Re: [EXTERNAL SENDER] [cas-user] CSP script-src breaks SAML functionality in 6.3.X?

Dear all, An alternative method would be to modify the saml2-post-binding.vm file directly: In your cas project, add: cas\src\main\resources\templates\saml2-post-binding.vm And add hash / add nonce / do whatever you want to the file to satisfied CSP For the actual content of

Re: [cas-user] Potential Feature: QR Code as a Login "Badge"

Hello Ben, I am also interested in the login by badge mechanism, I am exploring if this feature would help SEN students easier access. It is true that the major issue with your implementation is the security concern, making it a CAS module definitely helps with the security concern. Another

Re: [cas-user] log4j vulnerability remediation

And... 2.17.1 is out as well. On Tuesday, 21 December 2021 at 03:50:00 UTC+8 Pablo Vidaurri wrote: > > 2.17.0 is actually out now > On Thursday, December 16, 2021 at 2:27:13 PM UTC-6 Raph C wrote: > >> Hi, >> >> You have to exclude log4j* from WEB-INF/lib form overlay plugin and add >> correct

Re: SOLVED Re: [cas-user] Re: Cas 6.1 SSO not working [for our configuration, requesting help]

> > -Rod > > > On Thu., Dec. 2, 2021, 5:58 p.m. Andy Ng, wrote: > >> Hi Rod, >> >> Agree with Ray, your cas.properties does not seems to have any out of the >> ordinary config. >> >> Not able to see any issue with the log as well, but th

Re: [cas-user] Re: Cas 6.1 SSO not working [for our configuration, requesting help]

> > I've attached our cleansed cas.properties file. We do use https. I'm also > including our virtual hosts set up that shows we redirect to https if a > http request to the CAS server comes in. > > Many thanks for having your eyes on this. > > Rod > > On Wednesday, 1 Dec

[cas-user] Re: Cas 6.1 SSO not working

Hi Rod, Usually this happen when you setup your CAS as *http *instead of https. - When CAS is in http, SSO will not work. Making sure it is https should make it work again. - The services you provided seems fine, didn't see any issue on them. - But the ssoEnabled part should be not neccesary

[cas-user] Re: Trimming username for attribute resolution

Hi Richard, I am also not aware on any native attribute trimming feature, maybe other can chime in on that. However, if you think groovy can solve your issue but you don't want external files, you can always use *inline Groovy*. Ref:

[cas-user] How to put metrics data into CAS 6 (just like perfStats.log in CAS 5)

Hi all, About CAS Metrics: Previously in CAS 5, we have a "perfStats.log" containing all the metrics of CAS in a file format. Which is useful for our troubleshooting. See: https://github.com/apereo/cas/blob/v5.3.16/webapp/resources/log4j2.xml#L43 However, in CAS 6, the "perfStats.log" file is

[cas-user] Re: how can i keep recaptcha enabled on pm page and disabled on main cas page cas/login

Hi, Probably not possible by just editing loginform.html, as you can see here: https://github.com/apereo/cas/blob/master/support/cas-server-support-captcha-core/src/main/java/org/apereo/cas/web/flow/ValidateCaptchaAction.java Even if you removed the recaptchtoken on the page, it still would

Re: [cas-user] CAS 6.3.5-Azure AD Delegation-OIDC-JDBC-LDAP

Hi William, A shot in the dark here, since not sure if my suggestion would work. But in your service, have you tried setting principalIdAttribute to email and see if it would be effective? https://apereo.github.io/cas/6.3.x/integration/Attribute-Release-Policies.html Cheers, - Andy On Friday,

Re: [cas-user] CAS 6.3 logging sensitive information

Hi Baron, Ray suggestion is good. Another way might work is to add this logging property in your host: https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties.html#logging In your case would be something like this: logging.level.org.apereo.cas.web.flow=INFO Which should be

Re: [cas-user] I have created an customizable full stack CAS sample project, want to get your feedback!

wrote: > Andy, > > Here is a similar project, > https://fawnoos.com/2021/02/28/cas64-cas-initializr/ > > Ray > > On Sat, 2021-07-03 at 07:30 -0700, Andy Ng wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be

[cas-user] I have created an customizable full stack CAS sample project, want to get your feedback!

