Re: [cas-user] Re: SPNEGO Client Selection Strategy

2018-05-21 Thread Nicholas Wylie 
>>> 
>>>
>>>
>>> Here are my new spnego.properties
>>> # cas.authn.spnego.spnegoMode=direct: indicates to go directly to the 
>>> SPNEGO by changing the succes transition of initialLoginForm action-state 
>>> to startSpnegoAuthenticate
>>> # cas.authn.spnego.spnegoMode=evaluateClient: indicates to evaluate the 
>>> client based on the client action strategy defined in 
>>> evaluateClientActionStrategy. 
>>>
>>> # It changes the 
>>> success transition of initialLoginForm action-state to evaluateClientRequest
>>> cas.authn.spnego.spnegoMode=evaluateClient|direct
>>> # The following property is deprecated
>>>
>>> #cas.authn.spnego.hostNameClientActionStrategy=serviceNameSpnegoClientAction
>>> # cas.authn.spnego.evaluateClientActionStrategy=hostnameSpnegoClientAction 
>>> where CAS checks to see if the request?s remote hostname matches a 
>>> predefine pattern
>>> # cas.authn.spnego.evaluateClientActionStrategy=ldapSpnegoClientAction 
>>> where CAS checks an LDAP instance for the remote hostname, 
>>> #
>>>to locate a pre-defined attribute whose mere existence would allow 
>>> the webflow to resume to SPNEGO
>>> # 
>>> cas.authn.spnego.evaluateClientActionStrategy=serviceNameSpnegoClientAction 
>>> where CAS checks if the service corresponds to a regularExpression
>>> #defined in 
>>> serviceNamePatternString and the ip corresponds to ipsToCheckPattern 
>>> implemented
>>> #in baseSpnegoClientAction
>>> cas.authn.spnego.evaluateClientActionStrategy=
>>> serviceNameSpnegoClientAction
>>> cas.authn.spnego.ipsToCheckPattern=((127\.0)|(122.110))(\.[0-9]{1,3}){2}
>>>
>>> cas.authn.spnego.serviceNamePatternString=(app1\.domain\.ca)|(app2\.domain\.ca)
>>>
>>>
>>> It works well for me. If you want it, I could send you the code.
>>>
>>> Le jeudi 17 mai 2018 01:47:54 UTC-4, Nicholas Wylie a écrit :
>>>>
>>>> Hi CAS Community,
>>>>
>>>> I've successfully configured CAS 5.2 with LDAP/SPNEGO authentication 
>>>> against our Active Directory.
>>>>
>>>> What we have noticed though is that non-domain joined computers see a 
>>>> pop-up prompt for credentials when they visit the CAS login page. From my 
>>>> reading, I believe we can fix this by configuring the LDAP Client 
>>>> Selection 
>>>> Strategy for SPNEGO, but the documentation for which properties need to be 
>>>> configured seems to be a bit scarce.
>>>>
>>>> Can someone offer any guidance (or a link to some documentation) as to 
>>>> which properties I need to configure to use the LDAP Client Selection 
>>>> Strategy?
>>>>
>>>> Thanks,
>>>> Nicholas
>>>>
>>> -- 
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to a topic in the 
>>> Google Groups "CAS Community" group.
>>> To unsubscribe from this topic, visit 
>>> https://groups.google.com/a/apereo.org/d/topic/cas-user/_jUtK7VnhFs/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to 
>>> cas-user+u...@apereo.org .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org
>>>  
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org?utm_medium=email_source=footer>
>>> .
>>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANjq9ChHNPOLZSeU%3DmHs1MP3cyB1F69imxA7LzrDrc56oSWzTQ%40mail.gmail.com
>>  
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANjq9ChHNPOLZSeU%3DmHs1MP3cyB1F69imxA7LzrDrc56oSWzTQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/049959ab-d02f-4dad-9037-fa963a687341%40apereo.org.

[cas-user] SPNEGO Client Selection Strategy

2018-05-16 Thread Nicholas Wylie 
Hi CAS Community,

I've successfully configured CAS 5.2 with LDAP/SPNEGO authentication 
against our Active Directory.

What we have noticed though is that non-domain joined computers see a 
pop-up prompt for credentials when they visit the CAS login page. From my 
reading, I believe we can fix this by configuring the LDAP Client Selection 
Strategy for SPNEGO, but the documentation for which properties need to be 
configured seems to be a bit scarce.

Can someone offer any guidance (or a link to some documentation) as to 
which properties I need to configure to use the LDAP Client Selection 
Strategy?

Thanks,
Nicholas

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/524f8da7-688e-47f2-90b1-bf2649d80a2e%40apereo.org.