Re: [cas-user] CAS 6.4.4 won't deploy

Sven, Some of the properties have changed names. Check release notes or manually compare them. Also, I think cas now ignores unknown properties (maybe this is configurable). Ray On Wed, 2021-12-15 at 16:15 +0100, Sven Specker wrote: Notice: This message was sent from outside the University of

Re: [cas-user] CAS JDK version question

Carl, I believe 11 is a long term support version. It is what we use. I have not tried more recent versions. Ray On Wed, 2021-12-15 at 16:59 -0500, Carl Waldbieser wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and

Re: [cas-user] CAS 6.2 to 6.3.7.2 upgrade

Baba, You want 6.3.7.3. Make sure you clean before you build. ./gradlew clean build Ray On Wed, 2021-12-15 at 21:51 +, Baba Ndiaye wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Eventually

[cas-user] log4j-jul-2.13.3.jar still included in v6.3.7.3 with cas-server-support-throttle-bucket4 and cas-server-support-reports

I am using v6.3.7.3, when I enable following two dependency in the WAR overlay, I see one older version log4j file log4j-jul-2.13.3.jar in web-inf/lib. Rest of the files are 2.16.0 version. If I remove those two dependency from war overlay file, then I don't see log4j-jul-2.13.3.jar file.

Re: [cas-user] Re: log4j vulnerability remediation

Eventually i'm using JSON for service registry but i have this unzip -l /var/lib/tomcat9/webapps/cas.war | grep log4j 35359 2021-12-15 21:05 WEB-INF/lib/log4j-web-2.16.0.jar 21248 2021-12-15 21:05 WEB-INF/lib/log4j-slf4j18-impl-2.16.0.jar 1789565 2021-12-15 21:05

[cas-user] CAS JDK version question

In the docs for CS 6.4 installation ( https://apereo.github.io/cas/6.4.x/planning/Installation-Requirements.html) it reads: CAS at its heart is a Java-based web application. Prior to deployment, you will need to have JDK 11 installed. Is JDK 11 an

Re: [cas-user] CAS 6.2 to 6.3.7.2 upgrade

Eventually i'm using JSON for service registry but i have this unzip -l /var/lib/tomcat9/webapps/cas.war s.war | grep log4j 35359 2021-12-15 21:05 WEB-INF/lib/log4j-web-2.16.0.jar 21248 2021-12-15 21:05 WEB-INF/lib/log4j-slf4j18-impl-2.16.0.jar 1789565

[cas-user] CAS 6.2 to 6.3.7.2 upgrade

As a longer view on Log4J mitigation we are doing test upgrades from 6.2.x to 6.3... We are using Mongo for service registry, ticketregistry and GAuth registry. When testing the GAuth functions we are getting an exception from the following mongo related error. 2021-12-15 21:15:06,696

Re: [cas-user] Re: log4j vulnerability remediation

Thank you Jeff Le mercredi 15 décembre 2021 à 19:46:39 UTC, jeffrey...@gmail.com a écrit : > I did this based on what was posted earlier in the thread to update 6.2. > > -- add to build.gradle dependencies section > > implementation "org.apache.logging.log4j:log4j-api:2.16.0" >

Re: [cas-user] Re: log4j vulnerability remediation

I did this based on what was posted earlier in the thread to update 6.2. -- add to build.gradle dependencies section implementation "org.apache.logging.log4j:log4j-api:2.16.0" implementation "org.apache.logging.log4j:log4j-core:2.16.0" implementation

Re: [cas-user] Re: log4j vulnerability remediation

good evening I would like to know if we make an update of log4j 2.16 how to know if CAS has supported it (use it) and also for the update we only need to add this lines dependencies { compile "org.apache.logging.log4j:log4j-api:2.15.0" compile

Re: [cas-user] CAS 6.3.7.2 And Twilio SMS (mfa-simple provider)

Guillaume, This looks like a library conflict. There have been a few recent posts on this list on how to exclude the older version of log4j. Ray On Wed, 2021-12-15 at 00:17 -0800, Guillaume EGRON wrote: Notice: This message was sent from outside the University of Victoria email system. Please

Re: [cas-user] CAS 6.4.4 won't deploy, clarification

On 12/15/21 16:15, Sven Specker wrote: I realize that CAS 6.4 (for some reason) wants a redis "cluster" but I got it standalone on the machine, since it is a testserver. It does not complain about missing config-entries, so I thought all is well. It even realizes that DEBUG

[cas-user] Re: CAS 6.3.7.3 Log4j always signing Assertion when built with saml-idp

It was metadata related. It appears like it honors the metadata's preferences over the service config. Changed: To: Thank you, Matt On Wednesday, December 15, 2021 at 9:32:12 AM UTC-5 Matthew Gordon wrote: > After applying the latest 6.3 version to mitigate the log4j issue, all >

[cas-user] CAS 6.4.4 won't deploy

Hi! I have a strange problem. While trying to upgrade one of my CAS-Servers from 6.1.x to 6.4.4 i run into this WARN [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext] - initialization - cancelling refresh attempt:

[cas-user] CAS 6.3.7.3 Log4j always signing Assertion when built with saml-idp

After applying the latest 6.3 version to mitigate the log4j issue, all assertions seem to be signed despite "signAssertions": false, in the service config. Any suggestions? Thank you, Matt -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List

Re: [EXTERNAL SENDER] [cas-user] Overlay template 6.4 build failed

Hello i have docker-compose and i use cas-overlay-template/tree/6.3 . this error happens when I use 'docker-compose build'. I will not install openjdk because I am in a container . I try with 6.4 but it's same result :/ thanks for your help docker-compose build redis uses an image, skipping

[cas-user] CAS 6.3.7.2 And Twilio SMS (mfa-simple provider)

Hello Since CAS 6.3.7.2, adding the dependency cas-server-support-sms-twilio still brings log4j-api 2.14.0 and log4j-core 2.14.0 into the app libs. When I deploy my cas.war into an external Tomcat 9.0.43, through IntelliJ IDEA, cas can't start with error Caused by: