[cas-user] CAS 5.2.2 logs showing authentication failure and sucess

I am trying to add my own custom authentication handler that accesses the database and I have this in my main configuration class: @Bean public DatabaseAuthenticationProvider getAuthenticationProvider() { return new

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

open browser developper tool to see if itheme gets loaded El miércoles, 28 de febrero de 2018, Man H escribió: > Cant you just build a simple webapp with index.html > > El miércoles, 28 de febrero de 2018, Andy Ng escribió: > >> Thanks Manfedo, >> >>

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

Cant you just build a simple webapp with index.html El miércoles, 28 de febrero de 2018, Andy Ng escribió: > Thanks Manfedo, > > Do you mean that I should: > - Redirect user to login using Non Oauth Service first (with theme) > - Then redirect user to login using Oauth

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

Thanks Manfedo, Do you mean that I should: - Redirect user to login using Non Oauth Service first (with theme) - Then redirect user to login using Oauth Service for actual Oauth login Am I correct? I would prefer not to do the above, since that mean the service provider need to change their

Re: [cas-user] cas 5.1.x setting cas:user value

See https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-PrincipalId.html El martes, 27 de febrero de 2018, Toby Archer escribió: > I had previously asked a near identical question here: >

[cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

Hi all, I am using CAS 5.2.x, and using OAuth for one service provider. The provider now would like to have a custom theme. I thought I can just do this: { "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService", "clientId": "OAuthApp", "clientSecret": "xx",

[cas-user] Verifying data in Hazelcast

I'm using CAS 4.2 with Hazelcast, but I'm unable to verify that CAS is writting to Hazelcast. Can you point me to how I would determine the data that CAS is writing to the cache? Here is the hazelcast part of my properties file: hz.mapname=tickets hz.cluster.logging.type=slf4j

[cas-user] Re: CAS 5.2 LDAP Quert and Output

You can restrict the users able to authenticate with CAS if you have to, I'm just saying that it may not be only way. Your reality is different than mine. As for the attributes: they are passed to the application, or in CAS terminology, the service. principalAttributeList contains the

Re: [cas-user] Re: CAS 5.2 LDAP Quert and Output

They will be with the authenticated user in the client application. Accessed something like principal.getAttributes. Ray On Tue, 2018-02-27 at 13:11 -0800, Kevin Liu wrote: And somewhat stemming from the other conversation, what get's passed is via the principalAttributeList? Where does the

Re: [cas-user] Can't find AbstractUsernamePasswordAuthenticationHandler

add org.apereo.cas cas-server-core-authentication 2018-02-27 16:59 GMT-03:00 Michael MacEachran : > I am trying to write my own AuthenticationHandler. I have this dependency > in my POM: > > > org.apereo.cas >

Re: [cas-user] Re: CAS 5.2 LDAP Quert and Output

Kevin, We have multiple ldap definitions, varying only on OU. The userFilter is also set to search everything below the OU. CAS will search each one in sequence until it finds a match. cas.authn.ldap[0].ldapUrl=ldaps://ldapdev.uvic.ca:636 cas.authn.ldap[0].connectTimeout=3000

[cas-user] Re: CAS 5.2 LDAP Quert and Output

And somewhat stemming from the other conversation, what get's passed is via the principalAttributeList? Where does the attributes get passed to? On Tuesday, February 27, 2018 at 3:10:38 PM UTC-6, Kevin Liu wrote: > > I see, so in other words, I should not have CAS search through LDAP > looking

[cas-user] Re: CAS 5.2 LDAP Quert and Output

I see, so in other words, I should not have CAS search through LDAP looking for a user and checking to see if they're a member of a group. Rather, that should get passed to application using cas. Thanks! On Tuesday, February 27, 2018 at 3:04:17 PM UTC-6, Marc Dufour wrote: > > Atlassian has a

[cas-user] Re: CAS 5.2 LDAP Quert and Output

Atlassian has a nice paper on how to write LDAP filters: https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html and should help you if you want to restrict the users able to authenticate with CAS. The way I see this, CAS should authenticate the user (wide open to

[cas-user] cas 5.1.x setting cas:user value

I had previously asked a near identical question here: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/3xOdHIgj9x8 That ended with an unknown and I left it with the belief that if it is possible to do what I want in CAS 3.5.2, it would probably be more trouble than it's worth

Re: [cas-user] Stumped on attribute release in CAS 5.1

Thanks everyone for the help. I've got attributes showing up now. It seems that it was entirely the protocol issue. It took me a little but I managed to delve into the library I was using and figure out how to get CAS 3.0 working on it. Thanks for the tip Mike. I will keep that in mind for

