Re: [cas-user] Problmes with Oauth grant type Password - CAS 5.1.4

is debug enabled eg logging.level.org.apereo.cas=debug 2018-02-06 16:15 GMT-03:00 Leo Pintos : > Hi guys! > > I continue with the same error using the service registry Json. Follow I > Put de info; > > Service registry JSON > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", >

Re: [cas-user] ldap error cas 5.2

Do you have ldap support dependency? 2018-02-06 15:45 GMT-03:00 Cheltenham, Chris : > Hello, > > > > I am getting this error in my logs loggin in via LDAP. > > > > 2018-02-06 13:40:52,503 ERROR [org.apereo.cas.authentication. > PolicyBasedAuthenticationManager] - Credentials may be incorrect or

Re: [cas-user] Re: Invalid column name 'bypassApprovalPrompt' configuring MS SQL Service Registry with CAS-Management

Glad to hear that! 2018-02-06 17:47 GMT-03:00 Phellipe Kelbert : > Worked like a charm! > > Thank you very much! > > On Mon, Feb 5, 2018 at 7:12 PM, Man H wrote: > >> drop table and define it as cas-management is expecting >> >> 2018-02-05 18:07 GMT-03:00 Phellipe Kelbert : >> >>> Did you get an

Re: [cas-user] Re: Invalid column name 'bypassApprovalPrompt' configuring MS SQL Service Registry with CAS-Management

Worked like a charm! Thank you very much! On Mon, Feb 5, 2018 at 7:12 PM, Man H wrote: > drop table and define it as cas-management is expecting > > 2018-02-05 18:07 GMT-03:00 Phellipe Kelbert : > >> Did you get any solution on this issue? >> >> I'm on 5.1.8 and facing the same problem. >> >> E

Re: [cas-user] Problmes with Oauth grant type Password - CAS 5.1.4

Hi guys! I continue with the same error using the service registry Json. Follow I Put de info; Service registry JSON { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "URL_REDIRECTION", "name" : "app_prueba", "id" : 100, } Oauth JSON: { "@class" : "org.apere

Re: [cas-user] Multiple Duo Instances

Brian, if I have understood things correctly I think you're doing this the hard way: I suspect the sort of thing you're after can be handled with bypass options in CAS where you skip MFA if a particular attribute is found on the authenticated user (ldap group is blah). If a match is found, bypas

[cas-user] ldap error cas 5.2

Hello, I am getting this error in my logs loggin in via LDAP. 2018-02-06 13:40:52,503 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 2018-02-06 13:40:52,504 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://apereo.github.io/cas -

Re: [cas-user] Re: /status/dashboard - page not found

Glad to hear you got it working. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue, Feb 6, 2018 at 1:12 PM, Carlos Eduardo Santo

[cas-user] Re: /status/dashboard - page not found

Thank you gentlemen for all the help. Thank you David ! I was able to solve the certificate problem, I had problem with admusers.properties but I was able to resolve and access the dashboard. As a solution, I had to create a new certificate with the domain certificates we have, following the step

Re: [cas-user] Multiple Duo Instances

So in my opinion you have a globaltriggerpolicy mfa-duo and eg a groovy trigger for employees. https://apereo.github.io/cas/5.2.x/installation/Configuring-Multifactor-Authentication-Triggers.html 2018-02-06 12:18 GMT-03:00 brian mancuso : > I'm open to any solution that simplifies things and me

Re: [cas-user] Problmes with Oauth grant type Password - CAS 5.1.4

Re: [cas-user] Problmes with Oauth grant type Password - CAS 5.1.4

yes 2018-02-06 12:23 GMT-03:00 Leo Pintos : > Hi Manfredo, > > When I define Oauth service with (OAuthRegisteredService), Is not a > Service registration? > Should I register the same service generically and for Oauth separately or > can I do it in the same JSON? > > You suggest me define app_pr

Re: [cas-user] Multiple Duo Instances

This triggers (assuming you're on 5.2) are not useful? # Activate MFA globally based on authentication metadata attributes # cas.authn.mfa.globalAuthenticationAttributeNameTriggers=memberOf,eduPersonPrimaryAffiliation # cas.authn.mfa.globalAuthenticationAttributeValueRegex=faculty|staff# Activate

Re: [cas-user] Custom Authentication

Good to hear that you make it working! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Co

Re: [cas-user] Problmes with Oauth grant type Password - CAS 5.1.4

Hi Manfredo, When I define Oauth service with (OAuthRegisteredService), Is not a Service registration? Should I register the same service generically and for Oauth separately or can I do it in the same JSON? You suggest me define app_prueba like a generic service like the follow JSON: { /*

Re: [cas-user] Multiple Duo Instances

I'm open to any solution that simplifies things and meets the needs. When I'd read the documentation, it seemed custom triggers were the way to go here. To give a little more information, I have students and employees that both need to login via CAS to several systems. For some of those systems

Re: [cas-user] Problmes with Oauth grant type Password - CAS 5.1.4

You should define app_prueba as a service El martes, 6 de febrero de 2018, Leo Pintos escribió: > Hi Guys! > > I' ve working with curl command: > curl -X POST -k -i 'https://DOMAIN/cas/oauth2.0/accessToken?grant_type= > password&client_id=app_prueba&username=USER&password=PASS& > service=URLREDI

Re: [cas-user] Multiple Duo Instances

Couldn't this be achieved through custom authentication handler? El martes, 6 de febrero de 2018, brian mancuso escribió: > We would like to allow users in a specific ldap group the ability to > optionally bypass Duo for a given service if the user is not signed up for > a 2fa account. Essential

[cas-user] Multiple Duo Instances

We would like to allow users in a specific ldap group the ability to optionally bypass Duo for a given service if the user is not signed up for a 2fa account. Essentially there would be these two cases for a user: - 2fa always required - 2fa optionally required (but always required if the user

Re: [cas-user] Cas - Unauthorized

Yes. I am just using at my development server. When releasing to production I'll get a valid SSL Certificate. Thanks Ramakrishna G On Tue, Feb 6, 2018 at 6:36 PM, Man H wrote: > There is a potential security risk in doing this . > CA's needs SSL in order to function safely with SSO. > > > El ma

[cas-user] Problmes with Oauth grant type Password - CAS 5.1.4

Hi Guys! I' ve working with curl command: curl -X POST -k -i 'https://DOMAIN/cas/oauth2.0/accessToken?grant_type=password&client_id=app_prueba&username=USER&password=PASS&service=URLREDIRECTION' JSON: { "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService", "clientId":

Re: [cas-user] /status/dashboard - page not found

You need to get the certificate into whatever keystore Tomcat is using, and it MUST have the alias "tomcat" associated with it. The link I included before: https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Configuration should contain instructions for doing that. Keytool does understand .p

Re: [cas-user] Cas - Unauthorized

There is a potential security risk in doing this . CA's needs SSL in order to function safely with SSO. El martes, 6 de febrero de 2018, Ramakrishna G escribió: > Hi Mukunthini Jeyakumar, > > To resolve this error you need have a valid SSL certificate signed by CA. > If you don't have you can ju

Re: [cas-user] Custom Authentication

Glad to hear that! El martes, 6 de febrero de 2018, Ramakrishna G escribió: > Thankyou so much Man H. Your efforts are highly appreciated. Finally > after debugging found the issue and it started working. > > On Mon, Feb 5, 2018 at 8:40 PM, Man H wrote: > >> Your log is ok there is no error the

[cas-user] Sending data via header cookie to the clients from custom auth handler

Hello I am using CAS Version 5.2.1 with a Custom Authentication Handler. I need to set custom cookies after validating user in my Custom Authentication Handler. How can set cookies? @Override protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential tr

Re: [cas-user] CAS 5.2.x Password management

That is only achieved through extending CA's functionality which means development. This could be an enhancement for future versions if Cas people agree its worth. El martes, 6 de febrero de 2018, casuser escribió: > thanks for the answer but I am not sure how to do that? is there any > example

Re: [cas-user] /status/dashboard - page not found

Sirs, I was able to create a certificate by the windows server with a "real" certificate for the "scna-cas.pfx" served, I saw that I can only change the format for p12. Now can I give it the nickname of tomcat and add it to the keystore, so tomcat / cas can use it? Is this problem not linked to

Re: [cas-user] CAS 5.2.1 report failed authentications as AUTHENTICATION_SUCCESS

I couldn't see anything in the 5.2.2 release that updates the version of Inspektr to the next one. Presumably when your fix to Inspectr is released the inspektrVersion in CAS' gradle.properties will need updating. On 29 January 2018 at 15:40, Oscar del Pozo wrote: > I have tested right now the

Re: [cas-user] Custom Authentication

Thankyou so much Man H. Your efforts are highly appreciated. Finally after debugging found the issue and it started working. On Mon, Feb 5, 2018 at 8:40 PM, Man H wrote: > Your log is ok there is no error the stop message is a warning! > Now try to debug your handler > > > > El lunes, 5 de febre

[cas-user] Re: CAS 4.2.7 login throttling not working

I find a related issue here but it's too old! On Tuesday, February 6, 2018 at 11:31:14 AM UTC+3:30, Meysam Shirazi wrote: > > Hello, > > I'm trying to use throttling on CAS 4.2.7 but it seems that it's not > working! I'v done that on CAS 3.5.2 and it

[cas-user] CAS 4.2.7 login throttling not working

Hello, I'm trying to use throttling on CAS 4.2.7 but it seems that it's not working! I'v done that on CAS 3.5.2 and it worked fine! my configuration(based on CAS documentaion): depoyerConfigContext: cas.properties: cas.throttle.failure.threshold=3 cas.throttle.failure.range.seconds=10 I f