[cas-user] Re: delegated auth not working after upgrade to CAS 6.4.2

2021-12-14 Thread Noelette Stout 
I thought I'd just post an update on this. I tried this again with 6.4.4. 
Since my CAS server is not acting as a SAML IdP, I removed all saml-idp 
modules from my build which seems to have resolved the issue.

Noelette

On Monday, November 15, 2021 at 7:01:30 AM UTC-7 Noelette Stout wrote:

> At least I feel less crazy now :-)  I've been going nuts wondering what 
> changed in the configs (that I haven't touched) with the upgrade. I've gone 
> through double-checking syntax on everything.  
>
> Thanks for confirming, Bill.
>
> Noelette
>
> On Monday, November 15, 2021 at 6:52:58 AM UTC-7 William Jojo wrote:
>
>> Noelette,
>>
>> Confirmed. I am doing non-autoforwarding SAML2 delegation to Azure. I 
>> have nginx proxy in front of embedded Tomcat app.war. Works in 6.3.7.1, 
>> borked in 6.4.2. Double-checked all of my cas.properties, nothing amiss.
>>
>> In 6.3.7.1 (working):
>>
>> 2021-11-15 07:04:50,891 DEBUG 
>> [org.apereo.cas.web.DelegatedClientWebflowManager] - > properties [{method=, theme=, locale=en}]>
>> 2021-11-15 07:04:50,907 DEBUG 
>> [org.apereo.cas.web.DelegatedClientWebflowManager] - > authentication request ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] for 
>> service [null] with properties [{theme=, targetService=null, method=, 
>> locale=en, service=null}]>
>> 2021-11-15 07:04:50,914 DEBUG 
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] to registry.>
>> 2021-11-15 07:04:50,921 DEBUG 
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > [TST-396f9908-6411-4a39-9318-53da7953330a] could not be found>
>> 2021-11-15 07:04:50,922 DEBUG 
>> [org.apereo.cas.AbstractCentralAuthenticationService] - > [TST-396f9908-6411-4a39-9318-53da7953330a] by type [TransientSessionTicket] 
>> cannot be found in the ticket registry.>
>> 2021-11-15 07:04:50,923 DEBUG 
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>> 2021-11-15 07:04:51,141 DEBUG 
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>> 2021-11-15 07:04:51,352 DEBUG 
>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - > final redirect action for client [#SAML2Client# | name: HVCC Login - POC | 
>> callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: 
>> org.pac4j.core.http.url.DefaultUrlResolver@3538d8d6 | callbackUrlResolver: 
>> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@6785df10 | 
>> ajaxRequestResolver: 
>> org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@6e3705e6 | 
>> redirectionActionBuilder: 
>> org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@140b4e00 | 
>> credentialsExtractor: 
>> org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@169e989c | 
>> authenticator: 
>> org.pac4j.saml.credentials.authenticator.SAML2Authenticator@65930cf1 | 
>> profileCreator: 
>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@10f5 | 
>> logoutActionBuilder: 
>> org.pac4j.saml.logout.SAML2LogoutActionBuilder@335d3d90 | 
>> authorizationGenerators: [] |] as [#HttpAction# | code: 302 |]>
>>
>>
>> In 6.4.2 (borked):
>>
>> 2021-11-15 06:56:22,281 DEBUG 
>> [org.apereo.cas.support.pac4j.authentication.DefaultDelegatedClientFactory] 
>> - > callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: null | 
>> callbackUrlResolver: 
>> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@672e8871 | 
>> ajaxRequestResolver: null | redirectionActionBuilder: null | 
>> credentialsExtractor: null | authenticator: null | profileCreator: 
>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@34e68840 | 
>> logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@510203de | 
>> authorizationGenerators: [] | checkAuthenticationAttempt: true |]>
>> 2021-11-15 06:56:22,281 DEBUG 
>> [org.apereo.cas.support.pac4j.RefreshableDelegatedClients] - > clients are built: [[#SAML2Client# | name: HVCC Login - POC | callbackUrl: 
>> https://casdev.hvcc.edu/cas/login | urlResolver: null | 
>> callbackUrlResolver: 
>> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@672e8871 | 
>> ajaxRequestResolver: null | redirectionActionBuilder: null | 
>> credentialsExtractor: null | authenticator: null | profileCreator: 
>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@34e68840 | 
>> logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@510203de | 
>> authorizationGenerators: [] | checkAuthenticationAttempt: true |]]>
>> 2021-11-15 06:56:22,767 DEBUG 
>> [org.apereo.cas.web.DefaultDelegatedClientAuthenticationWebflowManager] - 
>> 
>> 2021-11-15 06:56:22,788 DEBUG 
>> [org.apereo.cas.web.DefaultDelegatedClientAuthenticationWebflowManager] - 
>> > [TST-1-oa-QpQisQzARmzQPQIaGG-CTDvjlXGnw] for service [null] with properties 
>> [{theme=, targetService=null, method=, locale=, service=null}]>
>> 2021-11-15

[cas-user] Re: delegated auth not working after upgrade to CAS 6.4.2

2021-12-14 Thread Noelette Stout 
lol, I wish. I'm just a sysadmin with a lot of years of troubleshooting.

At this point, it's as much trial and error as anything. I look up the
various possible settings and try different things. For now, I'm running
6.3.7.2 in dev and prod where people are actually using it. So to some
extent, I also just wait for the next release and try again. I'm thinking
of just jumping to 6.5x and see if I can get everything to play nice and be
happy there.  We were supposed to be moving off CAS to a 3rd party SAML
SSO. However, I've had various issues getting things to work with direct
authentication, so I set my CAS servers up to do delegated authentication.
I can't decide if I'm happy or not that everything "just works" when I run
it through CAS.

The other way I get stuff fixed is to post here and hope someone has a
better idea than I do :-D

On Tue, Dec 14, 2021 at 9:39 AM Sam Hough  wrote:

> Oh no. Probably showing my age... but without a bug database what is your
> process for getting this stuff fixed? Are you a Java developer?
>
> On Tuesday, 14 December 2021 at 16:35:59 UTC stou...@isu.edu wrote:
>
>> That sounds terrible. Once I moved from alpha to dev, I've just
>> discovered that logout is throwing a 500 error
>>
>> On Tue, Dec 14, 2021 at 9:12 AM Sam Hough  wrote:
>>
>>> Thanks for letting us know. I think I'm stuck on a different issue
>>> related to pac4j change that break pulling over the only attribute I want...
>>>
>>> Cheers
>>>
>>> Sam
>>>
>>> On Tuesday, 14 December 2021 at 15:59:23 UTC stou...@isu.edu wrote:
>>>
 I thought I'd just post an update on this. I tried this again with
 6.4.4. Since my CAS server is not acting as a SAML IdP, I removed all
 saml-idp modules from my build which seems to have resolved the issue.

