[cas-user] How to hide "redirect_url" at loginProviders in CAS login page when used delegated authentication?
Hi all, I used CAS to do delegate authenticate to another idp used saml protocal, and this works fine. A thirdparty button will appears in login corner and when user clicks, it will generate saml url and redirect to idp's login page. But question is ,when our website are doing audit, the login page's source will show the "redirect_url ", it include the third party's info, we need hide this and do it at backend, how to do this, any help thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/91309bf1-a49a-4bd0-aeab-db4912b9f2f0n%40apereo.org.
[cas-user] Re: Logout workflow with Delegated Auth
I have the same issue, delegated CAS to other idp used pac4j, login is fine,but when logout, the Userprofile's information is gone, no nameid,so the IDP return error, SLO cannot accomplished 在 2019年7月4日星期四 UTC+8下午7:16:17,Julien Gribonvald写道: > > Hi, > > I can't find in documentation how the logout should work with delegated > Authentification (from pac4j module as example). > > I'm looking on the workflow when the global logout is initiated from the > CAS (or from a service to the CAS), is there a way to propagate it to > the IDP which the user connected ? I can't have this working with a SAML > IDP whereas metadatas have the SLOLogout url information provided. > > Also is it working when the logout request come from the SAML IDP ? > > How this should work, what are the requirements ? I'm using the CAS V6 > master branch. > > Thanks, > > -- > Julien Gribonvald > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/898ec624-c3eb-4d16-9d48-d7b124fb5537%40apereo.org.
[cas-user] how to support stored procedure in CAS5.1
Hello everyone. I want to support "stored procedure" authentication when login at CAS , and successful in CAS4.2 but do not know how to do in CAS5.1? What I did is modified the CAS 4.2 'S source code and added cooresponse java bean in deployerConfigContext.xml files ,add the new jar file into lib folder but as I know , the CAS5.1 used spring-boot and changed a lot,now only the application.property file's setting can work, so should I do some operation to make it works or anything else I need to do ? any suggestion would be nice, thanks in advance. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/97a1bc88-b295-4afb-8b76-681a0f9b7034%40apereo.org.
[cas-user] Can CAS intergrate with other 4A system( Oracle4A /OAM/)?
Hi We are using CAS system in our current project, but we are ordered to intergrate our system to another system, that system is used Oracle'IDM 4A system, the "account " part will managed by the Oracle IDM, but for SSO and authorized part, will process by CAS, Here is our question, Can the CAS success intergrate to Oracle's 4A system in technical level?, does anybody knows? The engineer in Oracle told me, if the CAS's login phase can be modified, then the intergrate should be success. but I don't know if this had any problem, if oracle side modified the "cookie/session" value, the TGT/ST can still work? any help would be appricalful!! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca41f494-862f-4617-b0d8-b80a7eac54ba%40apereo.org.
[cas-user] How to use "SQL Stored Procedure" in Autheticate phase when login in CAS 5.1?
Hello, I used CAS5.1, now I can do autheticate part by connect to our database at login phase, but now we want to use "SQL Stored Procedure" instead of SQL to do autheticate, does any body now how to do this? In the "application.properties" file ,there are: cas.authn.jdbc.query[0].sql=select * from t_user where account="admin"// <= I want to replace this to SQL stored procedure, how to do it ? thanks for any helps. . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e52349f8-b1df-4fe7-98a2-b41f1c5e50ec%40apereo.org.
[cas-user] How to Ignore/Pass some page or folder under CAS5.1 in .Net side?
Hello, I know in CAS java client side, there is a option "ignorePattern" (in web.xml), this option can set the page or folder be ignored in CAS java client side. But Is there same option or something else exists in .Net side in webconfig? we want to ignore some page at .net side. I had googled a lot ,and studied doc, but found nothing, I think this would be a common question or I missed something, any help would be appricated! thanks zl -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/95ca6510-7288-47d4-a6b3-f069c5732ac4%40apereo.org.
[cas-user] Is the CAS sever and client both two side need same java version?
