[cas-user] Cas Oauth client with mfa

2018-04-25 Thread Sean Ieong
It is possible to trigger mfa after auth as an oauth client? I have try to custom mfa trigger, but it not run after authentication by oauth client. Any one can help? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines:

Re: [cas-user] [SSO] Is it possible to make a service completely separated from other SSO services without require login every time (i.e. renew=true)

2018-04-25 Thread Andy Ng
Hi Ray, Thank you for your response! In the document [ https://apereo.github.io/cas/5.2.x/installation/Configuring-Service-Access-Strategy.html

Re: [cas-user] CAS5 - High thread counts

2018-04-25 Thread Man H
see https://groups.google.com/a/apereo.org/d/msgid/cas-user/63fc6bc3-31f9-46a6-8d14-a8f14d3a329c%40apereo.org?utm_medium=email_source=footer 2018-04-25 16:11 GMT-03:00 Oscar Ruiz : > Hi Ray, > > Thank you for your suggestion. We disabled EhCache in the dev environment > and saw

Re: [cas-user] CAS5 - High thread counts

2018-04-25 Thread Oscar Ruiz
Hi Ray, Thank you for your suggestion. We disabled EhCache in the dev environment and saw no improvement. We did notice that a new thread is spawned every time a login session is generated and the number of sleeping threads increases. Next step, we're going to deploy default CAS and see if we

Re: [cas-user] CAS5 - High thread counts

2018-04-25 Thread Ray Bon
Oscar, We had similar difficulties with EhCache. EhCache expiration is actually the frequency with which the cache is reviewed. The entire cache is processed (which can be large on a busy site). With a distributed cache, the one currently processing is sending updates to its peers. This gets

Re: [cas-user] [SSO] Is it possible to make a service completely separated from other SSO services without require login every time (i.e. renew=true)

2018-04-25 Thread Ray Bon
Andy, Looks like you have already seen https://apereo.github.io/cas/5.2.x/installation/Configuring-SSO-Session-Cookie.html. There is also ssoEnabled, https://apereo.github.io/cas/5.2.x/installation/Configuring-Service-Access-Strategy.html.. Ray On Wed, 2018-04-25 at 02:20 -0700, Andy Ng

[cas-user] CAS5 - High thread counts

2018-04-25 Thread Oscar Ruiz
Hi, We noticed that our CAS5 installation is running out of memory because of a high number of threads that are running on our server, this results in it unable to process new request. Has anyone experienced this before? Here's our setup CAS5 - 5.1.6 Tomcat - 8.5.16 (We're currently trying

[cas-user] Re: CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

2018-04-25 Thread Viacheslav Babanin
Thanks everybody for replies. I have solved my problem. I looked into tcpdump on CAS server to see what happens when I issue a logout, and I've seen that it sends logout request to some strange ip address on 443 port, which was blocked on this address. Upon furter envestigation i figured out

[cas-user] [SSO] Is it possible to make a service completely separated from other SSO services without require login every time (i.e. renew=true)

2018-04-25 Thread Andy Ng
Hi all, So I have done some research on this group and still doesn't find other with my use case, so I am asking for your help. Assume we have services A, B, C and D: B, C, D are normal SSO services, each one of them authenticate success, all BCD will login success. As for A, I want that

[cas-user] Re: "FileNotFoundException" while Verifying Ticket. I don't get it!

2018-04-25 Thread Gena Batalski
Hello, if i remember me correctly, this was an problem with mime type. you need to override CASFilter.getTicketValidator() and add following extended url connection factory // we need own connection factory enriching the connection by Accept: application/xml header HttpURLConnectionFactory

Re: [cas-user] CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

2018-04-25 Thread Viacheslav Babanin
I have checked apache access.log on web server where client is placed and there is no POST requests on logout. 0 messages or requests completely. Thats while logging out with my cas 5.2.3 I have checked same log when i issue logout from cas 4.1.9 where SLO works on same client, and I can see

Re: [cas-user] CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

2018-04-25 Thread Viacheslav Babanin
This shouldn't matter since cas 4.1.9 sends same request and SAME client, placed in same directory on the same server handles it correctly. >From phpCAS.log SAML REQUEST: @NOT_USED@ST-149-YAFlxnMQjDojiStFG4eN-cas.uek.krakow.pl [Client.php:1752] вторник, 24 апреля 2018 г., 19:09:17 UTC+2

Re: [cas-user] CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

2018-04-25 Thread Viacheslav Babanin
Yes, and it releases attributes via saml with no issues. Only SLO doesn't work. вторник, 24 апреля 2018 г., 15:16:32 UTC+2 пользователь Manfredo Hopp написал: > > Do you have saml support dependency > > El martes, 24 de abril de 2018, Viacheslav Babanin > escribió: >

[cas-user] <>Re: CAS5.2.x Service registry json Error

2018-04-25 Thread Jay
<<>> But posting the fix I figured out, which might be helpful to someone. JSON formatting was not proper. It should have been [ { }, { } ] Thanks, Jay On Tuesday, April 24, 2018 at 11:21:25 PM UTC-5, Jay wrote: > > Hi All, > > I need a quick