 Noelette

 On Monday, November 15, 2021 at 7:01:30 AM UTC-7 Noelette Stout wrote:

> At least I feel less crazy now :-)  I've been going nuts wondering
> what changed in the configs (that I haven't touched) with the upgrade. 
> I've
> gone through double-checking syntax on everything.
>
> Thanks for confirming, Bill.
>
> Noelette
>
> On Monday, November 15, 2021 at 6:52:58 AM UTC-7 William Jojo wrote:
>
>> Noelette,
>>
>> Confirmed. I am doing non-autoforwarding SAML2 delegation to Azure. I
>> have nginx proxy in front of embedded Tomcat app.war. Works in 6.3.7.1,
>> borked in 6.4.2. Double-checked all of my cas.properties, nothing amiss.
>>
>> In 6.3.7.1 (working):
>>
>> 2021-11-15 07:04:50,891 DEBUG
>> [org.apereo.cas.web.DelegatedClientWebflowManager] - > properties [{method=, theme=, locale=en}]>
>> 2021-11-15 07:04:50,907 DEBUG
>> [org.apereo.cas.web.DelegatedClientWebflowManager] - > authentication request ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] 
>> for
>> service [null] with properties [{theme=, targetService=null, method=,
>> locale=en, service=null}]>
>> 2021-11-15 07:04:50,914 DEBUG
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] to registry.>
>> 2021-11-15 07:04:50,921 DEBUG
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > [TST-396f9908-6411-4a39-9318-53da7953330a] could not be found>
>> 2021-11-15 07:04:50,922 DEBUG
>> [org.apereo.cas.AbstractCentralAuthenticationService] - > [TST-396f9908-6411-4a39-9318-53da7953330a] by type 
>> [TransientSessionTicket]
>> cannot be found in the ticket registry.>
>> 2021-11-15 07:04:50,923 DEBUG
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>> 2021-11-15 07:04:51,141 DEBUG
>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - > ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>> 2021-11-15 07:04:51,352 DEBUG
>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - > final redirect action for client [#SAML2Client# | name: HVCC Login - POC 
>> |
>> callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver:
>> org.pac4j.core.http.url.DefaultUrlResolver@3538d8d6 |
>> callbackUrlResolver:
>> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@6785df10
>> | ajaxRequestResolver:
>> org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@6e3705e6 |
>> redirectionActionBuilder:
>> org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@140b4e00 |
>> credentialsExtractor:
>> org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@169e989c
>> | authenticator:
>> org.pac4j.saml.credentials.authenticator.SAML2Authenticator@65930cf1
>> | profileCreator:
>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@10f5
>> | logoutActionBuilder:
>> org.pac4j.saml.logout.SAML2LogoutActionBuilder@335d3d90 |
>>

[cas-user] Re: delegated auth not working after upgrade to CAS 6.4.2

2021-12-14 Thread Sam Hough 
Don't need the "just" ;)

I'd like to move away from CAS but we use the CAS protocol a lot (although 
deprecated for new services) and there is always talk of a big project that 
would make it silly to replace this little bit.

I'm a Java developer and have been spending a long time debugging CAS. Not 
much fun.

Anyway, good luck with your logout. I've not got that far yet ;)

On Tuesday, 14 December 2021 at 16:47:28 UTC stou...@isu.edu wrote:

> lol, I wish. I'm just a sysadmin with a lot of years of troubleshooting.
>
> At this point, it's as much trial and error as anything. I look up the 
> various possible settings and try different things. For now, I'm running 
> 6.3.7.2 in dev and prod where people are actually using it. So to some 
> extent, I also just wait for the next release and try again. I'm thinking 
> of just jumping to 6.5x and see if I can get everything to play nice and be 
> happy there.  We were supposed to be moving off CAS to a 3rd party SAML 
> SSO. However, I've had various issues getting things to work with direct 
> authentication, so I set my CAS servers up to do delegated authentication. 
> I can't decide if I'm happy or not that everything "just works" when I run 
> it through CAS. 
>
> The other way I get stuff fixed is to post here and hope someone has a 
> better idea than I do :-D
>
> On Tue, Dec 14, 2021 at 9:39 AM Sam Hough  wrote:
>
>> Oh no. Probably showing my age... but without a bug database what is your 
>> process for getting this stuff fixed? Are you a Java developer?
>>
>> On Tuesday, 14 December 2021 at 16:35:59 UTC stou...@isu.edu wrote:
>>
>>> That sounds terrible. Once I moved from alpha to dev, I've just 
>>> discovered that logout is throwing a 500 error
>>>
>>> On Tue, Dec 14, 2021 at 9:12 AM Sam Hough  wrote:
>>>
 Thanks for letting us know. I think I'm stuck on a different issue 
 related to pac4j change that break pulling over the only attribute I 
 want...

 Cheers

 Sam

 On Tuesday, 14 December 2021 at 15:59:23 UTC stou...@isu.edu wrote:

> I thought I'd just post an update on this. I tried this again with 
> 6.4.4. Since my CAS server is not acting as a SAML IdP, I removed all 
> saml-idp modules from my build which seems to have resolved the issue.
>
> Noelette
>
> On Monday, November 15, 2021 at 7:01:30 AM UTC-7 Noelette Stout wrote:
>
>> At least I feel less crazy now :-)  I've been going nuts wondering 
>> what changed in the configs (that I haven't touched) with the upgrade. 
>> I've 
>> gone through double-checking syntax on everything.  
>>
>> Thanks for confirming, Bill.
>>
>> Noelette
>>
>> On Monday, November 15, 2021 at 6:52:58 AM UTC-7 William Jojo wrote:
>>
>>> Noelette,
>>>
>>> Confirmed. I am doing non-autoforwarding SAML2 delegation to Azure. 
>>> I have nginx proxy in front of embedded Tomcat app.war. Works in 
>>> 6.3.7.1, 
>>> borked in 6.4.2. Double-checked all of my cas.properties, nothing amiss.
>>>
>>> In 6.3.7.1 (working):
>>>
>>> 2021-11-15 07:04:50,891 DEBUG 
>>> [org.apereo.cas.web.DelegatedClientWebflowManager] - >> properties [{method=, theme=, locale=en}]>
>>> 2021-11-15 07:04:50,907 DEBUG 
>>> [org.apereo.cas.web.DelegatedClientWebflowManager] - >> authentication request ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] 
>>> for 
>>> service [null] with properties [{theme=, targetService=null, method=, 
>>> locale=en, service=null}]>
>>> 2021-11-15 07:04:50,914 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - 
>>> >> ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] to registry.>
>>> 2021-11-15 07:04:50,921 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - 
>>> >> [TST-396f9908-6411-4a39-9318-53da7953330a] could not be found>
>>> 2021-11-15 07:04:50,922 DEBUG 
>>> [org.apereo.cas.AbstractCentralAuthenticationService] - >> [TST-396f9908-6411-4a39-9318-53da7953330a] by type 
>>> [TransientSessionTicket] 
>>> cannot be found in the ticket registry.>
>>> 2021-11-15 07:04:50,923 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - 
>>> >> ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>>> 2021-11-15 07:04:51,141 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - 
>>> >> ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>>> 2021-11-15 07:04:51,352 DEBUG 
>>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - 
>>> >> final redirect action for client [#SAML2Client# | name: HVCC Login - 
>>> POC | 
>>> callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: 
>>> org.pac4j.core.http.url.DefaultUrlResolver@3538d8d6 | 
>>> callbackUrlResolver: 
>>>

Re: [cas-user] log4j vulnerability remediation

2021-12-14 Thread Joe Manavalan 
Thanks @ robertoschwald

That worked for me as well

build.gradle
---
dependencies {
compile "org.apache.logging.log4j:log4j-api:2.15.0"
compile "org.apache.logging.log4j:log4j-core:2.15.0"
compile "org.apache.logging.log4j:log4j-jcl:2.15.0"
compile "org.apache.logging.log4j:log4j-jul:2.15.0"
compile "org.apache.logging.log4j:log4j-web:2.15.0"
compile "org.apache.logging.log4j:log4j-slf4j18-impl:2.15.0"
}

bootWar {
entryCompression = ZipEntryCompression.STORED
overlays {
cas {
from "org.apereo.cas:cas-server-webapp${project.appServer}:${
casServerVersion}@war"
provided = false
excludes = ["WEB-INF/lib/log4j-*-2.12.1.jar"]
}
}
}

On Tuesday, December 14, 2021 at 10:41:32 AM UTC-6 robertoschwald wrote:

> We had the same problem and we did the following:
>
> 1. Overwrite BOM defined version in gradle.properties
>
> # BOM overwritten versions
> # CVE-2021-44228 critical fix in 2.15.0.
> # 2.16.0 further secures.
> # See https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
> log4j2.version=2.16.0
>
> 2. add the dependencies to build.gradle
> We use a fairly old CAS Server, so we use these deps. Normally, you do not 
> have to state the ones which have no version, are taken with the version 
> you defined in log4j2.version variable, but we stated them explicitly, so 
> one knows what artifacts are affected.
>
> // Log4j2 critical security flaw fixed in 2.15.0
> compile "org.apache.logging.log4j:log4j-api"
> compile "org.apache.logging.log4j:log4j-core"
> compile "org.apache.logging.log4j:log4j-jcl:${project.'log4j2.version'}"
> compile "org.apache.logging.log4j:log4j-slf4j-impl"
> compile "org.apache.logging.log4j:log4j-web:${project.'log4j2.version’}"
>
> 3. Exclude the old dependencies from war-overlay
> This is an important step.
> As you get the dependencies from the original, overlayed war file, you 
> must exclude them in the war task, so only your versions are taken.
>
> war {
> ...
>   // exclusion list of all dependencies contained in the original cas-WAR 
> for which we use newer versions.
>   // You must exclude all of them, otherwise we get duplicate dependencies 
> in our cas.war !
>   // log4j2 insecure version remove. See above.
>   exclude "WEB-INF/lib/log4j-*-2.12.1.jar"
>   exclude "WEB-INF/lib/jul-to-slf4j-1.7.32.jar"
>   exclude "WEB-INF/lib/slf4j-api-1.7.32.jar"
> }
>
> Hope that helps.
>
>
>
> Am 14.12.2021 um 17:25 schrieb Jeffrey Ramsay :
>
> Same experience.
>
> On Tue, Dec 14, 2021 at 11:02 AM apereo_cas_user  
> wrote:
>
>> We use cas 6.1.7  overlay template [still in pre-prod] for delegated 
>> authentication.
>> As a temp solution we replaced log4j  2.12.1 with 2.15.0 manually and 
>> bounced tomcat.
>> Is there a way we can exclude 2.12.1 from the build . [I can pull in 
>> 2.15.0 by adding in build.gradle but conflict with 2.12.1].  We have issues 
>> when upgrading to 6.3.7.2 
>>
>> Thanks
>>
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/affbd618-e1e6-427f-b333-e00ca54bf1aen%40apereo.org
>>  
>> 
>> .
>>
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org.
>
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ-AecysHAxD0FHEdBnTTHD3wNTa_d1xXcVVRmuC16A5g%40mail.gmail.com
>  
> 
> .
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit

[cas-user] Re: log4j vulnerability remediation

2021-12-14 Thread Pablo Vidaurri 
Note v2.16.0 is now out  a patch for the patch

On Tuesday, December 14, 2021 at 10:02:48 AM UTC-6 apereo_cas_user wrote:

> We use cas 6.1.7  overlay template [still in pre-prod] for delegated 
> authentication.
> As a temp solution we replaced log4j  2.12.1 with 2.15.0 manually and 
> bounced tomcat.
> Is there a way we can exclude 2.12.1 from the build . [I can pull in 
> 2.15.0 by adding in build.gradle but conflict with 2.12.1].  We have issues 
> when upgrading to 6.3.7.2 
>
> Thanks
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/379632b4-2e9b-40b1-824d-1eebbdee4f83n%40apereo.org.

[cas-user] Re: [cas-dev] CAS registry migration

2021-12-14 Thread David Gelhar 
That message might mean that you're missing the OIDC dependency in your 
build.gradle

Make sure you have something like

implementation 
"org.apereo.cas:cas-server-support-oidc:${project.'cas.version'}"


> On Dec 14, 2021, at 8:28 AM, Jeffrey Ramsay  wrote:
> 
> Hello -
> 
> What is the process for migrating the service registry from CAS 6.2 to 6.4? I 
> have used the service endpoints to export the 6.2 registry and then tried to 
> import into the new 6.4 system registry and that fails. Placing the exported 
> json files in the services area fails as shown below -- and this is not the 
> only error; removing the failed section leads to another very similar message.
> 
> 2021-12-14 07:38:12,198 ERROR 
> [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - 
>  [{"@class":"org.apereo.cas.services.OidcRegisteredService","serviceId":"https://b.
>  ...edu:6129/bprep/apex...] to deserialize into type [interface 
> org.apereo.cas.services.RegisteredService]. This may be caused in the absence 
> of a configuration/support module that knows how to interpret the fragment, 
> specially if the fragment describes a CAS registered service definition. 
> Internal parsing error is [Cannot deserialize value of type 
> `org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties$MergingStrategyTypes`
>  from String "replace": not one of the values accepted for Enum class: [NONE, 
> ADD, MULTIVALUED, REPLACE]
>  at [Source: 
> (String)"{"@class":"org.apereo.cas.services.OidcRegisteredService","serviceId":"https://b.
>  
> edu:6129/bprep/apex_authentication.callback","name":"Butternut
>  - OAuth Client","id":24,"description":"Butternut - OAuth 
> Client","expirationPolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy","deleteWhenExpired":false,"notifyWhenDeleted":false,"notifyWhenExpired":false},"acceptableUsagePolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceAcceptableU"[truncated
>  4324 chars]; line: 1, column: 2036] (through reference chain: 
> org.apereo.cas.services.OidcRegisteredService["attributeReleasePolicy"]->org.apereo.cas.services.ChainingAttributeReleasePolicy["mergingPolicy"])]>
> 
> You can point the 6.4 system to the 6.2 database; however, the registry data 
> are in two different tables, so what are we supposed to do?
> 
> The 6.2 system uses the MySQL table regex_registered_service and 6.4 uses 
> registered_services. I have hundreds of services to manually re add unless I 
> want to strp all but the first six lines from every json file and then modify 
> each using the management service.
> 
> https://fawnoos.com/2020/08/15/cas63x-import-export-services/ 
> 
> 
> -Jeff
> 
> 
>  
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Developer" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-dev+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CA%2BTBYOQ0PsvRbcY1Wdv2JPiiJ3dBno7JTbm7%3D%2Bj%3DWXJid6ZjpQ%40mail.gmail.com
>  
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/09642D6A-D375-4122-AB3B-03AC86E493D9%40gmail.com.

[cas-user] Re: delegated auth not working after upgrade to CAS 6.4.2

2021-12-14 Thread Sam Hough 
Thanks for letting us know. I think I'm stuck on a different issue related 
to pac4j change that break pulling over the only attribute I want...

Cheers

Sam

On Tuesday, 14 December 2021 at 15:59:23 UTC stou...@isu.edu wrote:

> I thought I'd just post an update on this. I tried this again with 6.4.4. 
> Since my CAS server is not acting as a SAML IdP, I removed all saml-idp 
> modules from my build which seems to have resolved the issue.
>
> Noelette
>
> On Monday, November 15, 2021 at 7:01:30 AM UTC-7 Noelette Stout wrote:
>
>> At least I feel less crazy now :-)  I've been going nuts wondering what 
>> changed in the configs (that I haven't touched) with the upgrade. I've gone 
>> through double-checking syntax on everything.  
>>
>> Thanks for confirming, Bill.
>>
>> Noelette
>>
>> On Monday, November 15, 2021 at 6:52:58 AM UTC-7 William Jojo wrote:
>>
>>> Noelette,
>>>
>>> Confirmed. I am doing non-autoforwarding SAML2 delegation to Azure. I 
>>> have nginx proxy in front of embedded Tomcat app.war. Works in 6.3.7.1, 
>>> borked in 6.4.2. Double-checked all of my cas.properties, nothing amiss.
>>>
>>> In 6.3.7.1 (working):
>>>
>>> 2021-11-15 07:04:50,891 DEBUG 
>>> [org.apereo.cas.web.DelegatedClientWebflowManager] - >> properties [{method=, theme=, locale=en}]>
>>> 2021-11-15 07:04:50,907 DEBUG 
>>> [org.apereo.cas.web.DelegatedClientWebflowManager] - >> authentication request ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] for 
>>> service [null] with properties [{theme=, targetService=null, method=, 
>>> locale=en, service=null}]>
>>> 2021-11-15 07:04:50,914 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >> ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] to registry.>
>>> 2021-11-15 07:04:50,921 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >> [TST-396f9908-6411-4a39-9318-53da7953330a] could not be found>
>>> 2021-11-15 07:04:50,922 DEBUG 
>>> [org.apereo.cas.AbstractCentralAuthenticationService] - >> [TST-396f9908-6411-4a39-9318-53da7953330a] by type [TransientSessionTicket] 
>>> cannot be found in the ticket registry.>
>>> 2021-11-15 07:04:50,923 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >> ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>>> 2021-11-15 07:04:51,141 DEBUG 
>>> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >> ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
>>> 2021-11-15 07:04:51,352 DEBUG 
>>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - >> final redirect action for client [#SAML2Client# | name: HVCC Login - POC | 
>>> callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: 
>>> org.pac4j.core.http.url.DefaultUrlResolver@3538d8d6 | callbackUrlResolver: 
>>> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@6785df10 | 
>>> ajaxRequestResolver: 
>>> org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@6e3705e6 | 
>>> redirectionActionBuilder: 
>>> org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@140b4e00 | 
>>> credentialsExtractor: 
>>> org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@169e989c | 
>>> authenticator: 
>>> org.pac4j.saml.credentials.authenticator.SAML2Authenticator@65930cf1 | 
>>> profileCreator: 
>>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@10f5 | 
>>> logoutActionBuilder: 
>>> org.pac4j.saml.logout.SAML2LogoutActionBuilder@335d3d90 | 
>>> authorizationGenerators: [] |] as [#HttpAction# | code: 302 |]>
>>>
>>>
>>> In 6.4.2 (borked):
>>>
>>> 2021-11-15 06:56:22,281 DEBUG 
>>> [org.apereo.cas.support.pac4j.authentication.DefaultDelegatedClientFactory] 
>>> - >> callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: null | 
>>> callbackUrlResolver: 
>>> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@672e8871 | 
>>> ajaxRequestResolver: null | redirectionActionBuilder: null | 
>>> credentialsExtractor: null | authenticator: null | profileCreator: 
>>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@34e68840 | 
>>> logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@510203de | 
>>> authorizationGenerators: [] | checkAuthenticationAttempt: true |]>
>>> 2021-11-15 06:56:22,281 DEBUG 
>>> [org.apereo.cas.support.pac4j.RefreshableDelegatedClients] - >> clients are built: [[#SAML2Client# | name: HVCC Login - POC | callbackUrl: 
>>> https://casdev.hvcc.edu/cas/login | urlResolver: null | 
>>> callbackUrlResolver: 
>>> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@672e8871 | 
>>> ajaxRequestResolver: null | redirectionActionBuilder: null | 
>>> credentialsExtractor: null | authenticator: null | profileCreator: 
>>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@34e68840 | 
>>> logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@510203de | 
>>> authorizationGenerators: [] | checkAuthenticationAttempt: true |]]>
>>> 2021-11-15 06:56:22,767 DEBUG 
>>>

[cas-user] Re: delegated auth not working after upgrade to CAS 6.4.2

2021-12-14 Thread Noelette Stout 
That sounds terrible. Once I moved from alpha to dev, I've just discovered
that logout is throwing a 500 error

On Tue, Dec 14, 2021 at 9:12 AM Sam Hough  wrote:

> Thanks for letting us know. I think I'm stuck on a different issue related
> to pac4j change that break pulling over the only attribute I want...
>
> Cheers
>
> Sam
>
> On Tuesday, 14 December 2021 at 15:59:23 UTC stou...@isu.edu wrote:
>
>> I thought I'd just post an update on this. I tried this again with 6.4.4.
>> Since my CAS server is not acting as a SAML IdP, I removed all saml-idp
>> modules from my build which seems to have resolved the issue.
>>
>> Noelette
>>
>> On Monday, November 15, 2021 at 7:01:30 AM UTC-7 Noelette Stout wrote:
>>
>>> At least I feel less crazy now :-)  I've been going nuts wondering what
>>> changed in the configs (that I haven't touched) with the upgrade. I've gone
>>> through double-checking syntax on everything.
>>>
>>> Thanks for confirming, Bill.
>>>
>>> Noelette
>>>
>>> On Monday, November 15, 2021 at 6:52:58 AM UTC-7 William Jojo wrote:
>>>
 Noelette,

 Confirmed. I am doing non-autoforwarding SAML2 delegation to Azure. I
 have nginx proxy in front of embedded Tomcat app.war. Works in 6.3.7.1,
 borked in 6.4.2. Double-checked all of my cas.properties, nothing amiss.

 In 6.3.7.1 (working):

 2021-11-15 07:04:50,891 DEBUG
 [org.apereo.cas.web.DelegatedClientWebflowManager] - >>> properties [{method=, theme=, locale=en}]>
 2021-11-15 07:04:50,907 DEBUG
 [org.apereo.cas.web.DelegatedClientWebflowManager] - >>> authentication request ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] for
 service [null] with properties [{theme=, targetService=null, method=,
 locale=en, service=null}]>
 2021-11-15 07:04:50,914 DEBUG
 [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >>> ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] to registry.>
 2021-11-15 07:04:50,921 DEBUG
 [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >>> [TST-396f9908-6411-4a39-9318-53da7953330a] could not be found>
 2021-11-15 07:04:50,922 DEBUG
 [org.apereo.cas.AbstractCentralAuthenticationService] - >>> [TST-396f9908-6411-4a39-9318-53da7953330a] by type [TransientSessionTicket]
 cannot be found in the ticket registry.>
 2021-11-15 07:04:50,923 DEBUG
 [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >>> ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
 2021-11-15 07:04:51,141 DEBUG
 [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - >>> ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
 2021-11-15 07:04:51,352 DEBUG
 [org.apereo.cas.web.BaseDelegatedAuthenticationController] - >>> final redirect action for client [#SAML2Client# | name: HVCC Login - POC |
 callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver:
 org.pac4j.core.http.url.DefaultUrlResolver@3538d8d6 |
 callbackUrlResolver:
 org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@6785df10
 | ajaxRequestResolver:
 org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@6e3705e6 |
 redirectionActionBuilder:
 org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@140b4e00 |
 credentialsExtractor:
 org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@169e989c
 | authenticator:
 org.pac4j.saml.credentials.authenticator.SAML2Authenticator@65930cf1 |
 profileCreator:
 org.pac4j.core.profile.creator.AuthenticatorProfileCreator@10f5 |
 logoutActionBuilder: 
 org.pac4j.saml.logout.SAML2LogoutActionBuilder@335d3d90
 | authorizationGenerators: [] |] as [#HttpAction# | code: 302 |]>


 In 6.4.2 (borked):

 2021-11-15 06:56:22,281 DEBUG
 [org.apereo.cas.support.pac4j.authentication.DefaultDelegatedClientFactory]
 - >>> callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: null |
 callbackUrlResolver:
 org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@672e8871
 | ajaxRequestResolver: null | redirectionActionBuilder: null |
 credentialsExtractor: null | authenticator: null | profileCreator:
 org.pac4j.core.profile.creator.AuthenticatorProfileCreator@34e68840 |
 logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@510203de
 | authorizationGenerators: [] | checkAuthenticationAttempt: true |]>
 2021-11-15 06:56:22,281 DEBUG
 [org.apereo.cas.support.pac4j.RefreshableDelegatedClients] - >>> clients are built: [[#SAML2Client# | name: HVCC Login - POC | callbackUrl:
 https://casdev.hvcc.edu/cas/login | urlResolver: null |
 callbackUrlResolver:
 org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@672e8871
 | ajaxRequestResolver: null | redirectionActionBuilder: null |
 credentialsExtractor: null | authenticator: null | profileCreator:

Re: [cas-user] log4j vulnerability remediation

2021-12-14 Thread Jeffrey Ramsay 
Same experience.

On Tue, Dec 14, 2021 at 11:02 AM apereo_cas_user 
wrote:

> We use cas 6.1.7  overlay template [still in pre-prod] for delegated
> authentication.
> As a temp solution we replaced log4j  2.12.1 with 2.15.0 manually and
> bounced tomcat.
> Is there a way we can exclude 2.12.1 from the build . [I can pull in
> 2.15.0 by adding in build.gradle but conflict with 2.12.1].  We have issues
> when upgrading to 6.3.7.2
>
> Thanks
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/affbd618-e1e6-427f-b333-e00ca54bf1aen%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ-AecysHAxD0FHEdBnTTHD3wNTa_d1xXcVVRmuC16A5g%40mail.gmail.com.

[cas-user] log4j vulnerability remediation

2021-12-14 Thread apereo_cas_user 
We use cas 6.1.7  overlay template [still in pre-prod] for delegated 
authentication.
As a temp solution we replaced log4j  2.12.1 with 2.15.0 manually and 
bounced tomcat.
Is there a way we can exclude 2.12.1 from the build . [I can pull in 2.15.0 
by adding in build.gradle but conflict with 2.12.1].  We have issues when 
upgrading to 6.3.7.2 

Thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/affbd618-e1e6-427f-b333-e00ca54bf1aen%40apereo.org.

[cas-user] Re: delegated auth not working after upgrade to CAS 6.4.2

2021-12-14 Thread Sam Hough 
Oh no. Probably showing my age... but without a bug database what is your 
process for getting this stuff fixed? Are you a Java developer?

On Tuesday, 14 December 2021 at 16:35:59 UTC stou...@isu.edu wrote:

> That sounds terrible. Once I moved from alpha to dev, I've just discovered 
> that logout is throwing a 500 error
>
> On Tue, Dec 14, 2021 at 9:12 AM Sam Hough  wrote:
>
>> Thanks for letting us know. I think I'm stuck on a different issue 
>> related to pac4j change that break pulling over the only attribute I want...
>>
>> Cheers
>>
>> Sam
>>
>> On Tuesday, 14 December 2021 at 15:59:23 UTC stou...@isu.edu wrote:
>>
>>> I thought I'd just post an update on this. I tried this again with 
>>> 6.4.4. Since my CAS server is not acting as a SAML IdP, I removed all 
>>> saml-idp modules from my build which seems to have resolved the issue.
>>>
>>> Noelette
>>>
>>> On Monday, November 15, 2021 at 7:01:30 AM UTC-7 Noelette Stout wrote:
>>>
 At least I feel less crazy now :-)  I've been going nuts wondering what 
 changed in the configs (that I haven't touched) with the upgrade. I've 
 gone 
 through double-checking syntax on everything.  

 Thanks for confirming, Bill.

