[cas-user] Re: X509RestHttpRequestCredentialFactory

2018-08-07 Thread Curtis Ruck
I submitted PR#3457 as my first PR. Please be brutal with the feedback. I thought about leaving the existing X509RestHttpRequestCredentialFactory, maybe renaming it, and creating a new one for the header functionality, and leave the conditional to the

RE: [cas-user] RE: CAS 5 SAML2 Azure AD delegated authentication

2018-08-07 Thread Dickison, Lynn E
That’s a good idea, but cas.authn.pac4j.saml[0].useNameQualifier=false isn’t a valid configuration option in CAS 5.3.2. When I put that into the cas.properties file, CAS doesn’t start. Lynn Dickison From: cas-user@apereo.org On Behalf Of Dmitriy Kopylenko Sent: Tuesday, August 7, 2018 10:53

Re: [cas-user] Call additional URL on service logout

2018-08-07 Thread Jérôme LELEU
Hi, This is another property: the *logoutType* (*BACK_CHANNEL* or *FRONT_CHANNEL*). In your case (for the browser to send the logout request), you need the front channel logout ( https://apereo.github.io/cas/5.3.x/installation/Logout-Single-Signout.html#front-channel ). Thanks. Best regards,

Re: [cas-user] RE: CAS 5 SAML2 Azure AD delegated authentication

2018-08-07 Thread Dmitriy Kopylenko
You could try cas.authn.pac4j.saml[0].useNameQualifier=false Best, D. From: Dickison, Lynn E Reply: cas-user@apereo.org Date: August 7, 2018 at 9:53:30 AM To: cas-user@apereo.org Subject:  [cas-user] RE: CAS 5 SAML2 Azure AD delegated authentication I saw on another posting that someone

Re: [cas-user] Call additional URL on service logout

2018-08-07 Thread Brian Gibson
Hi Jérôme, Thanks for the suggestion, we need the end user's browser to make the call to the logout URL and I think the URL in the "logoutUrl" value gets called by the CAS server, no? - Brian On 8/7/2018 9:09 AM, Jérôme LELEU wrote: Hi, By default, the CAS server will call the service URL

[cas-user] X509RestHttpRequestCredentialFactory

2018-08-07 Thread Curtis Ruck
Given the warning on https://apereo.github.io/cas/5.3.x/protocol/REST-Protocol.html#x509-authentication I believe the REST X509 authentication is completely useless in a production environment. It expects a POST with the cert=. This doesn't validate the public/private key handshake that the

[cas-user] RE: CAS 5 SAML2 Azure AD delegated authentication

2018-08-07 Thread Dickison, Lynn E
I saw on another posting that someone else was trying to do delegated authentication using ADFS. They were able to get it to work using CAS 5.2, but it didn’t work with CAS 5.3. Since ADFS and Azure AD are both Microsoft products, I decided to try out delegated authentication to Azure AD

Re: [cas-user] Call additional URL on service logout

2018-08-07 Thread Jérôme LELEU
Hi, By default, the CAS server will call the service URL of the CAS applications the user has accessed during his SSO session. But you can change the application logout URL (called by CAS) via the CAS property when defining the CAS service: logoutUrl. See:

[cas-user] Call additional URL on service logout

2018-08-07 Thread Brian Gibson
One of our portal's subapps doesn't get logged out when the portal calls the /cas/logout URL on our CAS 5.1.2 server, that subapp has it's own logout URL. Is there a way within CAS 5 to have the client call a URL in the background as they log out of a service? Thanks! -- - Website: