Please see https://apereo.github.io/2023/09/14/oauth-vuln/
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
I'm working through some additional testing to see if I can narrow it down
further. One thing we noticed was that it seemed to be tied to Duo. We were
seeing this issue when logging in with a Duo-enabled user, but not with a
user that did not have Duo enabled. I'll post more info once I've been
In our testing, Duo does seem to be required to trigger this behavior. If
we use a non Duo-enabled user, or a service registration that does not use
Duo, it works as expected. It also appears to be tied to subsequent
authentications, as use of /cas/login?renew=true will reliably trigger it
(this
Is there an out of the box configuration to allow a user to enter their
email then based on email domain either delegate the user to Azure AD or
authenticate to LDAP?
I'm also trying to set an order so that LDAP is check first then redirect
to Azure but it does not look like the following is a
Hello,
We have been using CAS 5.1.2 as SP (Service Provider) for SSO where the IDP
is Microsoft Azure. When attempting to log in with Azure, users are
authenticated successfully, but upon redirection back to CAS, an issue
arises where CAS is unable to find the service registry. This results in
Hi Baron, I happen to have RC7 installed for evaluation.
I do not see the behavior you are describing while testing your scenarios.
Did you add any customization or is this out of the box?
Maybe share your cas.properties to review.
-psv
On Monday, September 11, 2023 at 9:04:18 PM UTC-5 Baron