 Noelette

 On Monday, November 15, 2021 at 6:52:58 AM UTC-7 William Jojo wrote:

> Noelette,
>
> Confirmed. I am doing non-autoforwarding SAML2 delegation to Azure. I 
> have nginx proxy in front of embedded Tomcat app.war. Works in 6.3.7.1, 
> borked in 6.4.2. Double-checked all of my cas.properties, nothing amiss.
>
> In 6.3.7.1 (working):
>
> 2021-11-15 07:04:50,891 DEBUG 
> [org.apereo.cas.web.DelegatedClientWebflowManager] -  properties [{method=, theme=, locale=en}]>
> 2021-11-15 07:04:50,907 DEBUG 
> [org.apereo.cas.web.DelegatedClientWebflowManager] -  authentication request ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] 
> for 
> service [null] with properties [{theme=, targetService=null, method=, 
> locale=en, service=null}]>
> 2021-11-15 07:04:50,914 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] -  ticket [TST-1-dWlIqP8W8O7dFxCdIVvxFZ7YM2xj-dai] to registry.>
> 2021-11-15 07:04:50,921 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] -  [TST-396f9908-6411-4a39-9318-53da7953330a] could not be found>
> 2021-11-15 07:04:50,922 DEBUG 
> [org.apereo.cas.AbstractCentralAuthenticationService] -  [TST-396f9908-6411-4a39-9318-53da7953330a] by type 
> [TransientSessionTicket] 
> cannot be found in the ticket registry.>
> 2021-11-15 07:04:50,923 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] -  ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
> 2021-11-15 07:04:51,141 DEBUG 
> [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] -  ticket [TST-396f9908-6411-4a39-9318-53da7953330a] to registry.>
> 2021-11-15 07:04:51,352 DEBUG 
> [org.apereo.cas.web.BaseDelegatedAuthenticationController] -  final redirect action for client [#SAML2Client# | name: HVCC Login - POC 
> | 
> callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: 
> org.pac4j.core.http.url.DefaultUrlResolver@3538d8d6 | 
> callbackUrlResolver: 
> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@6785df10 | 
> ajaxRequestResolver: 
> org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@6e3705e6 | 
> redirectionActionBuilder: 
> org.pac4j.saml.redirect.SAML2RedirectionActionBuilder@140b4e00 | 
> credentialsExtractor: 
> org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor@169e989c | 
> authenticator: 
> org.pac4j.saml.credentials.authenticator.SAML2Authenticator@65930cf1 | 
> profileCreator: 
> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@10f5 | 
> logoutActionBuilder: 
> org.pac4j.saml.logout.SAML2LogoutActionBuilder@335d3d90 | 
> authorizationGenerators: [] |] as [#HttpAction# | code: 302 |]>
>
>
> In 6.4.2 (borked):
>
> 2021-11-15 06:56:22,281 DEBUG 
> [org.apereo.cas.support.pac4j.authentication.DefaultDelegatedClientFactory]
>  
> -  callbackUrl: https://casdev.hvcc.edu/cas/login | urlResolver: null | 
> callbackUrlResolver: 
> org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver@672e8871 | 
> ajaxRequestResolver: null | redirectionActionBuilder: null | 
> credentialsExtractor: null | authenticator: null | profileCreator: 
> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@34e68840 | 
> logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@510203de 
> | 
> authorizationGenerators: [] | checkAuthenticationAttempt: true |]>
> 2021-11-15 06:56:22,281 DEBUG 
> [org.apereo.cas.support.pac4j.RefreshableDelegatedClients] -  following 
> clients are built:

[cas-user] CAS registry migration

2021-12-14 Thread Jeffrey Ramsay 
Hello -

What is the process for migrating the service registry from CAS 6.2 to 6.4?
I have used the service endpoints to export the 6.2 registry and then tried
to import into the new 6.4 system registry and that fails. Placing the
exported json files in the services area fails as shown below -- and this
is not the only error; removing the failed section leads to another very
similar message.

2021-12-14 07:38:12,198 ERROR
[org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] -
https://bedu:6129/bprep/apex...] to deserialize into type [interface
org.apereo.cas.services.RegisteredService]. This may be caused in the
absence of a configuration/support module that knows how to interpret the
fragment, specially if the fragment describes a CAS registered service
definition. Internal parsing error is [Cannot deserialize value of type
`org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties$MergingStrategyTypes`
from String "replace": not one of the values accepted for Enum class:
[NONE, ADD, MULTIVALUED, REPLACE]
 at [Source:
(String)"{"@class":"org.apereo.cas.services.OidcRegisteredService","serviceId":"
https://b.edu:6129/bprep/apex_authentication.callback","name":"Butternut
- OAuth Client","id":24,"description":"Butternut - OAuth
Client","expirationPolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy","deleteWhenExpired":false,"notifyWhenDeleted":false,"notifyWhenExpired":false},"acceptableUsagePolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceAcceptableU"[truncated
4324 chars]; line: 1, column: 2036] (through reference chain:
org.apereo.cas.services.OidcRegisteredService["attributeReleasePolicy"]->org.apereo.cas.services.ChainingAttributeReleasePolicy["mergingPolicy"])]>

You can point the 6.4 system to the 6.2 database; however, the registry
data are in two different tables, so what are we supposed to do?

The 6.2 system uses the MySQL table regex_registered_service and 6.4
uses registered_services. I have hundreds of services to manually re add
unless I want to strp all but the first six lines from every json file and
then modify each using the management service.

https://fawnoos.com/2020/08/15/cas63x-import-export-services/

-Jeff

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ0PsvRbcY1Wdv2JPiiJ3dBno7JTbm7%3D%2Bj%3DWXJid6ZjpQ%40mail.gmail.com.

Re: [cas-user] log4j vulnerability remediation

2021-12-14 Thread Robert Oschwald 
We had the same problem and we did the following:

1. Overwrite BOM defined version in gradle.properties

# BOM overwritten versions
# CVE-2021-44228 critical fix in 2.15.0.
# 2.16.0 further secures.
# See https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
log4j2.version=2.16.0

2. add the dependencies to build.gradle
We use a fairly old CAS Server, so we use these deps. Normally, you do not have 
to state the ones which have no version, are taken with the version you defined 
in log4j2.version variable, but we stated them explicitly, so one knows what 
artifacts are affected.

// Log4j2 critical security flaw fixed in 2.15.0
compile "org.apache.logging.log4j:log4j-api"
compile "org.apache.logging.log4j:log4j-core"
compile "org.apache.logging.log4j:log4j-jcl:${project.'log4j2.version'}"
compile "org.apache.logging.log4j:log4j-slf4j-impl"
compile "org.apache.logging.log4j:log4j-web:${project.'log4j2.version’}"

3. Exclude the old dependencies from war-overlay
This is an important step.
As you get the dependencies from the original, overlayed war file, you must 
exclude them in the war task, so only your versions are taken.

war {
 ...
  // exclusion list of all dependencies contained in the original cas-WAR for 
which we use newer versions.
  // You must exclude all of them, otherwise we get duplicate dependencies in 
our cas.war !
  // log4j2 insecure version remove. See above.
  exclude "WEB-INF/lib/log4j-*-2.12.1.jar"
  exclude "WEB-INF/lib/jul-to-slf4j-1.7.32.jar"
  exclude "WEB-INF/lib/slf4j-api-1.7.32.jar"
}

Hope that helps.



