Re: [cas-user] Can application get TGT ticket?

2016-11-01 Thread William G. Thompson, Jr. 
You should take a look at Proxy Granting Tickets, which allow an
application to securely call another app on behalf of a user.

http://stackoverflow.com/questions/6368358/restful-cas-client-and-proxy-granting-tickets
https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough

Best,
Bill


On Tue, Nov 1, 2016 at 3:22 PM, Yan Zhou  wrote:
> Hello,
>
> CAS protocol does not let the apps (CAS client) get TGT ticket. We have a
> need for that.
>
> We have two web apps, both are casified in CAS 4.1.X. One web app has
> AngularJS (Javascript) front end, and, the other webapp is UI-Less, it just
> offers REST services.
>
> Javascript code in App A wants to call REST API in App B.  We run into
> problem with CORS, etc. But, even after CORS are enabled, still run into
> trouble.
>
> So, the thought is, if Javascript code can get hold of TGT after user login
> to the app. A, then, JS code call use CAS REST API to authenticate against
> the 2nd app (the UI-less REST Services).
>
> Is that a bad idea, and how is that possible?
>
> Yan
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60e5fea-2a9b-4515-8a92-a7c2c8769497%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuGP3z3M7uQGRsOqni%2BSG0AeZHRwHrM9CY8XJWcVeTUQwQ%40mail.gmail.com.

Re: [cas-user] Logging in with LDAP but return attributes from Mysql

2016-09-14 Thread William G. Thompson, Jr. 
All things are possible with CAS. :)

https://apereo.github.io/cas/4.2.x/integration/Attribute-Resolution.html



On Wed, Sep 14, 2016 at 9:17 AM, Toni McWild  wrote:
> Hi guys,
> I have deployed 4.2 CAS server for my company but now we are facing a
> problem
>
> Our principal Handler is an LDAP, but the way our LDAP server is implemented
> doesn't allow to store every group that a specific user belongs to,
>
> I mean, for user "toni" I can login, I can get the main group that "toni"
> belongs to, but our LDAP doesn't have a field similar to
> "GroupsAUserBelongsTo"
> Our LDAP works the other way arround, for group "Management" there is a list
> of users that belong to this groups.
>
> Anyway, I've got a MySQL DDBB that I can ask to get the groups a user
> belongs to.
>
> so my question is:
>
> Is there any way I can merge both systems? LDAP authentication but right
> after the authentication it goes to MySQL and ask for the groups that a user
> belongs to.
>
> Thanks a lot!
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEzQRepEXmRFeQFROxVE7Eoa5p95PP6EgM1a9Bc8oMaLzPD6Pw%40mail.gmail.com.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuHRf6d0TcmHaVgh7Anf3vW-EP4iB7-63Qhk3HK28YV4xw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] How to combine LDAP and static users from a file

2016-09-08 Thread William G. Thompson, Jr. 
> 2016-09-08 16:25:21,599 ERROR
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>  not open ServletContext resource [/etc/cas/local-users.properties])>

Read permissions on /etc/cas/local-users.properties?


On Thu, Sep 8, 2016 at 10:32 AM, Josep Manel Andrés <josep.and...@bsc.es> wrote:
> Hi Willian,
> Great! It kind of worked :)
> I have put this in the authenticationManager Bean:
>
>  class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
> 
> 
>  value-ref="proxyPrincipalResolver" />
>  />
> 
> 
> 
>
>
> And this before ldapAuthenticationHandler:
>
>  
> class="org.jasig.cas.adaptors.generic.FileAuthenticationHandler"
> p:fileName="/etc/cas/local-users.properties" />
>
>
>
>
> But now I am getting this error:
>
> 2016-09-08 16:25:21,599 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> 
> 2016-09-08 16:25:21,599 ERROR
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>  not open ServletContext resource [/etc/cas/local-users.properties])>
>
>
> Any hint?
>
> Cheers.
>
>
>
> On 08/09/16 13:58, William G. Thompson, Jr. wrote:
>>
>> Yes, with CAS all things are possible. :)
>>
>> AuthN handlers can be changed so you can have both.  Something like
>> this would work. You'll need to make sure your usernames don't
>> overlap.
>>
>>  >
>> class="org.jasig.cas.adaptors.generic.FileAuthenticationHandler"
>>  p:fileName="/path/to/local-users.properties" />
>>
>>  >
>> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>>  p:contextSource-ref="ldapAuthContext"
>>  />
>>
>> Also see
>> https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html
>>
>> Best,
>> Bill
>>
>>
>>
>> On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andrés <josep.and...@bsc.es>
>> wrote:
>>>
>>> Hi all,
>>> We've got a CAS server for our systems with an LDAP backend, which works
>>> great, but we have an special case in which an app needs to be able to
>>> login
>>> with root account, but this is not on the LDAP.
>>>
>>> So my question is how it's possible to combine both systems, LDAP login
>>> and
>>> a username and password for root account only. I would like to keep it
>>> simple.
>>>
>>> Best regards.
>>>
>>> --
>>> Josep Manel Andrés (josep.and...@bsc.es)
>>> Operations - Barcelona Supercomputing Center
>>> C/ Jordi Girona, 31  http://www.bsc.es
>>> 08034 Barcelona, Spain Tel: +34-93-405 42 14
>>> e-mail: syst...@bsc.es Fax: +34-93-413 77 21
>>> ---
>>>
>>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>>> individual or entity to which it is addressed and may contain
>>> information which is privileged, confidential, proprietary, or exempt
>>> from disclosure under applicable law. If you are not the intended
>>> recipient or the person responsible for delivering the message to the
>>> intended recipient, you are strictly prohibited from disclosing,
>>> distributing, copying, or in any way using this message. If you have
>>> received this communication in error, please notify the sender and
>>> destroy and delete any copies you may have received.
>>>
>>> http://www.bsc.es/disclaimer
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to cas-user+unsubscr...@apereo.org.
>>> To post to this group, send email to cas-user@apereo.org.
>>> Visit this group at
>>> https://groups.google.com/a/apereo.org/group/cas-user/.
>>> To view this discussion on the web visit
>>>
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es.
>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>
>
> --
> Josep Manel Andrés (josep.and...@bsc.es)
> Operations - Barcelona Supercomputing Center
> C/ Jordi Girona, 31  http://www.bsc.es
> 08034 Barcelona, Spain Tel: +34-93-40

