Re: [cas-user] CAS Security Releases/Patches

Hi Baron. It’s the “binary only” release hidden from repo before the security “grace period” has passed. >From that post: "All source code and repository tags that contain fixes for this issue are kept privately until the grace period has passed. Note that repository tags are generally

Re: [cas-user] CAS Security Releases/Patches

The advisory directs you to, "Modify your CAS overlay to point to the version 6.6.12" Should 6.6.12 show up on the releases page at < https://github.com/apereo/cas/releases> (or tags < https://github.com/apereo/cas/tags>? On Thu, Sep 14, 2023

[cas-user] CAS 6, AbstractNonInteractiveCredentialsAction on Trusted AuthN with incoming SAML Assertion

hello, for historical reasons, our CAS set-up needs to support accepting an incoming SAML Assertion (validate, etc.) from HTTP request parameter, perform authentication as the user principal in the incoming SAML assertion, basically, we trust the SAML authN done by our vendor earlier, and

[cas-user] Re: InResponseTo being added to on IdP initated SSO's

Is this push going to resolve this issue? https://github.com/apereo/cas/blame/7fca3208abdf1b39bb15662a2d5c66c7284276b2/support/cas-server-support-saml-core-api/src/main/java/org/apereo/cas/support/saml/util/AbstractSaml20ObjectBuilder.java#L355 Thank you, Matt On Friday, September 8, 2023 at