> Am 14.12.2021 um 17:25 schrieb Jeffrey Ramsay :
> 
> Same experience.
> 
> On Tue, Dec 14, 2021 at 11:02 AM apereo_cas_user  > wrote:
> We use cas 6.1.7  overlay template [still in pre-prod] for delegated 
> authentication.
> As a temp solution we replaced log4j  2.12.1 with 2.15.0 manually and bounced 
> tomcat.
> Is there a way we can exclude 2.12.1 from the build . [I can pull in 2.15.0 
> by adding in build.gradle but conflict with 2.12.1].  We have issues when 
> upgrading to 6.3.7.2 
> 
> Thanks
> 
> 
> -- 
> - Website: https://apereo.github.io/cas 
> - Gitter Chatroom: https://gitter.im/apereo/cas 
> - List Guidelines: https://goo.gl/1VRrw7 
> - Contributions: https://goo.gl/mh7qDG 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/affbd618-e1e6-427f-b333-e00ca54bf1aen%40apereo.org
>  
> .
> 
> -- 
> - Website: https://apereo.github.io/cas 
> - Gitter Chatroom: https://gitter.im/apereo/cas 
> - List Guidelines: https://goo.gl/1VRrw7 
> - Contributions: https://goo.gl/mh7qDG 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOQ-AecysHAxD0FHEdBnTTHD3wNTa_d1xXcVVRmuC16A5g%40mail.gmail.com
>  
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/A6D22B3F-1993-4D04-A604-59DE522768B6%40gmail.com.

[cas-user] Re: CAS 6.4.0-RC5 (and earlier) Forgot Username failure

2021-12-14 Thread Sem van den Broek 
Hi all,

I was struggling with this feature as well in CAS 6.4.3 and I sometimes got 
it working and sometimes not. It seemed to be related to the user 
previously having been logged in before attempting a username request. That 
seemed to make a difference but I want it to work all the time even when 
users have not yet logged in. It seems like the login caches some of the 
principal attributes so that the lookup succeeds, but I am unaware of the 
actual internals that manage this. The password reset has the same 
problems, and it also only seems to work after a user has been logged in.

Might this have something to do with manually defining a principal 
resolver? How would we solve this (with LDAP in my case)?

Thanks!

Sem

On Monday, November 29, 2021 at 3:16:23 PM UTC+1 joseph...@gmail.com wrote:

> Hi Chris,
>
> I'm trying to configure the Forgot username feature in CAS 6.4.3 and I 
> have the same behaviour, the email contains the email address instead of 
> the username... Did you find a solution for this problem?
>
> Thank you!
>
> Joseph
>
> Le mercredi 30 juin 2021 à 16 h 47 min 23 s UTC-4, Chris Durham a écrit :
>
>> Just wondering if anyone else has any issues in getting the username to 
>> appear in the email template for Forgot Username in CAS 6.4.0 RC5
>>
>> On Saturday, 19 June 2021 at 23:49:02 UTC-5 Chris Durham wrote:
>>
>>> We are trying to use the new Password Management functionality in 6.4.0 
>>> (with JDBC) and facing a few issues.
>>>
>>> When we submit the email for the user we get the following lines in the 
>>> logs
>>>
>>> WARN 
>>> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver]
>>>  
>>> - >> principal>
>>>
>>> We have the following settings in our properties files
>>>
>>> cas.authn.pm.jdbc.sql-find-email=SELECT email FROM user WHERE username = 
>>> ?
>>>
>>> cas.authn.pm.jdbc.sql-find-phone=SELECT phone FROM user WHERE username = 
>>> ?
>>>
>>> cas.authn.pm.jdbc.sql-find-user=SELECT username FROM user WHERE email = 
>>> ? limit 1
>>>
>>> In our resultant email the only attribute that is added is "email" which 
>>> is the one thing that the user already knows :). We don't get a principal 
>>> or a username.
>>>
>>> Trying to read my way through the code 
>>> in SendForgotUsernameInstructionsAction
>>>
>>> locateUserAndProcess gets the username from 
>>> PasswordManagementService.findUsername(query)
>>>
>>> but sendForgotUsernameEmailToAccount builds the credentials with 
>>> query.getUsername() - but surely username isn't in Query - otherwise 
>>> locateUserAndProcess could have done the same thing?
>>>
>>> I can see this changed in the 'refactor apis for pswd mgmt' in Feb 2021 
>>> - but can't see how username is supposed to get into query...
>>>
>>> One thing that is additionally slightly annoying here is that in our 
>>> case multiple usernames could be associated with a single email address and 
>>> it would be nice to tell the user all of them.
>>>
>>> Also for us it would be great if we could get information about the 
>>> requesting service in the email to tailor the email even further.
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2d8a2546-31c6-4606-a1a5-c8acebb92fd9n%40apereo.org.

[cas-user] Re: [cas-dev] CAS registry migration

2021-12-14 Thread David Gelhar 

Ok, I just read the error message more carefully...

Cannot deserialize value of type 
`org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties$MergingStrategyTypes`
 
from String "replace": not one of the values accepted for Enum class: 
[NONE, ADD, MULTIVALUED, REPLACE]


With 6.4, CAS seems to have become more picky about requiring the 
"MergingStrategy" values to be in uppercase. We ran into the same problem; 
solution was to change  "mergingPolicy": "replace" to "mergingPolicy": 
"REPLACE" everywhere.
On Tuesday, December 14, 2021 at 9:05:51 AM UTC-5 David Gelhar wrote:

> That message might mean that you're missing the OIDC dependency in your 
> build.gradle
>
> Make sure you have something like
>
> implementation 
> "org.apereo.cas:cas-server-support-oidc:${project.'cas.version'}"
>
>
> On Dec 14, 2021, at 8:28 AM, Jeffrey Ramsay  wrote:
>
> Hello -
>
> What is the process for migrating the service registry from CAS 6.2 to 
> 6.4? I have used the service endpoints to export the 6.2 registry and then 
> tried to import into the new 6.4 system registry and that fails. Placing 
> the exported json files in the services area fails as shown below -- and 
> this is not the only error; removing the failed section leads to another 
> very similar message.
>
> 2021-12-14 07:38:12,198 ERROR 
> [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - 
>  [{"@class":"org.apereo.cas.services.OidcRegisteredService","serviceId":"
> https://bedu:6129/bprep/apex...] to deserialize into type [interface 
> org.apereo.cas.services.RegisteredService]. This may be caused in the 
> absence of a configuration/support module that knows how to interpret the 
> fragment, specially if the fragment describes a CAS registered service 
> definition. Internal parsing error is [Cannot deserialize value of type 
> `org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties$MergingStrategyTypes`
>  
> from String "replace": not one of the values accepted for Enum class: 
> [NONE, ADD, MULTIVALUED, REPLACE]
>  at [Source: 
> (String)"{"@class":"org.apereo.cas.services.OidcRegisteredService","serviceId":"
> https://b.edu:6129/bprep/apex_authentication.callback","name":"Butternut 
> - OAuth Client","id":24,"description":"Butternut - OAuth 
> Client","expirationPolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy","deleteWhenExpired":false,"notifyWhenDeleted":false,"notifyWhenExpired":false},"acceptableUsagePolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceAcceptableU"[truncated
>  
> 4324 chars]; line: 1, column: 2036] (through reference chain: 
> org.apereo.cas.services.OidcRegisteredService["attributeReleasePolicy"]->org.apereo.cas.services.ChainingAttributeReleasePolicy["mergingPolicy"])]>
>
> You can point the 6.4 system to the 6.2 database; however, the registry 
> data are in two different tables, so what are we supposed to do?
>
> The 6.2 system uses the MySQL table regex_registered_service and 6.4 
> uses registered_services. I have hundreds of services to manually re add 
> unless I want to strp all but the first six lines from every json file and 
> then modify each using the management service.
>
> https://fawnoos.com/2020/08/15/cas63x-import-export-services/
>
> -Jeff
>
>
>  
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Developer" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-dev+u...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CA%2BTBYOQ0PsvRbcY1Wdv2JPiiJ3dBno7JTbm7%3D%2Bj%3DWXJid6ZjpQ%40mail.gmail.com
>  
> 
> .
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a7e962fd-e769-4352-beff-8b1c5ed13c56n%40apereo.org.