Hi all, I have created a new project called "*Select Ur CAS*", want to share it here to get some feedback :) Github link: https://github.com/NgSekLong/SelectUrCAS Video introduction: https://www.youtube.com/watch?v=0c-QbP4igzU "Select Ur CAS" is a project aims to provide a customizable full

[cas-user] Anybody get "Sign in with Apple" working in CAS natively?

Hi all, Would like to know anybody got "Sign in with Apple" working in CAS natively? I got it working my doing some customization (I will attach below) because of some weird issue which I cannot understand. While I would like to investigate on submiting a PR, but I am not sure if I am the

[cas-user] Re: Registered service [name] does not define any authorized/supported delegated authentication provider

Hi Fernando, We use something like this: == "accessStrategy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "delegatedAuthenticationPolicy" : { "@class" :

Re: [cas-user] replace the default login cas page to delegated provider

Hello, Can you try turn the `auto-redirect` property to true see if that match your needs? Ref: https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#delegated-authentication-settings Cheers, - Andy On Wednesday, 2 June 2021 at 23:54:06 UTC+8 Ray Bon wrote: >

[cas-user] Re: CAS Logout Redirect with Front Channel Logout

Hi John, It will use Ajax for frontend call, see this: https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/templates/logout/casPropagateLogoutView.html Note that, due to the recent 3rd party cookie blocking enforced in some of the popular browser,

[cas-user] Re: CAS 6.3.2 CAS Cookie timeout value & redirect issue

Hi Anusuya, > Q1. What is the default timeout value of CAS cookie after login & its related property? CAS is relatively complicated in this part, so basically: - There are TGC cookie which is a cookie stored in user browser indicating they have login, that one expired when user close the

[cas-user] Re: Finally Finish My College

"Terimakasih". In Indonesian > "Terimakasih" means "Thank you". And I want to thank all of you who have > helped me in solving the problems I have found, to Mr. Misagh Moayed, Andy > Ng, Ray Bon, and anyone else that I can't mention. > > Cheers, > Irvan :) >

[cas-user] Re: CAS5.3, SSO between native Mobile App and Web App

> Much appreciated . > > Regards, > Omer AlMatary > > On Thursday, April 11, 2019 at 10:02:52 PM UTC-4 Andy Ng wrote: > >> Hi Yan, >> >> We have built something like this before, >> >> And the answer is: yes you can! When user login to weba

[cas-user] Re: Guide to Deploying CAS 6 - with Ansible, MFA, and Delegated authentication

Hi Paul, Thanks for the contribution! We soon also need to setup delegate auth to Azure, so that section is going to be useful to me. Now whenever people asking for a CAS 6 guide I know where to point them to :) Cheers! - Andy On Thursday, 13 May 2021 at 05:12:14 UTC+8 chauvetp wrote: > Hi

Re: [cas-user] Hide CAS login box (and only use external identity providers)

Hi Paul, The document is awesome, can't wait for the complete version :) Cheers! - Andy On Friday, 30 April 2021 at 21:55:31 UTC+8 ro...@mun.ca wrote: > Fantastic documentation! > > > > *From:* cas-...@apereo.org *On Behalf Of *Paul > Chauvet > *Sent:* Thursday, April 29, 2021 12:39 PM

Re: [cas-user] Using an alias as userlogin

Hi Andrea, Another way to achieve your requirement would be to allow user to input either phone, email and other in the same username box. - Then, use multiple authentication handler to handle different type of user input. - Since we can configured CAS to allow login when any of the

[cas-user] Re: Cas overlay ver 6.3.x integration with pure RADIUS (not MFA RADIUS)

Hi there, While it is CAS 6.2.x and it is quite a long time ago so I forget about most of what I did. But these configuration is what I used for when I successfully login to Radius using CAS 6.2.x during my demo project:

Re: [cas-user] gradle versions of dependency documentation?

Hi Baron, Agreed with Mike, as for compile v.s. implementation, for the use case of CAS build.gradle, you should use *implementation*. See: https://stackoverflow.com/questions/44493378/whats-the-difference-between-implementation-and-compile-in-gradle Cheers! - Andy On Wednesday, 14 April

Re: [cas-user] Configuring syslog appender in CAS 4.0.1

Hi Thatcher, I also agree with Ray, an upgrade is necessary to bring this feature in. In terms of why CAS 4.0.1 vs 4.2.x have this feature different: the log4j library is at *1.2.17* on CAS 4.0.1 https://github.com/apereo/cas/blob/v4.0.1/pom.xml#L985 While the log4j library is at *2.5+* at

[cas-user] Re: how to download the cas-server-support-theme-collections

Maybe you can look into this: https://github.com/apereo/cas/tree/master/support/cas-server-support-themes-collection Cheers! - Andy On Wednesday, 7 April 2021 at 11:37:02 UTC+8 程泽群 wrote: > I look the resources >

[cas-user] Re: CAS 6.3.x Password Policy

Hi BN, Seems like you can override this file to set a custom URL. https://github.com/apereo/cas/blob/v6.3.3/support/cas-server-support-thymeleaf/src/main/resources/templates/fragments/pwdupdateform.html#L154 However, I suspect this link can be set somewhere else as well, maybe you can trace

Re: [cas-user] Problem with CAS 6.2.6

ling you can just set upload/download max speed and >>> latency, it looks so wierd. >>> >>> >>> El viernes, 26 de marzo de 2021 a las 7:01:39 UTC-3, Andy Ng escribió: >>> >>>> Hi all, >>>> >>>> I think I also am running o

Re: [cas-user] Problem with CAS 6.2.6

2 and 6.3. > Any other ideas ? > We are desperate. > > Regards, > > Florent > > > -- > *De: *"Andy Ng" > *À: *"CAS Community" > *Cc: *"nicol...@gmail.com" , "jrautureau" < > jraut...@gmail.com&

Re: [cas-user] CAS 6.4 - Attribute release does'nt work

Hi Jérémie, I saw that you are using CAS 6.4, which is still in RC. Have you try it in CAS 6.3.2? Or even 6.2.x? Even though 6.4.x is in RC, sometime bug do occurs and using slightly older version might help identify your issue. Anyway, It is not so certain what the issue is, below are some

Re: [cas-user] Problem with CAS 6.2.6

Hi all, On our side we are using 6.2.x and in production, no such problem observed. We did implemented a customization multiple customization regarding cookies, which are: - Samesite = None - 3rd party cookie Since I cannot reproduce the issue now, if anybody is free please help try

[cas-user] Re: Cas can’t see exteralized customised views. Cas overlay ver 6.3.2.

Hi there, I have managed to make external customized views works in CAS 6.2.x, I don't have the time to test this out in CAS 6.3 yet but please try this out see if it works: Instead of putting *nextor *in: - /your/external/folder/templates/*nextor* You should do it like this: -

[cas-user] CAS 5 and 6, consent JDBC database name from "ConsentDecision" to "Consent_Decision" issue and fix

Hi all, During migration from CAS 5 to CAS 6, I encountered an issue: - My consent table, originally called `ConsentDecision` , is now renamed to `Consent_Decision` - Moreover, the fields name is also changed, same pattern We have found a solution and want to share here: - it is

Re: [cas-user] Re: Jdbc PasswordManagement

s like there is a bug with the transaction management in 5.3.x? > Or is there another jdbc parameter that I have to tweak to make it work > with autocommit = false? > > Best regards, > Lars > > On 01.03.21 05:39, Andy Ng wrote: > > Dear Lars, > > I have not encountered your issue,

[cas-user] Re: How CAS supports multi tenancy

Hello, Would like to know if you are referring to multiple tenant in Active Directory / Azure / other technology? *If multi-tenant in Active Directory:* CAS can be configured so to use *multiple authentication sources *and *either one of them success *allow for login. In here:

[cas-user] Re: Jdbc PasswordManagement

Dear Lars, I have not encountered your issue, but I encountered a similar issue before (Not able to insert row to JDBC in another component) I found that setting *autocommit *to *true *seems to fix my issue, not sure about the root cause since JDBC is not my strong suit.

[cas-user] Re: Configuring clustered servers in Production

Dear Anusuya, The best step by step guide I know of is the one from David Curry: https://dacurry-tns.github.io/deploying-apereo-cas/introduction_sso-environment-architecture.html - Clustered setup is included in the guide. This document is written for CAS 5.x, but the majority of the document

[cas-user] Re: Sanitize username

Hi Rafiek, I can think of 3 methods of implementing your requirement: 1. *Using Principal Transformation:* 1. e.g. https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#authentication-principal-transformation for Principal transformation for

Re: [cas-user] Unauthorized Service Access when directing login page to cas from web app in apache server.

s found" and "service is not found". > > Do I need to use a valid service provider? or is this just my fault in > configuring the service? > > Previously, thank you Andy for your response. > > Cheers, > Irvan > > Pada Kamis, 31 Desember 2020 pukul 13

Re: [cas-user] Unauthorized Service Access when directing login page to cas from web app in apache server.

Hi Irvan, Please check if the following insight helps: *1. *In order to use JSON as service registry, you need to *enable it* first using this https://apereo.github.io/cas/6.2.x/services/JSON-Service-Management.html#json-service-registry Put this in your build.gradle:

Re: [cas-user] About ticket caching and properties handing in CAS 6.2

tting okhttp jar related error whole deploying the > application. Feel like conflict is happening. We are using CAS 6.2.2 and it > is not happening in local and dev environment. > > Thank you in advance. > > On Wed, 23 Dec 2020, 7:40 am Andy Ng, wrote: > >> Hi Sobhen,

Re: [cas-user] About ticket caching and properties handing in CAS 6.2

Hi Sobhen, Would like to know more about your setup first, see if the below correctly describe your setup: - You setup your properties in: https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#ldap-authentication - You extend the LdapAutheticationHandler and make your

[cas-user] Re: override cas.example.org DNS name

np, glad it helps - Andy On Tuesday, 22 December 2020 at 23:36:41 UTC+8 yap.s...@gmail.com wrote: > Yes, changing cas.server.name does the trick. Thanks a lot! > > Andy Ng 在 2020年12月22日 星期二下午10:29:37 [UTC+8] 的信中寫道： > >> Hello, >> >> The endpoint seems to

[cas-user] Re: Error when add support-radius dependency in build.gradle

d to use the old version. I am trying to use version > 6.1.X which is on your github. After configuring I was finally able to > integrate between my cas server and my freeradius. > > Thanks again Andy! > Cheers, > > Irvan > Pada Senin, 21 Desember 2020 pukul 14.16.49 UTC+

[cas-user] Re: override cas.example.org DNS name

Hello, The endpoint seems to use the *cas.server.name* properties, see: https://github.com/apereo/cas/blob/v6.2.6/support/cas-server-support-saml-idp-core/src/main/java/org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator.java#L121 Have you these *cas.server.name* for

Re: [cas-user] Managing Services with JPA (SQL)

Hi Francisco, If I recalled correctly, you are suppose to use CAS Management Web app along side with CAS to allow for modification on those service stored under JPA. CAS Management Web app: https://github.com/apereo/cas-management Also, although the best way to interact with service is

[cas-user] Re: Error when add support-radius dependency in build.gradle

Hi Irvan, Have you try adding the repo: *maven { url "https://jitpack.io; } * As well? I found some old code of mine (https://github.com/NgSekLong/SelectUrCAS/blob/master/source/cas-overlay/build.gradle#L34) and see that jitpack.io is needed at that time, see if that would help your issue

[cas-user] CAS 5.2.6 ConcurrentModificationException for logout during stress test

Hi all, We have encountered ConcurrentModificationException for logout during our stress test. Putting a `synchornized(this)` block for: https://github.com/apereo/cas/blob/v6.2.6/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/DefaultLogoutManager.java#L61 Seems to fix the

Re: [cas-user] Logging out from CAS logs me out from Google, too

Hi Paul, I am also agreeing with you that logout with CAS doesn't mean logout Google account / other 3rd party account. However I don't spot such issue in my implementation. I am using Google Delegated Authentication as well, I am using CAS 6.2.6. No such issue spotted. Maybe you should try

[cas-user] Unable to fetch user profile from Delegated Authentication in CAS 6.2.x

Hi all, I have found an issue with Delegated Authentication in CAS 6.2.x branch (Latest one, 6.2.6). After login, I found that the UserProfile is not returned after loging in using Deleagted Authentication, below is an example using Google as 3rd party idp.

Re: [cas-user] CAS 6.2.1 attribute release not working with PersonDirectory

Hi all, I encountered the same issue, and want to chime in with some additional info: I found that starting from CAS 6.2.x by default attributes from JDBC / LDAP / other PersonDirecotry are not by default released. See this line here:

[cas-user] Re: Hazelcast Ticket Registry break when reloading properties for CAS 6.2.5

Confirm is a bug, here's the PR: https://github.com/apereo/cas/pull/5003 Cheers! - Andy On Wednesday, 2 December 2020 at 21:14:45 UTC+8 Andy Ng wrote: > Hi all, > > I was trying to implement Hazelcast Ticket Registry and reloading > properties. > > I find that, when I chan

[cas-user] Hazelcast Ticket Registry break when reloading properties for CAS 6.2.5

Hi all, I was trying to implement Hazelcast Ticket Registry and reloading properties. I find that, when I change `cas.properties` and force a reload based on this tutorial: https://fawnoos.com/2020/05/02/cas62x-reloadable-configuration/, it stopped the Hazelcast Ticket Registry instance

[cas-user] SAML 2.0 message replay protection

Hi all, I am reading on the importance of preventing replay attack https://www.idm-360.com/idm360/the-dangers-of-saml-replay-attacks/, which is a requirement from our client. I was wondering if CAS natively already prevent such attack for SAML 2.0 protocol acting both as *sp *or as *idp*.

Re: [cas-user] Sign in with apple

Hi all, My CAS project also have the needs to include "Sign in with Apple". CAS is using Pac4j library: https://github.com/pac4j/pac4j, and it currently didn't have an Apple implementation. Well, due to urgency, I extended the pac4j library to include a custom "Sign in with Apple" component

Re: [cas-user] CAS, Chrome 80 and SameSite cookies policy

Hi all, I have encounter this samesite issue as well for our 5.3.x CAS servers, and I come up with an ugly custom fix, I am sharing here if anyone need quick fix. Since I manage multiple SPs for our CAS, and one SP with a different domain use CAS inside an iframe which trigger this issue.

[cas-user] Re: Auto-Reload of Properties File Not Working

Hi Dustin, > Is there a list somewhere of which properties can/can't auto-reload? The documentation I linked to in the original post states that "Most if not all CAS settings are eligible candidates for reloads." Not that I am aware of, maybe other can provide insight if they know of such

[cas-user] Re: Login to Google delegate server on my custom button

Hi Mindaugas, I have encounter this issue before, from what i know there are 3 ways to handle this issue: 1. Update CAS to 5.3.x (Recommended), which will fix this issue 2. Update pac4j-oauth to latest version - In your Maven (suppose you are using maven), add an entry to pom.xml similar to

[cas-user] Re: Auto-Reload of Properties File Not Working

Hi Dustin, I am using 5.3.x and the auto reload does work, however not for all properties (I think maybe some of the properties are hard to implement auto reload). For eample, changing TGT cookie timeout cannot auto-reload But changing pac4j OAuth credential can auto-reload What is the

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

Hi Michele, I recalled I spent a few hours looking and testing into this issue, and didn't find any meaningful progress so I stopped my research. Sorry to disappoint, let see if the others in the communities have more idea into this issue... Cheers! - Andy -- - Website:

[cas-user] Re: CAS 5.3.x with Mongo Ticket Store (anyone had any issues)

Hi Justin, This thread might be a good read for your :) https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/mongodb$20service$20david|sort:date/cas-user/tCk7jJz5pnE/Tilp-dbqBwAJ Basically, it seem if too high stress and MongoDB will have some minor problem, you can check out more

[cas-user] Re: logging saml response xml

Hi Alin, I think I have done that before, and it probably is by enabling the following: https://apereo.github.io/cas/6.1.x/installation/Configuring-SAML2-Authentication.html#troubleshooting See if enabling that would allow you to see the logs... Cheers! - Andy -- -

Re: [cas-user] Re: Ask for authenticating at every login

Hi Alex, The concept of asking everything before logging to a system is sometime called consent. So, from what I heard for your case, you want your user to consent every time user should be accessing different services. Well, an exact implementation for that might not be natively available

[cas-user] Re: Double Login for Mozilla 4.0 User Agent

Hi Justin, Nice that you think of a workaround! I think it is strange that ticket granting ticket containing user agent... Therefore, I have go ahead and done some additional digging and found the following:

[cas-user] Re: Double Login for Mozilla 4.0 User Agent

Hi Justin, CAS 5 have said that at least the UI will have problem with IE 9 or below, so I doubt they build CAS 5 with IE 7 support in mind https://apereo.github.io/cas/5.3.x/installation/User-Interface-Customization.html#browser-support I don't have IE 7 setup on my system so can't really test

