Re: [cas-user] New Error -- I broke it LOL

Ha.. thanks Andy :) On Tue, May 15, 2018, 21:28 Andy Ng wrote: > Hi Jen, > > One more thing to note, next time you might want to double check your > debug log before posting. > > I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636", > so I think you

Re: [cas-user] New Error -- I broke it LOL

Hi Jen, One more thing to note, next time you might want to double check your debug log before posting. I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636", so I think you recognized that uri to be confidential. But I can clearly see the actual ldap server in your debug

Re: [cas-user] User Attributes for SAML 2.0

The same way you do for CAS services, pretty much. Just list what you want to return. If you need the uri naming, you can use the "return mapped attributes" feature; there's an example of that in my doc. Although that may or may not be necessary depending on the SP. CAS 5.3 has some improved

[cas-user] User Attributes for SAML 2.0

How do I set up user attributes for SAML 2.0? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups

Re: [cas-user] Service Registry -- Getting the 1st Application Entered

Hi David: You Sir --- are a gentleman and a scholar. Very much appreciated from both of us. Working exactly as you have outlined. Please accept out utmost gratitude. On Tuesday, May 15, 2018 at 5:15:55 AM UTC-7, David Curry wrote: > > Lionel and Jann, > > Did you ever have the JSON service

Re: [cas-user] cas admin pages from every IP?

Thanks again what type of pizza do you eat? On Tue, May 15, 2018 at 4:02 PM, David Curry wrote: > You need to set cas.adminPagesSecurity.ip to a regular expression that > matches the IPs you want to let in. > > To allow all of 10.28.51 in, you'd have something like

Re: [cas-user] cas admin pages from every IP?

You need to set cas.adminPagesSecurity.ip to a regular expression that matches the IPs you want to let in. To allow all of 10.28.51 in, you'd have something like this: cas.adminPagesSecurity.ip: ^10\\.28\\.51\\.[0-9]{1,3}$ I have something like this: cas.adminPagesSecurity.ip:

[cas-user] cas admin pages from every IP?

I want to be able to hit the admin page from any host...is there a way to do that in the /etc/cas/config/cas.properties file? I tried leaving the entry blank, but no luck my subnet is 10.28.51 so I at least need that so all my sys admins can log in. thanks Jen -- - Website:

Re: [cas-user] New Error -- I broke it LOL

Hi Everyone It was my malformed cas.properties entries for LDAP Working now. Thank you all for your help Jen On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote: > > Looks like the CAS webapp isn't starting. catalina.out should tell you > what happened? > > -- > > DAVID A.

Re: [cas-user] CAS Logout Issue

Ramakrishna, If the TGT is destroyed, then that SSO session is also destroyed even if the TGC is not (why TGC is not removed is odd). If you are still logged in to the client application, your client may not be part of single log out (SLO). It is up to the client to manage its own session. When

Re: [cas-user] New Error -- I broke it LOL

ok...I will try that :) I want to send you a pizza once I get this working LOL On Tuesday, May 15, 2018 at 1:49:42 PM UTC-4, David Curry wrote: > > This is a guess, but your dnFormat doesn't look very AD-ish to me. I note > that you have an "ou=Users" in the commented-out bindDn; shouldn't you

Re: [cas-user] New Error -- I broke it LOL

This is a guess, but your dnFormat doesn't look very AD-ish to me. I note that you have an "ou=Users" in the commented-out bindDn; shouldn't you have that in dnFormat as well? If you can, bring up one of the AD tools (under Windows) and look yourself up, and copy the DN string exactly. --Dave

Re: [cas-user] New Error -- I broke it LOL

Thanks Dave...I had to format my ldap stuff in the cas.properties differently It now looks like this cas.authn.ldap[0].order:0 cas.authn.ldap[0].name: Active Directory cas.authn.ldap[0].type: AD cas.authn.ldap[0].ldapUrl:

Re: [cas-user] Re: CAS not redirecting to service after successful authentication.

Neha, I have not used the .NET client. There may be more configuration that can be done. One possibility is certificate validity. For .NET client to connect to CAS during ticket validation, CAS needs to verify client certificate. Are you using self signed certificates? If so, they need to be

[cas-user] InCommon Federation

Has anyone here had success in getting the InCommon Federation setup to use the Shibboleth side of CAS 5.2.X? If so are you having to add each entity individually, or were you able to use a single entry to get the entire scope? We are looking at migrating our instance out of ADFS, and into

Re: [cas-user] Error - Service Registry json

If you're using the JSON service registry, services are supposed to be defined one service per file, with all the files stored in a directory. And there is a naming convention for the files: JSON fileName = serviceName + "-" + serviceNumericId + ".json" See

[cas-user] Error - Service Registry json

Hi Everyone, Could someone help me to get this ERROR fixed. Below is the entry from my json file Filename: serviceRegistry-1524464822.json [ { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^(https|imaps|http)://.*", "name" : "HTTPS/IMAPS wildcard", "id" :

Re: [cas-user] New Error -- I broke it LOL

Looks like the CAS webapp isn't starting. catalina.out should tell you what happened? -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue,

[cas-user] New Error -- I broke it LOL

I updated my pom.xml last week to install LDAP, but I didn't redeploy the war file...so I did that today, but now I can't reach https://cas3.xxx.xxx/cas/login I can still see my self signed cert though, so I didn't wipe out my server.xml file... If i go to here https://cas3.xxx.xxx:8443/ I

[cas-user] Re: Oauth2 duplicate service definition

If you are still interested I've faced the same problem and managed to solve it. Here is the code responsible for registering OAuth service to CAS. @PostConstruct public void initializeServletApplicationContext() { final String oAuthCallbackUrl = casProperties.getServer().getPrefix() +

[cas-user] Re: Surrogate module execution problem: @Autowired Set<Class>

I did a workaround by making a change to handledAuthenticationExceptions and the @PostConstruct init() method. //@Autowired //@Qualifier("handledAuthenticationExceptions") private Set handledAuthenticationExceptions; @PostConstruct public void init() {

Re: [cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

If you're using ldap.type=AD, you should not be using a bind credential. If you want to use a bind credential, you should use ldap.type=AUTHENTICATED. See https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 for more info on ldap.type. --Dave

[cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

Hello Everyone I am trying to get CAS to work with AD. I am getting the following error and authentication fails. I already have the OS bound to AD for OS login, so I know there is not firewall issue or anything. I am wondering if I have the right libraries and jar files? I did update my

Re: [cas-user] Service Registry -- Getting the 1st Application Entered

Lionel and Jann, Did you ever have the JSON service registry working? If not, I recommend that you take all the JPA stuff out of pom.xml and cas.properties and get that working correctly first, so that you're only trying to debug one thing at a time. Once you have the JSON service registry

RE: [cas-user] Service Registry -- Getting the 1st Application Entered

Does the tomcat service have proper read rights to the json files and/or the /etc/cas/services/ directories? From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Jann Malenkoff Sent: May-14-18 9:39 PM To: CAS Community Subject: Re: [cas-user] Service

Re: [cas-user] CAS Logout Issue

On Clicking logout which calls the cas/logout link : WHO: casuser WHAT: TGT-1-*CPmWzMzi-I-client ACTION: TICKET_GRANTING_TICKET_DESTROYED APPLICATION: CAS WHEN: Tue May 15 15:45:17 IST 2018 CLIENT IP ADDRESS: 192.168.111.12 SERVER IP