Re: [cas-user] Re: log4j vulnerability remediation

2021-12-14 Thread Jeffrey Ramsay 
Robert and Joe,

Your examples were really helpful. I was able to combine the steps and
patch our systems.

Thanks,
-Jeff

On Tue, Dec 14, 2021 at 1:58 PM Pablo Vidaurri  wrote:

> Note v2.16.0 is now out  a patch for the patch
>
> On Tuesday, December 14, 2021 at 10:02:48 AM UTC-6 apereo_cas_user wrote:
>
>> We use cas 6.1.7  overlay template [still in pre-prod] for delegated
>> authentication.
>> As a temp solution we replaced log4j  2.12.1 with 2.15.0 manually and
>> bounced tomcat.
>> Is there a way we can exclude 2.12.1 from the build . [I can pull in
>> 2.15.0 by adding in build.gradle but conflict with 2.12.1].  We have issues
>> when upgrading to 6.3.7.2
>>
>> Thanks
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/379632b4-2e9b-40b1-824d-1eebbdee4f83n%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOTzLyDsd-6wUFAJVjOYJkh5Jod95QTAkDH1zi5G8rY7AA%40mail.gmail.com.

[cas-user] Re: [cas-dev] CAS registry migration

2021-12-14 Thread Jeffrey Ramsay 
David,

Thanks for your suggestion, I will give it a try.

Thanks again,
-Jeff

On Tue, Dec 14, 2021 at 10:15 PM David Gelhar 
wrote:

>
> Ok, I just read the error message more carefully...
>
> Cannot deserialize value of type
> `org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties$MergingStrategyTypes`
> from String "replace": not one of the values accepted for Enum class:
> [NONE, ADD, MULTIVALUED, REPLACE]
>
>
> With 6.4, CAS seems to have become more picky about requiring the
> "MergingStrategy" values to be in uppercase. We ran into the same problem;
> solution was to change  "mergingPolicy": "replace" to "mergingPolicy":
> "REPLACE" everywhere.
> On Tuesday, December 14, 2021 at 9:05:51 AM UTC-5 David Gelhar wrote:
>
>> That message might mean that you're missing the OIDC dependency in your
>> build.gradle
>>
>> Make sure you have something like
>>
>> implementation 
>> "org.apereo.cas:cas-server-support-oidc:${project.'cas.version'}"
>>
>>
>> On Dec 14, 2021, at 8:28 AM, Jeffrey Ramsay  wrote:
>>
>> Hello -
>>
>> What is the process for migrating the service registry from CAS 6.2 to
>> 6.4? I have used the service endpoints to export the 6.2 registry and then
>> tried to import into the new 6.4 system registry and that fails. Placing
>> the exported json files in the services area fails as shown below -- and
>> this is not the only error; removing the failed section leads to another
>> very similar message.
>>
>> 2021-12-14 07:38:12,198 ERROR
>> [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] -
>> > [{"@class":"org.apereo.cas.services.OidcRegisteredService","serviceId":"
>> https://bedu:6129/bprep/apex...] to deserialize into type [interface
>> org.apereo.cas.services.RegisteredService]. This may be caused in the
>> absence of a configuration/support module that knows how to interpret the
>> fragment, specially if the fragment describes a CAS registered service
>> definition. Internal parsing error is [Cannot deserialize value of type
>> `org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties$MergingStrategyTypes`
>> from String "replace": not one of the values accepted for Enum class:
>> [NONE, ADD, MULTIVALUED, REPLACE]
>>  at [Source:
>> (String)"{"@class":"org.apereo.cas.services.OidcRegisteredService","serviceId":"
>> https://b.edu:6129/bprep/apex_authentication.callback","name":"Butternut
>> - OAuth Client","id":24,"description":"Butternut - OAuth
>> Client","expirationPolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy","deleteWhenExpired":false,"notifyWhenDeleted":false,"notifyWhenExpired":false},"acceptableUsagePolicy":{"@class":"org.apereo.cas.services.DefaultRegisteredServiceAcceptableU"[truncated
>> 4324 chars]; line: 1, column: 2036] (through reference chain:
>> org.apereo.cas.services.OidcRegisteredService["attributeReleasePolicy"]->org.apereo.cas.services.ChainingAttributeReleasePolicy["mergingPolicy"])]>
>>
>> You can point the 6.4 system to the 6.2 database; however, the registry
>> data are in two different tables, so what are we supposed to do?
>>
>> The 6.2 system uses the MySQL table regex_registered_service and 6.4
>> uses registered_services. I have hundreds of services to manually re add
>> unless I want to strp all but the first six lines from every json file and
>> then modify each using the management service.
>>
>> https://fawnoos.com/2020/08/15/cas63x-import-export-services/
>>
>> -Jeff
>>
>>
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "CAS Developer" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-dev+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CA%2BTBYOQ0PsvRbcY1Wdv2JPiiJ3dBno7JTbm7%3D%2Bj%3DWXJid6ZjpQ%40mail.gmail.com
>> 
>> .
>>
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOTBnQcwLQrhTTpMn4Zc-gMVoWK1Ze427tZjH2446LfQFA%40mail.gmail.com.

Re: [cas-user] proper way to upgrade CAS using cas-overlay-template

2021-12-14 Thread Pablo Vidaurri 
Looks like we should be using log4j v 2.16.0 as 2.15.0 will not be good 
enough.

https://logging.apache.org/log4j/2.x/security.html

On Monday, December 13, 2021 at 10:07:32 PM UTC-6 Misagh Moayyed wrote:

> Yes you can. 
>
> -- Misagh
>
> On Tue, Dec 14, 2021, 12:35 AM Pablo Vidaurri  wrote:
>
>> We currently have 6.3.7 deployed. I see cas project v6.3.7.2 has the fix 
>> for the log4j vulnerability (using log4j-core v2.15.0). So what is the 
>> proper way to upgrade CAS template? Looking at the cas project i see 
>> gradle.properties 
>>  has  
>> log4jVersion set to 2.15.0 . But looking at the cas-overlay project, 
>> gradle.properties 
>>  
>> still has  cas.version=6.3.7.
>>
>> Can I just update the cas-template project to use cas.version to 6.3.7.2?
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2bacb815-d2b4-4cdc-bc84-f80b5a420f77n%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c43bfa3a-b749-4478-ae9b-f30e60afa7a0n%40apereo.org.