Re: [cas-user] Re: CAS 6.1.3 SAML and JSON

Hi Travis, > To remove unwanted authentication attributes add excludeDefaultAttributes: true. Oh we can do that?! Didn't knows about that and good to learn about this! Thanks Travis :) Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas

[cas-user] Re: CAS 6.1.3 SAML and JSON

Hi Jeff, Have you tried allow all and see if the issue is due to the allowAttribute or other matter? Setup allow all as such: https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html#return-all Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter

[cas-user] Re: CAS 6.1.3 PM JDBC Bug

Hi Bill, Seems like the CAS team will be fixing this in latest CAS version, see this commit: https://github.com/apereo/cas/commit/e214dba59c2273409c406cf4301e2dc875183295 Looks to me they implemented a check this line here:

[cas-user] Re: How to configure password management in cas

For UI, you can always consult the official document: https://apereo.github.io/cas/6.0.x/ux/User-Interface-Customization-Views.html - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions:

[cas-user] Re: How to configure password management in cas

Hi Vikash, Would be awesome if you can provide as much information (e.g. CAS version, which UI element want to chagne, etc...) as possible, so people in the community can try and figure out the problem. First of all: *> Moreover I have added properties for pm: * Is the LDAP part is already

Re: [cas-user] cas5 start up time much longer, development productivity?

Hi Yan, Me too, I also wait a long time during each CAS 5 war deployment. However, actually you don't need to re-deploy the war file everytime you change something, if you just want to change some properties (e.g. Maybe you want to change the scope properties from EMAIL to PROFILE for pac4j

[cas-user] Re: CAS 6 - Dockerized Deployments on two VMs with ticket registry

Hi Maksim, Pretty sure: cas.ticket.registry.hazelcast.cluster.public-address and cas.ticket.registry.hazelcast.cluster.publicAddress Both works the same, since spring property allows both camelCase and kebak-case. And I did successfully use docker CAS and use Hazelcast as ticketing

[cas-user] Re: Adding cas.properties file to source control

Hi Dustin, What version of CAS are you using? So for source control which source control are you trying to use? I assume you are talking about git since this is the most common source control nowadays. There are document here stating how to do:

Re: [cas-user] CAS and database

Hi there, If you look at the file here: https://github.com/casinthecloud/cas-pac4j-oauth-demo/blob/master/pom.xml You will see that the repo you use, are using the SNAPSHOT version of 6.2.0-RC1-SNAPSHOT. The SNAPSHOT version doesn't make stability a high priority, so you are better sticking

Re: [cas-user] CAS and database

Hi, I would highly recommend following https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html and read through it so you get a better idea of how CAS works in generaal. However, if you just want your database to setup and don't want to dive deep, you might follows

[cas-user] Re: New to thymeleaf

Hi Tushar, I think you will find better result posing your question in thymeleaf forum or other medium (e.g. stackoverflow) Thymeleaf: http://forum.thymeleaf.org/General-Usage-f2234430.html More people with experiences in thymeleaf are in those sites, especially seems your easy-login.html and

Re: [cas-user] Need Help Custom authentication CAS SSO 6

Hi Fernando, Have you look into *Rest Authentication*? https://apereo.github.io/cas/6.1.x/installation/Rest-Authentication.html *> encode it and then send it to an external service of mine that is responsible for validating and to obtain the information of the user to my database* What

Re: [cas-user] Re: Suppress the GET for /cas/v1/tickets

Hi Raheem, I don't have time today to do a full test, but I suspect the problem exists in the pathing: When using CAS 5.2.x overlay, the structure seems like this: ├── *cas* │ └── src │ └── main │ └── resources │ ├── hbmsu.properties │ ├──

Re: [cas-user] Re: Suppress the GET for /cas/v1/tickets

Hi Raheem, Where did you find the public CAS 5.2.x docker image? In any case, since you are able to create file and put it in the structure, maybe the following will work: == - Put a spring.factories in the following directory:

[cas-user] Re: Suppress the GET for /cas/v1/tickets

Hi Raheem, I also encountered this issue on 5.2.x, not sure if this is still an issue on later CAS version, I suspect this issue is fixed on later version since it seems like a spring problem. I used a very ugly method to suppress this message, basically I override the GET method and prevent