Hello, everyone, I used CAS5.1 server on centos, and the jdk is 1.8 and the CAS client use jboss 4.2.3 and jdk is 1.6, and when we do intergrate,there is a error like below, is the CAS require same jdk version for servr and client? Any help would be appricate!. - HTTP Status 500 - -- *type* Exception report *message* *description* *The server encountered an internal error () that prevented it from fulfilling this request.* *exception* java.lang.RuntimeException: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) *root cause* javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708) com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1222) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) *root cause* java.lang.RuntimeException: Could not generate DH keypair com.sun.net.ssl.internal.ssl.DHCrypt.(DHCrypt.java:114) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:559) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:186) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97)
[cas-user] Strange problem (HTTP Status 500) when intergrate our OA into CAS
Hello Everyone: I met a problem , when I am intergrate our company's OA into CAS5.1, there is a problem. I deploy the CAS server and client successfully, the OA is Java side and use JBOSS. Actually the OA url can registerd in CAS and login, but when input username and password, I got this, anybody know reason?, any help would be appricated...thanks. https://cdcoatest. -sdc.com/?ticket=ST-5-7OgOVmC1xgEWcJfvBLg6-account HTTP Status 500 - -- *type* Exception report *message* *description* *The server encountered an internal error () that prevented it from fulfilling this request.* *exception* java.lang.RuntimeException: java.net.SocketException: Software caused connection abort: recv failed org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) *root cause* java.net.SocketException: Software caused connection abort: recv failed java.net.SocketInputStream.socketRead0(Native Method) java.net.SocketInputStream.read(SocketInputStream.java:147) com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:422) com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:460) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0757cdd-5e75-4cdf-93bc-0b2f6d53e99b%40apereo.org.
[cas-user] SLO(Single Logout) issue problem in CAS5.1
Hello, everybody I have question about the SLO (single log out) problem for CAS5.1, I don't know if it is a bug. When I used CAS4.2.x , and used 2 Java client as CAS client, the SLO function works well, when I logout in A system, the account in B system will logout also. But when I keep anything same (include filter in web.xml) in CAS client, and only changed CAS server from 4.2 to 5.1, I found the SLO is not worked. Does any body know reason? I had test a little, and found some beans affect this slo , actually in CAS4.2, there is a file "cas-severlet.xml", its beans include logout and something. maybe it make slo works But in CAS5.1 I cannot find this file, and don't know how to do , any help will be very appricated, thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c948af02-20d0-4968-be67-bb5e7df26984%40apereo.org.
[cas-user] Re: Big question about CAS .net client (On CAS5.1)
Does the Dot Net side are not supported in CAS5.1 for the return other property issure? anybody knows? 在 2017年9月14日星期四 UTC+8下午5:32:58,zl anson写道: > > Hello guys > I met a big trouble when I using the CAS 5.1 on my project. This > is how to retrieve multi property of user from CAS .NET side. > Actually We used CAS5.1 , and test JAVA client, when we modify > the config, and filter on JAVA, the java client can get other propertys > of users (email, mobilephone, other info, etc) from CAS server. > But when we use "CAS .Net clinet" , it CAN NOT return more > information except username. I searched many web, and somebody said this > is cause JAVA use "CAS30" infilter , and “CAS20 is in .net” and > can't be solved now, so can anybody help me on this issue, any feedback > would be thankful. thanks. > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2dee48cb-2c49-4e94-9b4f-5229a6862095%40apereo.org.
[cas-user] Big question about CAS .net client (On CAS5.1)
Hello guys I met a big trouble when I using the CAS 5.1 on my project. This is how to retrieve multi property of user from CAS .NET side. Actually We used CAS5.1 , and test JAVA client, when we modify the config, and filter on JAVA, the java client can get other propertys of users (email, mobilephone, other info, etc) from CAS server. But when we use "CAS .Net clinet" , it CAN NOT return more information except username. I searched many web, and somebody said this is cause JAVA use "CAS30" infilter , and “CAS20 is in .net” and can't be solved now, so can anybody help me on this issue, any feedback would be thankful. thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7e98e2f-874b-4eec-babc-0e64f3571151%40apereo.org.
[cas-user] CAS5.1 ,Application Not Authorized to Use CAS , no service registry issue.???
hello, I had used CAS4.2.7, and it works well, I can use java and .net client to redirect to CAS server. But now , when I used a new machine and deployed CAS5.1, the java and .net client are all not work, it shows the service is not registered -- Application Not Authorized to Use CAS The services registry of CAS is empty and has no service definitions. Applications that wish to authenticate with CAS must explicitly be defined in the services registry. -- I had copy the json file in service folder from 4.2 to 5.1, and the regular expression should work I only find the "deployConfigContext.xml" in 4.2 between 5.1 is huge difference, In 4.2 it had “serviceRegistryDao”, but it had not in 5.1, is this is the reason, or else? anybody can help me is appreicaly, thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3eb67ef-6868-480b-bf66-424ceda5fb84%40apereo.org.