Ha.. thanks Andy :)
On Tue, May 15, 2018, 21:28 Andy Ng wrote:
> Hi Jen,
>
> One more thing to note, next time you might want to double check your
> debug log before posting.
>
> I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636",
> so I think you
Hi Jen,
One more thing to note, next time you might want to double check your debug
log before posting.
I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636",
so I think you recognized that uri to be confidential.
But I can clearly see the actual ldap server in your debug
The same way you do for CAS services, pretty much. Just list what you want
to return. If you need the uri naming, you can use the "return mapped
attributes" feature; there's an example of that in my doc. Although that
may or may not be necessary depending on the SP.
CAS 5.3 has some improved
How do I set up user attributes for SAML 2.0?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups
Hi David:
You Sir --- are a gentleman and a scholar.
Very much appreciated from both of us.
Working exactly as you have outlined.
Please accept out utmost gratitude.
On Tuesday, May 15, 2018 at 5:15:55 AM UTC-7, David Curry wrote:
>
> Lionel and Jann,
>
> Did you ever have the JSON service
Thanks again
what type of pizza do you eat?
On Tue, May 15, 2018 at 4:02 PM, David Curry
wrote:
> You need to set cas.adminPagesSecurity.ip to a regular expression that
> matches the IPs you want to let in.
>
> To allow all of 10.28.51 in, you'd have something like
You need to set cas.adminPagesSecurity.ip to a regular expression that
matches the IPs you want to let in.
To allow all of 10.28.51 in, you'd have something like this:
cas.adminPagesSecurity.ip: ^10\\.28\\.51\\.[0-9]{1,3}$
I have something like this:
cas.adminPagesSecurity.ip:
I want to be able to hit the admin page from any host...is there a way to
do that in the /etc/cas/config/cas.properties file? I tried leaving the
entry blank, but no luck
my subnet is 10.28.51 so I at least need that so all my sys admins can log
in.
thanks
Jen
--
- Website:
Hi Everyone
It was my malformed cas.properties entries for LDAP
Working now.
Thank you all for your help
Jen
On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>
> Looks like the CAS webapp isn't starting. catalina.out should tell you
> what happened?
>
> --
>
> DAVID A.
Ramakrishna,
If the TGT is destroyed, then that SSO session is also destroyed even if the
TGC is not (why TGC is not removed is odd).
If you are still logged in to the client application, your client may not be
part of single log out (SLO). It is up to the client to manage its own session.
When
ok...I will try that :)
I want to send you a pizza once I get this working LOL
On Tuesday, May 15, 2018 at 1:49:42 PM UTC-4, David Curry wrote:
>
> This is a guess, but your dnFormat doesn't look very AD-ish to me. I note
> that you have an "ou=Users" in the commented-out bindDn; shouldn't you
This is a guess, but your dnFormat doesn't look very AD-ish to me. I note
that you have an "ou=Users" in the commented-out bindDn; shouldn't you have
that in dnFormat as well?
If you can, bring up one of the AD tools (under Windows) and look yourself
up, and copy the DN string exactly.
--Dave
Thanks Dave...I had to format my ldap stuff in the cas.properties
differently
It now looks like this
cas.authn.ldap[0].order:0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].ldapUrl:
Neha,
I have not used the .NET client. There may be more configuration that can be
done.
One possibility is certificate validity. For .NET client to connect to CAS
during ticket validation, CAS needs to verify client certificate.
Are you using self signed certificates? If so, they need to be
Has anyone here had success in getting the InCommon Federation setup to use
the Shibboleth side of CAS 5.2.X? If so are you having to add each entity
individually, or were you able to use a single entry to get the entire
scope? We are looking at migrating our instance out of ADFS, and into
If you're using the JSON service registry, services are supposed to be
defined one service per file, with all the files stored in a directory. And
there is a naming convention for the files:
JSON fileName = serviceName + "-" + serviceNumericId + ".json"
See
Hi Everyone,
Could someone help me to get this ERROR fixed.
Below is the entry from my json file
Filename: serviceRegistry-1524464822.json
[
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps|http)://.*",
"name" : "HTTPS/IMAPS wildcard",
"id" :
Looks like the CAS webapp isn't starting. catalina.out should tell you what
happened?
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Tue,
I updated my pom.xml last week to install LDAP, but I didn't redeploy the
war file...so I did that today, but now I can't reach
https://cas3.xxx.xxx/cas/login
I can still see my self signed cert though, so I didn't wipe out my
server.xml file...
If i go to here
https://cas3.xxx.xxx:8443/ I
If you are still interested I've faced the same problem and managed to
solve it.
Here is the code responsible for registering OAuth service to CAS.
@PostConstruct
public void initializeServletApplicationContext() {
final String oAuthCallbackUrl = casProperties.getServer().getPrefix() +
I did a workaround by making a change to handledAuthenticationExceptions
and the @PostConstruct init() method.
//@Autowired
//@Qualifier("handledAuthenticationExceptions")
private Set handledAuthenticationExceptions;
@PostConstruct
public void init() {
If you're using ldap.type=AD, you should not be using a bind credential.
If you want to use a bind credential, you should use
ldap.type=AUTHENTICATED.
See
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1
for more info on ldap.type.
--Dave
Hello Everyone
I am trying to get CAS to work with AD. I am getting the following error
and authentication fails. I already have the OS bound to AD for OS login,
so I know there is not firewall issue or anything. I am wondering if I
have the right libraries and jar files? I did update my
Lionel and Jann,
Did you ever have the JSON service registry working? If not, I recommend
that you take all the JPA stuff out of pom.xml and cas.properties and get
that working correctly first, so that you're only trying to debug one thing
at a time. Once you have the JSON service registry
Does the tomcat service have proper read rights to the json files and/or the
/etc/cas/services/ directories?
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Jann
Malenkoff
Sent: May-14-18 9:39 PM
To: CAS Community
Subject: Re: [cas-user] Service
On Clicking logout which calls the cas/logout link :
WHO: casuser
WHAT:
TGT-1-*CPmWzMzi-I-client
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Tue May 15 15:45:17 IST 2018
CLIENT IP ADDRESS: 192.168.111.12
SERVER IP
26 matches
Mail list logo