.example.com/sp">
https://www.example.com/images/logo-idp.png
What am I missing here?
Thanks,
Giannis
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cfded964-4f43-7ce0-7b0c-936b4b2c05cb%40edu.physics.uoc.gr.
[cas-user] Shibboleth integration and MDUI
Hi,
I've configured CAS to be SSO for Shibboleth IdP (External). This works fine.
I'm trying to display SAML MDUI (logo) but it cannot detect the entityId so
nothing happens.
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] -
implementation
"org.apereo.cas:cas-server-support-saml-mdui:${project.'cas.version'}" in
build.gradle
cas.saml-metadata-ui.resources=file:///etc/cas/config/idp-metadata/sp.xml
Log says:
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
DEBUG [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
INFO [org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter] -
However when I'm redirected to CAS, to login to this SP (via shibboleth)
with URL:
https://cas.example.com/cas/login?service=https%3A%2F%2Fidp.example.com%2Fidp%2FAuthn%2FExternal%3Fconversation%3De2s1%26entityId%3Dhttps%3A%2F%2Fwww.example.com%2Fsp
I get in logs:
DEBUG [org.apereo.cas.support.saml.mdui.web.flow.SamlMetadataUIParserAction] -
Service registry lists the SP's entityId as serviceId:
--- !
serviceId: "https://www.example.com/sp;
...
logo: "https://www.example.com/images/logo-idp.png;
...
In advance the metadata loaded also have mdui relevant info:
http://www.w3.org/2000/09/xmldsig#;
entityID="https:
//www.example.com/sp">
https://www.example.com/images/logo-idp.png
What am I missing here?
Thanks,
Giannis
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a179985a-95c5-70b9-3f7a-4583a21d6fac%40edu.physics.uoc.gr.
[cas-user] dynamic themed views and template caching (bug or feature?)
I've enabled Dynamic Themes and Themed Views according to https://apereo.github.io/cas/6.4.x/ux/User-Interface-Customization-Themes.html if spring.thymeleaf.cache is true (default) then first visit loads the correct themed view but next visit (on default theme) overrides the themed view which does not appear again. If I set spring.thymeleaf.cache=false then everything works as expected. I' only overridden src/main/resources/templates/custom-theme/fragments/loginform.html to specify $screen.welcome.instructions.custom for specific services. Don't know if this is normal, just thought I should report it. Maybe a comment about this should be added on https://apereo.github.io/cas/6.4.x/ux/User-Interface-Customization-Themes.html#themed-views G -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/114f332e-1382-ab0c-228c-da6d706b9ffa%40edu.physics.uoc.gr.
[cas-user] different LDAP configurations - same instance
Hi, I 'm running latest CAS 6.4 in standalone mode (embedded) proxied via apache2 and AJP. Authentication is done by cas.authn.ldap[0] for my users for domain @example1.com I want to authenticate users from domain @example2.com without running a separate instance for them (in order to have different LDAP settings / ldap server, ldap base etc). Is there a way to load different property files by user's @domain in username or maybe by different URL the request is coming to cas.example1.com cas.example2.com Maybe some other way I can't imagine? thanks, Giannis -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8846289e-3f22-ab3c-dec3-d92b7d2969ef%40edu.physics.uoc.gr.
[cas-user] cas-management-overlay Error processing element CasAppender
Hi, I'm trying to use cas management web application with CAS Initializr and cas-management-overlay I've downloaded from heroku: curl https://casinit.herokuapp.com/starter.tgz -d type=cas-management-overlay -d baseDir=cas-management-overlay | tar -xzvf - ./gradlew build I've copied configuration /etc/cas/config When I try to run it in embedded container I get: 2021-12-20 16:45:26,372 INFO [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - 2021-12-20 16:45:26,498 main ERROR Error processing element CasAppender ([Appenders: null]): CLASS_NOT_FOUND 2021-12-20 16:45:26,499 main ERROR Error processing element CasAppender ([Appenders: null]): CLASS_NOT_FOUND 2021-12-20 16:45:26,500 main ERROR Error processing element CasAppender ([Appenders: null]): CLASS_NOT_FOUND 2021-12-20 16:45:26,500 main ERROR Error processing element CasAppender ([Appenders: null]): CLASS_NOT_FOUND 2021-12-20 16:45:26,524 main ERROR Unable to locate appender "casFile" for logger config "root" 2021-12-20 16:45:26,524 main ERROR Unable to locate appender "casConsole" for logger config "root" 2021-12-20 16:45:26,524 main ERROR Unable to locate appender "casStackTraceFile" for logger config "root" 2021-12-20 16:45:26,525 main ERROR Unable to locate appender "casConsole" for logger config "org.apereo.inspektr.audit.support" 2021-12-20 16:45:26,525 main ERROR Unable to locate appender "casFile" for logger config "org.apereo.inspektr.audit.support" 2021-12-20 16:45:26,526 main ERROR Unable to locate appender "casAudit" for logger config "org.apereo.inspektr.audit.support" > Task :run FAILED FAILURE: Build failed with an exception. Tried to copy the default log4j2.xml from cas-overlay over log4j2-management.xml which has entries for the appenders missing, but didn't work. any ideas? Giannis -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf94d437-75e6-3ada-f246-46422a169ec5%40edu.physics.uoc.gr.
Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas
On 19/07/17 18:27, Fabio Martelli wrote: Hi All, I would like to retrieve user principal attributes from a php application. I successfully configured mod_auth_cas but at the moment I'm just able to retrieve the principal name in HTTP Header. Can you share a piece of code that can help me with my php application? Thank you in advance. BR, F. Maybe you can get it from $_SERVER['REMOTE_USER'] alternative options: a) do the authentication in PHP with phpCAS and not in apache b) check if user is authenticated in php (again with phpCAS) and get what ever attribute you need (including attributed returned by CAS) G ps. https://github.com/apereo/phpCAS/blob/master/docs/examples/example_hardening.php https://wiki.jasig.org/display/casc/phpcas+examples -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ea919a47-a804-89e6-7a24-9563f2b2f4a6%40edu.physics.uoc.gr.
