Okay if it is known behavior than I had to consider this since my CAS has
multiple instances and I should allow them all. Thanks for your interest.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
-
Okay if it is known behavior than I had to consider this since my CAS has
multiple instances and I should allow them all. Thanks for your interest.
On Tuesday, 17 December 2019 09:19:53 UTC+3, Cemal Önder wrote:
>
> I want to use REST Protocol in my services. For this, I enabled Rest
> Protocol
I will see that i post my configs so you can compare them with yours
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are
I saw this too. With 6.2 you need to specifify the allowed service names in the
CAS configuration. This is done by enabling the JSON config option and creating
a json style config for the service name.
The service name is 'nothing' more than the url of the service. Like
https://yourdomain.com
Ray,
Thanks for answer.
The Apache error :
[Mon Dec 16 20:10:23.636950 2019] [proxy_ajp:error] [pid 24997:tid
139694717187840] (70007)The timeout specified has expired: AH01030:
ajp_ilink_receive() can't receive header
[Mon Dec 16 20:10:23.637062 2019] [proxy_ajp:error] [pid 24997:tid
I want to use REST Protocol in my services. For this, I enabled Rest
Protocol and trying to get TGT. Also, all examples were based on generic
service registration which I don't want in prod environment.
Here
Hi Ray,
We are using cas:v5.2.6 in our development environment and it is working
fine, so we are planning to move our production environment for that
process, we need to implement some security settings or fixes as per our
security team.
For testing CSRF is highly concerned for us and they
Hi Fernando,
Have you look into *Rest Authentication*?
https://apereo.github.io/cas/6.1.x/installation/Rest-Authentication.html
*> encode it and then send it to an external service of mine that is
responsible for validating and to obtain the information of the user to my
database*
What
Hi Raheem,
I don't have time today to do a full test, but I suspect the problem exists
in the pathing:
When using CAS 5.2.x overlay, the structure seems like this:
├── *cas*
│ └── src
│ └── main
│ └── resources
│ ├── hbmsu.properties
│ ├──
Colin,
I was thinking the user would enter their home organization rather than the
auth provider.
CAS should step through different authentication mechanisms in the order they
are listed [in config] until it finds a match or exhausts all mechanisms. We
use multiple LDAP entries that differ
Ray sincerely thank you very much.
Please allow me some time, which I will model well the process I explain in
more detail and I explain it to you, to see if you can guide me, and indeed
"What happens if a user logs in to an application in a different domain and
then goes to your service, will
If I understand correctly, CAS is external to your organization but associated
in a way that can provide SSO.
For CAS SSO to work, it sends a cookie to the user's browser (TGC). If your
application does the log in and then communicates with CAS, then there will be
no cookie, and no SSO.
It
One of the big limitations that I have at the organization's policy level
is that I cannot allow anything external to the organization to go against
our database, due to data protection and user issues, that is why I have to
service our that is implemented, tested, validated and audited, then
Fernando,
CAS can connect to the database for authentication,
https://apereo.github.io/cas/6.1.x/installation/Database-Authentication.html
It can also get attributes from a database,
https://apereo.github.io/cas/6.1.x/integration/Attribute-Resolution.html
which can be released to your
Hi Ray, I really appreciate you answering me; It is possible that I
explained myself badly, for my implementation and for this post, I am
abstracting from the client, assuming that it already exists as indeed it
is. What I use for login is the CAS but what I have to solve is the
I think I've more or less confirmed the theory. Started a PR with a POC
using Gauth here: https://github.com/apereo/cas/pull/4552
On Monday, December 16, 2019 at 12:45:02 PM UTC-5, Hayden Sartoris wrote:
>
> Hi Nono,
>
> Thanks for the tip, I think I have a better idea of what's going on now.
>
Mickaël,
What is the AJP error?
You may have to turn up logging in apache and tomcat.
Ray
On Mon, 2019-12-16 at 10:08 -0800, Mickaël wrote:
Hi,
I am running CAS 5.3.X on a Tomcat 8 with Apache in frontal and AJP.
since several weeks, I have AJP timeout in error.log without any more raison.