Re: [cas-user] How to combine LDAP and static users from a file

2016-09-08 Thread William G. Thompson, Jr. 
Yes, with CAS all things are possible. :)

AuthN handlers can be changed so you can have both.  Something like
this would work. You'll need to make sure your usernames don't
overlap.





Also see 
https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html

Best,
Bill



On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andrés  wrote:
> Hi all,
> We've got a CAS server for our systems with an LDAP backend, which works
> great, but we have an special case in which an app needs to be able to login
> with root account, but this is not on the LDAP.
>
> So my question is how it's possible to combine both systems, LDAP login and
> a username and password for root account only. I would like to keep it
> simple.
>
> Best regards.
>
> --
> Josep Manel Andrés (josep.and...@bsc.es)
> Operations - Barcelona Supercomputing Center
> C/ Jordi Girona, 31  http://www.bsc.es
> 08034 Barcelona, Spain Tel: +34-93-405 42 14
> e-mail: syst...@bsc.es Fax: +34-93-413 77 21
> ---
>
> WARNING / LEGAL TEXT: This message is intended only for the use of the
> individual or entity to which it is addressed and may contain
> information which is privileged, confidential, proprietary, or exempt
> from disclosure under applicable law. If you are not the intended
> recipient or the person responsible for delivering the message to the
> intended recipient, you are strictly prohibited from disclosing,
> distributing, copying, or in any way using this message. If you have
> received this communication in error, please notify the sender and
> destroy and delete any copies you may have received.
>
> http://www.bsc.es/disclaimer
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuGBEs3ZsatFWgw5%2BrfbqV3F0AvQsT9xwDkW1DPZkTjrXg%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Re: CAS-Server SSO - Proxying a valid scenario?

2016-08-24 Thread William G. Thompson, Jr. 
Yes, CAS server supports gateway natively as part of the CAS Protocol
spec...no special config needed on the server.

On Wed, Aug 24, 2016 at 1:12 PM, Mark  wrote:
> Thanks again, I think I'm starting to get the picture :-)
>
> Am I correct if I say that the CAS-Server itself does not need any extra /
> special configuration for gateway-ing because all relevant stuff is done in
> the client?
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/39a94789-c4d1-450d-8a25-ad9d5b0a573c%40apereo.org.
>
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuFWaOoqUNYTvzYg%3Dm00Ct3b8PMWsNEQvFH6GRkFAfikUw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] [CAS_USER] [HELP SAML]

2016-08-21 Thread William G. Thompson, Jr. 
Try https://addons.mozilla.org/en-US/firefox/addon/sso-tracer/


On Sun, Aug 21, 2016 at 12:07 AM, Bima Sakti Krisdianto
<12.7...@stis.ac.id> wrote:
> guys , iwant use saml protocol on my CAS. im already follow instruction.
> all dummy client work as usual, but how i know that auth protocol used is
> saml not cas protocol?
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6725b3b4-8fee-4c90-bd12-c02027ca1beb%40apereo.org.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuHeG_JrKcoCrWnwrurLtr4cmUWo_Ggh6%3DQooniKPC%2BB8w%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS-Server SSO - Proxying a valid scenario?

2016-08-21 Thread William G. Thompson, Jr. 
Yes, proxy tickets are designed to allow a service to call another
service on behalf of a user, so that is not what you are looking for.

In order to achieve the SSO behavior from Website A to Website B you
can use gateway mode on the homepage of B. This will check to see if
there is a CAS SSO session, and if so issue a ST for B and log the
user in.  Another approach would be to have the URL in A go to a CAS
protected URL at B, which should also initiated login.

https://wiki.jasig.org/display/CAS/gateway

Best,
Bill


On Sun, Aug 21, 2016 at 3:14 AM, Mark  wrote:
> I'm currently trying to figure out wether or not the following scenario can
> be done with a CAS-Server setup:
>
>  - Suppose I got 3 Websites / -apps (A,B,C)
>  - All three are setup (via plugins) so that their login systems us the
> CAS-Server (already working fine)
>
> To me this seems like rather basic CAS-stuff. Now two more advanced
> "problems":
>
>  - After I logged in to Website A and I open Website B I'm not already
> logged in but I do have to click "Login" again. I guess that's because CAS
> issues the login and cookies based the indidvidual service that called it
> and there's no way one can be auto-logged in to all sites connected to the
> CAS-login once you logged in to the first site?
>  - Is ticket-proxying a way to achieve this? As far as I understood,
> Proxying tickets would mean that (in my example) A on login also asks CAS
> for a proxy ticket for B which A would present to B upon calling something
> like a webservice at B. Which would rule out proxying for my scenario.
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/29247a7e-9c38-47e1-b70d-c6ff246c1769%40apereo.org.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuFTx_kY%2B-H5DMHyuY7_2QZtcwkcPXqdHQAeGiWt5KPuaQ%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] New to CAS, new to Apereo

2016-08-12 Thread William G. Thompson, Jr. 
We have a similar deployment but are moving to nginx+ and as the
front-end instead of apache+mod_jk. This should give us the ability to
bring backend Tomcat/CAS nodes in and out of production without a
service outage. We are also running with a json backed service
registry, instead of pulling in JPA/RDMBS dependencies.

CAS3 has been rock solid for more than 10 years, but I'm looking
forward to moving to CAS5 with MFA support and simplifying our
deployment configuration even more thanks to Misagh.

Best,
Bill


On Fri, Aug 12, 2016 at 4:08 AM, Philippe MARASSE
 wrote:
> Hello,
>
> 1.
> Here we have about 1400 employees, our architecture is pretty simple : 2
> front servers sharing a virtual IP (active/passive, apache + mod_jk), 2 CAS
> applications servers (CAS v3.5, Clustered tomcat, EHCache ticket registry,
> JPA Service registry). It works like a charm since 2012.
>
> 2.
> Our servers run Debian 7/8. IMHO, OS doesn't matter as long as you use
> custom JVM for your CAS server.
>
> Regards.
>
>
> Le 11/08/2016 à 23:23, Hank Foss a écrit :
>
> Thanks, Misagh, much appreciated.
>
> It sounds like this will work quite well for us. Most of our web apps rely
> on LDAP authentication.
>
> Regarding architecture, hope you don't mind a couple of other questions:
>
>
> How many servers are in your CAS environment (presuming you recommend an HA
> environment) - e.g. 1 web server (Tomcat?) + 2 HA CAS ticketing servers
> Do you recommend RHEL for OS?
>
>
> Our user environment is about 12,000 (2,000 staff + 10,000 students) so I am
> trying to architect the CAS to support that.
>
>
> -Hank
>
> On Thursday, August 11, 2016 at 4:45:43 PM UTC-4, Misagh Moayyed wrote:
>>
>> If you mean CAS is going to provide you with an LDAP server, the answer is
>> no. AFAIK, that has never been the case. If you mean you wish to
>> authenticate via AD/LDAP and get access to your portal and other
>> CAS-protected apps, then it’s quite simple. Since the dawn of time, CAS has
>> supported LDAP/AD authentication. 90% of the deployments use that method of
>> authentication.
>>
>> --
>> Misagh
>> From: Hank Foss 
>> Reply: Hank Foss 
>> Date: August 11, 2016 at 1:38:35 PM
>> To: CAS Community 
>> Subject:  [cas-user] New to CAS, new to Apereo
>>
>>
>>
>> Hello,
>>
>> I'm brand new to CAS and Apereo, and am asking the best way to begin. We
>> are migrating our CAS from the cloud to on-premise as a cost savings
>> measure. This will likely save us $60+k annually, as the vendor is also
>> provides our portal.
>>
>> The externally hosted portal contains LDAP as well as CAS links. I
>> understand CAS 5 comes out this fall (October?) which offers LDAP support,
>> so I am on the fence a bit more. Since AD authentication drives many of our
>> authentication, I have been told that we will either need to use ADFS or
>> Shibboleth. The goal for this to be live is December of this year, so there
>> are learning curve, architecture, installation and customization components
>> of this project that all come into play.
>>
>> I built the Linux box, most current version of CentOS, but I believe being
>> an open source application that the support of at least the OS should
>> actually be a licensed RHEL instance.
>>
>> I'm technical, but this is uncharted territory  so suggestions, comments,
>> and criticism are all greatly welcome.
>>
>>
>> Thanks,
>> CAS-Newbie
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To post to this group, send email to cas-...@apereo.org.
>> Visit this group at
>> https://groups.google.com/a/apereo.org/group/cas-user/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ccf659bc-12d9-4cb8-98dd-4dbf926f403a%40apereo.org.
>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/df64e990-a4f5-406a-871e-f4a8ea96d289%40apereo.org.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>
>
> --
> Philippe MARASSE
>
> Responsable pôle Infrastructures - DSIO
> Centre Hospitalier Henri Laborit
> CS 10587 - 370 avenue Jacques Cœur
> 86021 Poitiers Cedex
> Tel : 05.49.44.57.19
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop

[cas-user] Re: [cas-announce] CAS Community Survey Results

2016-07-14 Thread William G. Thompson, Jr. 
Misagh,

Excellent write up! Thanks for organization the survey and publishing the
results.  Very much looking forward to deploying CAS5 with MFA!

Best,
Bill


On Thu, Jul 14, 2016 at 3:01 PM, Misagh Moayyed  wrote:

> I have put together a blog post, reviewing the results of the recent CAS
> community survey:
>
> https://mmoayyed.github.io/2016/06/26/cas-survey-results/
>
> Thanks for participating.
>
> --
> Misagh
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Announcements" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-announce+unsubscr...@apereo.org.
> Visit this group at
> https://groups.google.com/a/apereo.org/group/cas-announce/.
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuE3SrZKZ13BpOkU%2B1AkKvWXN3yr97YaAqWW9ke3j_o2yA%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Delete a ticket manually (shell)

2016-03-20 Thread William G. Thompson, Jr. 
Ideally full TGTs should not be in the logs!   This is fixed in later CAS
versions.  Some form of privileged admin logout via user identifier is what
is needed.

Best,
Bill




On Wed, Mar 16, 2016 at 12:32 PM, Waldbieser, Carl 
wrote:

> If you can pull the ticket from your logs, you can present it to the CAS
> /logout URL.
> I have a short script for this purpose.
>
> Thanks,
> Carl Waldbieser
> ITS Systems Programmer
> Lafayette College
>
> - Original Message -
> From: "Simone" 
> To: "CAS Community" 
> Cc: mmoay...@unicon.net
> Sent: Wednesday, March 16, 2016 11:39:42 AM
> Subject: Re: [cas-user] Delete a ticket manually (shell)
>
> On Wednesday, March 16, 2016 at 4:25:28 PM UTC+1, Misagh Moayyed wrote:
> >
> > No, not unless you find a way to hack into your JVM memory and start
> > moving around objects J which is of course impossible. Sorry.
> >
>
> Understood.
>
> And, let's assume I can sacrifice all the sessions' users... would it be
> enough to restart tomcat/cas, right ? :)
>
> Thx
>
> S.
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

[cas-user] Re: [cas-dev] New Chairman nomination

2016-01-28 Thread William G. Thompson, Jr. 
Kudos and thanks to Jérôme for serving these past years as the project's
first official PMC chair!

And congrats to Misagh, well deserved indeed!

Best,
Bill


On Thu, Jan 28, 2016 at 9:48 AM, Jérôme LELEU  wrote:

> Hi,
>
> I'm glad to announce the nomination of Misagh Moayyed as the new CAS
> Chairman.
>
> Over the past few months, he has become the leader of the CAS project.
> It's well deserved and I wish him the best. I'll stay a CAS committer.
>
> Thanks.
> Best regards,
> Jérôme
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Developer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-dev+unsubscr...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Re: [cas-user] Best practice for handling multiple organizations

2015-12-22 Thread William G. Thompson, Jr. 
Are the two org related in any way?  Will they share CAS enabled services
or other IAM services?

If not, you'll most likely just want to deploy two independent CAS
instances.

Best,
Bill



On Tue, Dec 22, 2015 at 5:54 AM, Tom Andersson  wrote:

> Hi,
>
> As a high level requirement we have a case where we would have two
> different organizations needing CAS services. They differentiate mainly in
>
>- Web layouts
>- Authentication backend
>
> Is there a best practice for handling this kind of scenario other than
> having separate CAS instances for both organizations?
>
> Thank you in advance for any pointers.
> Tom
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.