Re: [cas-user] Re: CAS5.2 Connect to LDAP

sn is an attribute in the AD schema used to store the last name of the user. I did a quick search in Google and found this info that could help you: http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm -- - Website: https://apereo.github.io/cas - Gitter Chatroom:

[cas-user] Re: CAS 5.2 LDAP Quert and Output

Kevin, Have you tried to add more logs? I added this in my log config file to help debug my LDAP problems: As for the OU membership, maybe you could add that to the user filter. Le mardi 27 février 2018 11:11:12 UTC-5, Kevin Liu a écrit : > > Hello All, > > Is there a way to see

[cas-user] Can't find AbstractUsernamePasswordAuthenticationHandler

I am trying to write my own AuthenticationHandler. I have this dependency in my POM: org.apereo.cas cas-server-support-jdbc ${cas.version} But I am getting an error when building. I get a cannot find symbol for symbol: class

[cas-user] only delegated (pac4j SAML) authentication and no button click

Hello, I am running CAS 5.2.2. I have successfully configured CAS to use pac4j for delegated authentication. Specifically CAS/pac4j is configured as a SAML SP. When I browse to a CAS client I am redirected to the CAS server login page. I can then click a button to kick off the SAML flow and

Re: [cas-user] Re: CAS5.2 Connect to LDAP

Gotcha! Still a little confused about the principal attributes. Could you give a brief summary of how it works? What is a sn? And how the parsing works? Thanks Sent from my iPhone > On Feb 27, 2018, at 11:57 AM, Marc Dufour wrote: > > I only need these attributes, so I

Re: [cas-user] Re: CAS5.2 Connect to LDAP

I only need these attributes, so I limit the size of what it returned. As for the bindDN, it is a regular Domain user, not an admin. It should only need read access to Active Directory. Le mardi 27 février 2018 10:52:52 UTC-5, Kevin Liu a écrit : > > Marc, what is the sn,givenName,memberOf,cn?

[cas-user] CAS 5.2 Password Variable

Does anyone know how to reference the login page password in cas.properties? I know for username, you use %s but what about the password? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions:

Re: [cas-user] What configuration for ticket 5.2 ?

Romain, I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge. If you want your session to end when browser is closed, leave out cas.tgc.rememberMeMaxAge. Ray On Tue, 2018-02-27 at 00:09 -0800, vallee.romain wrote: Hello, i try to setup jasig TGC for this use case : When i check

[cas-user] CAS 5.2 LDAP Quert and Output

Hello All, Is there a way to see the response that CAS gets back from LDAP? Also is there a tutorial anywhere for specific LDAP queries from CAS? For example, if I need to check to see if a member is part of a specific OU? Thanks, Kevin -- - Website: https://apereo.github.io/cas - Gitter

Re: [cas-user] /cas/status/dashboard

I don't believe so. You certainly don't have to do anything special to include it. -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue,

RE: [cas-user] /cas/status/dashboard

David, Do I need pacj4 for the service registry? === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David

Re: [cas-user] Re: CAS5.2 Connect to LDAP

Marc, what is the sn,givenName,memberOf,cn? Rather what is the principalAttributeList? For your bindDN and bindCredentials, are you using an authenticating admin account or the user who's trying to get in? On Tuesday, February 27, 2018 at 7:54:08 AM UTC-6, Marc Dufour wrote: > > > Kevin, here

Re: [cas-user] What configuration for ticket 5.2 ?

As for tgc properties leave them unchanged. Pd: closing browser does not end cas session. El martes, 27 de febrero de 2018, Man H escribió: > Put only those properties. > To end your cas session you have to logout redirect to login page from > your application

Re: [cas-user] /cas/status/dashboard

followed your instructions but i get this error. Error: cannot validate CAS ticket: ST-1-1PZyX9vP72grJtHEexSdwjVUEMo-CNFCC-CAS-Server On Monday, February 26, 2018 at 9:29:05 PM UTC+2, David Curry wrote: > > I think we've been through most of these at one time or another, but to > assemble

Re: [cas-user] What configuration for ticket 5.2 ?

Put only those properties. To end your cas session you have to logout redirect to login page from your application otherwise you will get that behaviour. El martes, 27 de febrero de 2018, vallee.romain escribió: > Thank you for your answer . > > Now i got this > >

Re: [cas-user] /cas/status/dashboard

I would check to make sure you have an absolute path for your service directory. Also, can confirm that : or = does not matter. Works for me either ways. On Tuesday, February 27, 2018 at 8:51:11 AM UTC-6, David Curry wrote: > > Well, without digging into the code to see exactly who's logging

Re: [cas-user] What configuration for ticket 5.2 ?

Thank you for your answer . Now i got this cas.tgc.maxAge=-1 # cas.tgc.domain= cas.tgc.name=TGC #cas.tgc.secure=false #cas.tgc.rememberMeMaxAge=135 cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4

Re: [cas-user] What configuration for ticket 5.2 ?

Thank you for your answer . Now i got this cas.tgc.maxAge=-1 # cas.tgc.domain= cas.tgc.name=TGC #cas.tgc.secure=false #cas.tgc.rememberMeMaxAge=135 cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4

RE: [cas-user] /cas/status/dashboard

David, Is this what you are looking for? This is with the cas.properties entry of – “cas.serviceRegistry.json.location=file:/etc/cas/services” If I change json back to config, I can log into the management portal but still do not see the services I put in there. [root@devcas5 logs]#

RE: [cas-user] Dashboard

Ok , I guess I got mixed up with the $(cas.server) variable stuff in cas.properties. So I set everything to the fqdn. Now I get this url https://devcas5.philasd.org/cas/status/dashboard?ticket=ST-3-hQduCqZgLwM3Scuh8r4Ry-5ctNo-devcas5 Now I get access denied .. Here is

RE: [cas-user] Dashboard

David, To answer the URL question. It was coming from a variable setting in management.properties. I took out all the variables for FQDN. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell #

Re: [cas-user] /cas/status/dashboard

If you use "config" then the property is being ignored because it doesn't do anything, and you are likely getting the wildcard service registry entry in the classpath. If you use "json" then you are most likely correctly getting your /etc/cas/services directory, and assuming you didn't copy the

Re: [cas-user] Re: CAS5.2 Connect to LDAP

Kevin, here are the properties that are working for me. cas.authn.ldap[0].order=0 cas.authn.ldap[0].name=AD cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldaps://servername:3269 cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].connectTimeout=5000

Re: [cas-user] /cas/status/dashboard

That might be a clue to a formatting problem, then. Like maybe an extra colon or a missing colon? Or something else mis-formatted? Because colons should work just fine. -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY

RE: [cas-user] /cas/status/dashboard

Guys, When I changed config to json , I get Application Not Authorized to use CAS. I am not sure if that s good thing or not. If I change json back to config, the portal will open. === Thank You; Chris Cheltenham Technology Services The School District of

RE: [cas-user] /cas/status/dashboard

David, Re: cas.properties I tried using the colon on every single line and I got all kinds of errors. Mainly ssl errors .. When I put the equals back in , it worked. I am NOT saying you’re wrong nanny nanny poo poo … I just saw a bunch of things break without the equals.

Re: [cas-user] /cas/status/dashboard

You can use colons or equals signs, it doesn't matter. And whitespace between the property name and the property value is ignored (but whitespace at the end of the line is not). https://docs.oracle.com/cd/E23095_01/Platform.93/ATGProgGuide/html/s0204propertiesfileformat01.html Personally I like

RE: [cas-user] /cas/status/dashboard

Thanks guys, I have the json service resitry dependency in both cas and cas-management pom.xml. One thing that might be tripping me up here is when to use an “=” or is it a “:’ For example I have them mixed. i.e. cas.serviceRegistry.json.location:file:/etc/cas/services or is it

Re: [cas-user] pay forward?

I like it too, something like Keycloak's realm concept 2018-02-27 8:30 GMT-03:00 Jeffrey Ramsay : > I like the multitenancy idea as well. > > On Mon, Feb 26, 2018 at 11:05 PM, Man H wrote: > >> If nobody else considered your kind offer I suppose

Re: [cas-user] What configuration for ticket 5.2 ?

Try this cas.ticket.tgt.maxTimeToLiveInSeconds=25200 cas.ticket.tgt.rememberMe.enabled=true cas.ticket.tgt.rememberMe.timeToKillInSeconds=2592000 To test these set lower values. Also dont use secure=false El martes, 27 de febrero de 2018, vallee.romain escribió: >

Re: [cas-user] pay forward?

I like the multitenancy idea as well. On Mon, Feb 26, 2018 at 11:05 PM, Man H wrote: > If nobody else considered your kind offer I suppose cas multitenancy wins!! > > > El lunes, 26 de febrero de 2018, Cheltenham, Chris < > ccheltenham-...@philasd.org> escribió: > >>

[cas-user] What configuration for ticket 5.2 ?

Hello, i try to setup jasig TGC for this use case : When i check rememberMe : 1 months without need to enter login.password When i don't check rememberme : 7 hours unless i close the brother . If i close the brother, i would like to have login/password prompte at next login. I think