from:"Trenton Adams"

Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

2021-04-13 Thread Trenton Adams

It matches this…
https://regex101.com/r/evGIgs/1

You also need to make sure the ‘id’ of each service definition don’t conflict.

Also, according to the docs, . has to be doubling escaped, so perhaps ‘\\.’ 
Rather than ‘\.’ ??

https://apereo.github.io/cas/5.3.x/installation/JSON-Service-Management.html
Escaping Characters
Please make sure all field values in the JSON blob are correctly escaped, 
specially for the service id. If the service is defined as a regular 
expression, certain regex constructs such as "." and "\d" need to be doubly 
escaped.


From:  on behalf of "Keith Alston (Staff)" 

Reply-To: "cas-user@apereo.org" 
Date: Monday, April 12, 2021 at 11:42 PM
To: "cas-user@apereo.org" 
Subject: Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

replaced the serviceid with the entityid from the sp metadata

which is:

https://regent-team.myfreshworks.com/sp/SAML/26912657608931/metadata<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregent-team.myfreshworks.com%2Fsp%2FSAML%2F26912657608931%2Fmetadata=04%7C01%7Ctrenta%40athabascau.ca%7Ca5ad000221fa452fd5d908d8fe3ef8c1%7Ca893bdd2f4604252aa344d057436a09d%7C0%7C1%7C637538893733243516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=5nmupYZQveHl3HHhY3DKF043LV8KPPB4tm3kgO%2F%2FsgI%3D=0>
yes, this is the entityid in the sp metadata!

now I'm getting this:

2021-04-12 16:27:27,481 WARN [org.apereo.cas.web.flow.ServiceAuthorizationCheck]
 - https://regent-team.myfreshwor
ks.com/sp/SAML/26912657608931/callback] is not found in service registry.>
2021-04-12 16:27:27,481 DEBUG [org.springframework.webflow.engine.impl.FlowExecu
tionImpl] - https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback]
 is not found in service registry.]>
2021-04-12 16:27:27,481 DEBUG [org.springframework.webflow.engine.support.Transi
tionExecutingFlowExecutionExceptionHandler] - 


Keith Alston
Regent University
IT Department
keit...@regent.edu
757.352.4081
________
From: cas-user@apereo.org  on behalf of Trenton Adams 

Sent: Monday, April 12, 2021 2:56 PM
To: cas-user@apereo.org 
Subject: [External] Re: [cas-user] No registered service found/Freshworks 
SAML2/ CAS 5.3


Oops, I had meant to paste this.  This should allow anything with domain.com 
and prefix regent-team.myfresh to authenticate against your CAS server.

^(https|http):\/\/regent-team\.myfresh.*domain\.com(:[0-9]{1,5})?\/.*$"



From:  on behalf of Trenton Adams 
Reply-To: "cas-user@apereo.org" 
Date: Monday, April 12, 2021 at 12:53 PM
To: "cas-user@apereo.org" 
Subject: Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3



I’m pretty sure the serviced is supposed to be a regular expression, no?.  * 
after an ‘h’ means repeat the ‘h’.  Put ‘.*’ and you’ll repeat anything, but 
that wouldn’t be what you want either, as that would allow any domain with a 
DNS prefix of ‘regent-team.myfresh’, to authenticate against your CAS instance.



From:  on behalf of "Keith Alston (Staff)" 

Reply-To: "cas-user@apereo.org" 
Date: Monday, April 12, 2021 at 12:46 PM
To: "cas-user@apereo.org" 
Subject: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3





Any ideas on what might be going on here?

I get the "Application Not Authorized to Use CAS" page when redirected to CAS.



2021-04-12 14:21:32,474 WARN 
[org.apereo.cas.services.web.RegisteredServiceThemeResolver] - https://regent-team.myfreshworks.com/sp/SAML/269126576089314274/callback<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fregent-team.myfreshworks.com%2Fsp%2FSAML%2F269126576089314274%2Fcallback__%3B!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhLv-YOwe%24=04%7C01%7Ctrenta%40athabascau.ca%7Ca5ad000221fa452fd5d908d8fe3ef8c1%7Ca893bdd2f4604252aa344d057436a09d%7C0%7C1%7C637538893733243516%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=vwZFPYkvaVx95XiAfpXN6f08L61ZkPhpulDoZM%2Fl3Q4%3D=0>,
 
originalUrl=https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fregent-team.myfreshworks.com%2Fsp%2FSAML%2F26912657608931%2Fcallback__%3B!!CHfpmW4!1bSsDTJKiiEtSW28bPRdOrFqthZ313uDfEOC9Q4_30WDONcSDi2TQcJkhPOLBa3M%24=04%7C01%7Ctrenta%40athabascau.ca%7Ca5ad000221fa452fd5d908d8fe3ef8c1%7Ca893bdd2f4604252aa344d057436a09d%7C0%7C1%7C637538893733253512%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=R662RpftlLF6FB2eE%2BE7S1YFOUsQYIk8HR9EaICHfYY%3D=0>,
 artifactId=null, principal=null, source=AssertionConsumerServiceURL, 
loggedOutAlready=true, format=XML, attributes={})] or access is denied. Using 
def

Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

2021-04-12 Thread Trenton Adams

Oops, I had meant to paste this.  This should allow anything with domain.com 
and prefix regent-team.myfresh to authenticate against your CAS server.
^(https|http):\/\/regent-team\.myfresh.*domain\.com(:[0-9]{1,5})?\/.*$"

From:  on behalf of Trenton Adams 
Reply-To: "cas-user@apereo.org" 
Date: Monday, April 12, 2021 at 12:53 PM
To: "cas-user@apereo.org" 
Subject: Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

I’m pretty sure the serviced is supposed to be a regular expression, no?.  * 
after an ‘h’ means repeat the ‘h’.  Put ‘.*’ and you’ll repeat anything, but 
that wouldn’t be what you want either, as that would allow any domain with a 
DNS prefix of ‘regent-team.myfresh’, to authenticate against your CAS instance.

From:  on behalf of "Keith Alston (Staff)" 

Reply-To: "cas-user@apereo.org" 
Date: Monday, April 12, 2021 at 12:46 PM
To: "cas-user@apereo.org" 
Subject: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3


Any ideas on what might be going on here?
I get the "Application Not Authorized to Use CAS" page when redirected to CAS.

2021-04-12 14:21:32,474 WARN 
[org.apereo.cas.services.web.RegisteredServiceThemeResolver] - https://regent-team.myfreshworks.com/sp/SAML/269126576089314274/callback,
 
originalUrl=https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback,
 artifactId=null, principal=null, source=AssertionConsumerServiceURL, 
loggedOutAlready=true, format=XML, attributes={})] or access is denied. Using 
default theme [cas-theme-default]>


here's my service file:

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" : "^(https|http)://regent-team.myfresh*",
  "name" : "freshregistrar",
  "id" : 1608070210,
  "metadataLocation" : 
"https://regent-team.myfreshworks.com/sp/SAML/26912657608931/metadata;,
  "evaluationOrder" : 17,
  "requiredNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
",
  "attributeReleasePolicy" : {
@class : org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
allowedAttributes :  [ "java.util.ArrayList", [ 
"firstname","lastname","email","nameid","phone","mobile","title" ]]
  },
}




Keith Alston
Regent University
IT Department
keit...@regent.edu
757.619.3421
--
- Website: 
https://apereo.github.io/cas<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas=04%7C01%7Ctrenta%40athabascau.ca%7Cbc8708cf5bda41a5bb4e08d8fde43e57%7Ca893bdd2f4604252aa344d057436a09d%7C0%7C0%7C637538504031085158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=Qvk%2Bza9Bd6ZkUJ5Wh11fsBEEDdMdCyyrDFnBeDRuj20%3D=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas=04%7C01%7Ctrenta%40athabascau.ca%7Cbc8708cf5bda41a5bb4e08d8fde43e57%7Ca893bdd2f4604252aa344d057436a09d%7C0%7C0%7C637538504031095158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=fvVp%2F0f%2Fsx5LhhMkJudoZMqSv938Fs8ddDswJOc20J0%3D=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7=04%7C01%7Ctrenta%40athabascau.ca%7Cbc8708cf5bda41a5bb4e08d8fde43e57%7Ca893bdd2f4604252aa344d057436a09d%7C0%7C0%7C637538504031095158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=gLLJDiSsyMYnm6WQbc5wEViIQ%2BQmMXbHvMOGl0izB9k%3D=0>
- Contributions: 
https://goo.gl/mh7qDG<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG=04%7C01%7Ctrenta%40athabascau.ca%7Cbc8708cf5bda41a5bb4e08d8fde43e57%7Ca893bdd2f4604252aa344d057436a09d%7C0%7C0%7C637538504031105153%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=Nj70rBUUUS2DuqpRftIv7cLcFFJ9Fxc7%2F2QCyxsPWDg%3D=0>
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR10MB29952DEBE257C8F1901C6B25D9709%40BL0PR10MB2995.namprd10.prod.outlook.com<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FBL0PR10MB29952DEBE257C8F1901C6B25D9709%2540BL0PR10MB2995.namprd10.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter=04%7C01%7Ctrenta%40athabascau.ca%7Cbc8708cf5bda41a5bb4e08d8fde43e57%7Ca

Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

2021-04-12 Thread Trenton Adams

I’m pretty sure the serviced is supposed to be a regular expression, no?.  * 
after an ‘h’ means repeat the ‘h’.  Put ‘.*’ and you’ll repeat anything, but 
that wouldn’t be what you want either, as that would allow any domain with a 
DNS prefix of ‘regent-team.myfresh’, to authenticate against your CAS instance.

From:  on behalf of "Keith Alston (Staff)" 

Reply-To: "cas-user@apereo.org" 
Date: Monday, April 12, 2021 at 12:46 PM
To: "cas-user@apereo.org" 
Subject: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3


Any ideas on what might be going on here?
I get the "Application Not Authorized to Use CAS" page when redirected to CAS.

2021-04-12 14:21:32,474 WARN 
[org.apereo.cas.services.web.RegisteredServiceThemeResolver] - https://regent-team.myfreshworks.com/sp/SAML/269126576089314274/callback,
 
originalUrl=https://regent-team.myfreshworks.com/sp/SAML/26912657608931/callback,
 artifactId=null, principal=null, source=AssertionConsumerServiceURL, 
loggedOutAlready=true, format=XML, attributes={})] or access is denied. Using 
default theme [cas-theme-default]>


here's my service file:

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" : "^(https|http)://regent-team.myfresh*",
  "name" : "freshregistrar",
  "id" : 1608070210,
  "metadataLocation" : 
"https://regent-team.myfreshworks.com/sp/SAML/26912657608931/metadata;,
  "evaluationOrder" : 17,
  "requiredNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
",
  "attributeReleasePolicy" : {
@class : org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
allowedAttributes :  [ "java.util.ArrayList", [ 
"firstname","lastname","email","nameid","phone","mobile","title" ]]
  },
}




Keith Alston
Regent University
IT Department
keit...@regent.edu
757.619.3421
--
- Website: 
https://apereo.github.io/cas
- Gitter Chatroom: 
https://gitter.im/apereo/cas
- List Guidelines: 
https://goo.gl/1VRrw7
- Contributions: 
https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR10MB29952DEBE257C8F1901C6B25D9709%40BL0PR10MB2995.namprd10.prod.outlook.com.

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
-

Re: [cas-user] cas 5.2.x leaking connections

2020-01-10 Thread Trenton Adams

Those docs appear to imply that passivators are essentially require, or 
authenticated state information gets shared, no?


From: cas-user@apereo.org  on behalf of David Curry 

Sent: January 10, 2020 5:15 PM
To: CAS Community 
Subject: Re: [cas-user] cas 5.2.x leaking connections

You might want to experiment with turning the passivator off, or changing its 
setting. Not sure that's it, but it might help?

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#why-passivators



--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Fri, Jan 10, 2020 at 5:40 PM Trenton D. Adams 
mailto:tre...@athabascau.ca>> wrote:

Good day,

We are having some problems with CAS 5.2.x leaking connections in our 
production environment.  We're not sure how or why this is happening.  What we 
do know is that they are no longer part of the pool, because if they were we'd 
run out of connections in the pool.  However, there is a limit to the number of 
connections an LDAP server can handle, so it requires a CAS restart regularly.

Below is the configuration we're using for both LDAP and the password manager.  
We were hoping someone understand why this could be happening, as the CAS 
documentation is not very good for these settings, and neither are the javadoc 
or Ldaptive docs.  I hope someone with more CAS experience, such as a dev, 
might be able to help?


cas.authn.ldap[0].type=ANONYMOUS

cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com:389

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].baseDn=ou=Student,ou=People,dc=example,dc=com

cas.authn.ldap[0].userFilter=uid={user}

cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].principalAttributeList=uid,udcid:UDC_IDENTIFIER

cas.authn.ldap[1].type=ANONYMOUS

cas.authn.ldap[1].ldapUrl=ldap://ldap.example.ca:389

cas.authn.ldap[1].useSsl=false

cas.authn.ldap[1].baseDn=ou=Staff,ou=People,dc=example,dc=com

cas.authn.ldap[1].userFilter=uid={user}

cas.authn.ldap[1].principalAttributeId=uid

cas.authn.ldap[1].principalAttributeList=uid,udcid:UDC_IDENTIFIER



cas.authn.pm.ldap.type=GENERIC

cas.authn.pm.ldap.ldapUrl=ldap://ldap.example.com:389

cas.authn.pm.ldap.connectionStrategy=ACTIVE_PASSIVE

cas.authn.pm.ldap.useSsl=false

cas.authn.pm.ldap.useStartTls=false

cas.authn.pm.ldap.connectTimeout=5000

cas.authn.pm.ldap.baseDn=ou=People,dc=example,dc=com

cas.authn.pm.ldap.userFilter=uid={user}

cas.authn.pm.ldap.subtreeSearch=true

cas.authn.pm.ldap.bindDn=cn=Manager,dc=example,dc=com

cas.authn.pm.ldap.bindCredential=

cas.authn.pm.ldap.trustCertificates=

cas.authn.pm.ldap.poolPassivator=BIND

cas.authn.pm.ldap.minPoolSize=3

cas.authn.pm.ldap.maxPoolSize=10

cas.authn.pm.ldap.validateOnCheckout=true

cas.authn.pm.ldap.validatePeriodically=true

cas.authn.pm.ldap.validatePeriod=600

cas.authn.pm.ldap.validateTimeout=5000

cas.authn.pm.ldap.failFast=false

cas.authn.pm.ldap.idleTime=500

cas.authn.pm.ldap.prunePeriod=600

cas.authn.pm.ldap.blockWaitTime=5000

cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

cas.authn.pm.ldap.securityQuestionsAttributes.challengeQuestion=challengeResponse

cas.authn.pm.ldap.validator.type=SEARCH

cas.authn.pm.ldap.validator.baseDn=ou=Staff,ou=People,dc=example,dc=com

cas.authn.pm.ldap.validator.searchFilter=(uid=some-user)

cas.authn.pm.ldap.validator.scope=ONELEVEL

cas.authn.pm.ldap.validator.attributeName=cn

cas.authn.pm.ldap.validator.attributeValues=Some Name

cas.authn.pm.ldap.validator.dn=

--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve
your best.  Instead of tearing people down, try building them up!

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit

[cas-user] CAS Slow Load Time

2019-04-15 Thread Trenton Adams

So, with the features we're using, CAS 5.2.x, tomcat startup takes 4 minutes on 
a single core, and 1 minute on a quad core system.  So, every single change I 
make to the config takes a long time to try it out.

Why does it take so long?  It seems like maybe it's Spring Bloat, no?  I can't 
imagine a service like CAS taking that long to load.

Is there any way of making it not take that long?  e.g. Maybe I can somehow 
exclude a bunch of dependencies we don't need.

Thanks.


--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Navy Penguins at your service!
Athabasca University
(780) 675-6195
:wq!



--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/BYAPR13MB2501651680D1A55A661AE0C3D52B0%40BYAPR13MB2501.namprd13.prod.outlook.com.

Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

Re: [cas-user] No registered service found/Freshworks SAML2/ CAS 5.3

Re: [cas-user] cas 5.2.x leaking connections

[cas-user] CAS Slow Load Time

5 matches

Site Navigation

Mail list logo

Footer information