[cas-user] service multifactorPolicy failureMode

2018-04-20 Thread Rob Spellman
We are evaluating using MFA on campus, and I've setup CAS to authenticate with duo. I'm able to login via CAS, and then successfully navigate the duo page and get logged into my service. Now I'd like to test what happens if we can't communicate with duo. In my service definition,

[cas-user] CAS 4.1.X Client IP restrictions

2018-04-20 Thread Ted Fisher
Has anyone enabled restrictions on Client IP by service? I think I should be able to at the service level use requiredAttributes to evaluate the Client IP is within a defined value, but I can’t find anything on how to access Client IP as an attribute. Any help? Thanks. Ted Fisher Bowling

Re: [cas-user] Re: CAS 5.2.x as IDP using SAML 2.0

2018-04-20 Thread David Curry
Did you create an entry in your service registry to allow the service? It should look something like this: { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "IAMShowcase", "name" : "Test SP", "id" : 123456789, "description" : "IAMShowcase test SP",

Re: [cas-user] Re: CAS 5.2.x as IDP using SAML 2.0

2018-04-20 Thread Matthew Uribe
It looks like you need to create a service for the application. I don't think the wild card service applies to SAML applications, so you need a service specifically for this new application. On Fri, Apr 20, 2018, 12:26 AM Jay wrote: > Thank you Dave. > > I

Re: [cas-user] buji-pac4j-demo-master, CAS delegation through pac4j-webflow and 1 OIDC provider

2018-04-20 Thread Jérôme LELEU
Hi, I'm resuming on your latest message. Yes, you do need a callback URL for your application. This is the doc you are looking for: https://apereo.github.io/cas/5.2.x/installation/Service-Management.html Every time you want an application to log in to the CAS server, the CAS server must know

[cas-user] CAS Logging {really log4j2 questions}

2018-04-20 Thread Duncan Brannen
Morning All,     First, thanks to Dave from the New School for producing the deployment guide it was a great help for us migrating from CAS 3 -> CAS 5 which we’ve recently done. I’ve a couple of issues with logging I wouldn’t mind throwing out here. 1/. I set a

Re: [cas-user] Re: CAS 5.2.x as IDP using SAML 2.0

2018-04-20 Thread Jay
Thank you Dave. I guess it worked out for me, it was able to hit the IDP successfully and I think I am missing something in the CAS-Overlay. Can you help me here. Below is the error message I see when I hit the url that was generated in sptest.iamshowcase.com/instructions after uploading the