Fernando,
The purpose of CAS is to eliminate your application's login page.
For your application to use CAS, it needs a CAS client,
https://apereo.github.io/cas/6.1.x/integration/CAS-Clients.html
A simplified CAS login flow might be:
visit your application (cas client checks if user is logged
Running into two issues I could use some help with:
First - in 6.1.2 if I build w/ Hazelcast and Hazelcast AWS Discovey via
the gradle overlay and have discovery enabled,
enabled(cas.ticket.registry.hazelcast.cluster.discovery.enabled=true) I
get the following stack trace:
2019-12-16
Hi,
I am running CAS 5.3.X on a Tomcat 8 with Apache in frontal and AJP.
since several weeks, I have AJP timeout in error.log without any more raison.
My idea is to use Apache in proxy HTTP and not AJP. Apache have certificate for
the TLS connection.
But I am trying different configuration
Greetings dear community, I am writing on this occasion for need of
guidance from you.
I have the following development scheme for an implementation of CAS SSO V6
for the University.
The life cycle that I must implement is as follows: The user enters his
username and password, through
Hi Nono,
Thanks for the tip, I think I have a better idea of what's going on now.
The caveat is that I'm not a Java/Spring developer, but here's my take:
MultifactorAuthnTrustConfiguration.java
Raheem,
Can you provide scenario where this would be an issue?
Ray
On Mon, 2019-12-16 at 09:27 -0800, Raheem Shaik wrote:
I did not get any response for this, can some one provide guide or docs to me .
On Thursday, December 12, 2019 at 12:07:19 PM UTC+5:30, Raheem Shaik wrote:
Can you please
Colin,
In federated access, the user is often presented with a discovery lookup where
they select or type their chosen identity provider. It is possible to modify
the CAS web flow,
https://apereo.github.io/cas/6.1.x/webflow/Webflow-Customization.html, and
insert such a page.
See,
I did not get any response for this, can some one provide guide or docs to
me .
On Thursday, December 12, 2019 at 12:07:19 PM UTC+5:30, Raheem Shaik wrote:
>
> Can you please provide any document to prevent CSRF for CAS v5.3.10 or
> Any steps to add cas.properties to achieve this.
>
>
> Regards,
Folks,
I have an central application that will be used by multiple groups of
users. These users are organized organizationally in LDAP as the primary
system of record. However each organization will have a potentially
different choice of which of my available authentication providers need
to
Hi Owen,
i had to add some parameters to the application.properties to make this
feature work :
cas.authn.mfa.trusted.deviceFingerprint.cookie.name=MFATRUSTED #=> not sure
this is needed
cas.authn.mfa.trusted.deviceFingerprint.cookie.domain=*.
Hi,
I'm using CAS to authenticate both with web interface and rest calls.
While trying to configure Surrogate authentication, it works with web
interface but it doesn't with rest.
e.g.
curl -k -X POST \
https://local.host.it:8444/cas/v1/tickets/ \
-H 'Content-Type:
Hi Andy,
I have tried with provided steps by you but still getting the same error
message.
added the files to my Dockerfile like below
FROM apereo/cas:v5.2.6
# A keypair is needed for SSL, and CAS simply will not work if you can't do
SSL regardless of whether you actually need it.
RUN keytool
Hi Andy,
Thanks for providing the steps, i will try to implement provided steps.
Below is the process we are following
# docker pull apereo/cas:v5.2.6 - > you will get the docker image
After that I am following the steps provided by cas-overlay-template
Hello Hayden
i am working on a poc implementing trusted device fingerprinting with cas
6.1.2 (json storage for now) and i had the same problem, the user was never
prompted the invite to register the device. I did a little debugging on cas
and i found that if you redefine the
class
Hi Raheem,
Where did you find the public CAS 5.2.x docker image?
In any case, since you are able to create file and put it in the structure,
maybe the following will work:
==
- Put a spring.factories in the following directory:
I get same error too and when I debug the application, I see that problem
happens because when we request JWT following code works:
val registeredService = payload.getRegisteredService() == null
? locateRegisteredService(serviceAudience)
: payload.getRegisteredService();
33 matches
Mail list logo