Re: [cas-user] Re: CAS 5.2.3 running on tomcat 9 and openjdk11

Hi Rao, When we use our CAS 5.3.x and load with Java 11, it didn't even manage to startup... That why we stick to Java 8 for the moment. Don't know why your CAS 5.2.x version work with Java 11 initially, perhaps you didn't use the module that have problem I assumed. In any case, seems like

[cas-user] Re: CAS 5.2.3 running on tomcat 9 and openjdk11

CAS 5.2.x don't really work well with Java 11. To upgrade to Java 11, you will also need to upgrade CAS version to CAS 6. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions:

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

Hi Michele, I see, you are talking about can't receive the *principal *attribute. Kind of busy these days, when free will take a look into it. - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 -

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

Hi Michele, I have setup a surrogate authentication demo in my testing docker environment , I tried both CAS version 6.0.7 and 6.1.2 and the surrogate attribute seems to be working just fine. I

[cas-user] Re: (6.0.3) sessionCount has never decrease after logout

Hi, It is a normal behavior for sessionCount to remain the same after user logout. No need to panic :) CAS does not relies on creating and destroying an entire session for verifying whether or not user are login or not. Instead, CAS uses the cookie called *TGC *for SSO verification, you can

[cas-user] Re: How to use ./gradlew getResource for Overlay Customization with CAS 6.1

glad it helps, also FYI I have submitted a pull request to make suffix also work in the future. https://github.com/apereo/cas-overlay-template/pull/40 if you want suffix to work as well in your current download project, you can add those logic yourself as well. cheers! Andy -- -

Re: [cas-user] Re: Delegated CAS SAML IDP

Hi Raheem, It seems very likely that there are problem with your SAML metadata... If SAML metadata have problem, there is no config can make the authentication success. Can you double check in your idp, correct sp metadata is imported. And also check in your sp, correct idp metadata is

Re: [cas-user] Re: Delegated CAS SAML IDP

Try also add signAssertions=false. And give the error log -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to

[cas-user] Re: /login as credential requestor missing login token value

Hi Lain, I have track don't the commit that removed the lt ticket: https://github.com/apereo/cas/commit/ca17b2f39601c503e1a6925951b39bbdffa4c63f it is remove at 4.2.4 -> 4.2.5. Not sure the reason tho, it did seems weird that the documentation and the source code have differs, you might need

[cas-user] Re: How to use ./gradlew getResource for Overlay Customization with CAS 6.1

Hi Carl, The tutorial from https://apereo.github.io/2019/01/07/cas61-gettingstarted-overlay/ seems to be a bit off from the actual implementation. See the actual implementation here https://github.com/apereo/cas-overlay-template/blob/6.1/gradle/tasks.gradle, it seems *suffix cannot be added*

Re: [cas-user] Re: Best way to implement Post Authentication actions

np problem, glad it helps :) -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS

Re: [cas-user] Re: Delegated CAS SAML IDP

Any change in debug log after you add signResponse=false? - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to

[cas-user] Re: Best way to implement Post Authentication actions

Hi Bobby, See if you can try autocommit=true, as suggeested by this here: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/Kf-dB0b_OuQ If that would helps or not...\ Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List

Re: [cas-user] Re: Connect to AD and AZURE

Hi Anmol, Would really appreciate if you can open a new topic instead of replying to an unrelated topic, it would be easier for people to locate your specific question and give answer. I don't have Active Directory setup in my testing environment, so it would be really hard for me to help

[cas-user] Re: Best way to implement Post Authentication actions

Hi Bobby, > the *postAuthenticate() *method does not seem to be getting called at all How did you verified that postAuthenticate does not get called? Did you use some logs or you just try executing some post JDBC query and they didn't get called? Have you used the keyword *@Override* to make

Re: [cas-user] Re: Delegated CAS SAML IDP

Hi there, Let's try to deduce the problem together! I see you already highlighted the error area around either: - *Signature is not trusted* - *Delegated authentication has failed with client SAML2Client* - *Ignoring the received exception due to a type mismatch* *- 500 server error* Usually

[cas-user] Re: Best way to implement Post Authentication actions

Hi Bobby, I have searched around the CAS 6 documentation, seems like there are nothing similar to your use case build in (Althoguh it is still quite possible that such feature exist but I didn't find it). I guess custom implementing might be an feasible idea. If I am customizing to add last

[cas-user] Re: Delegated CAS SAML IDP

Hi, Can you try enabled debug log: https://apereo.github.io/cas/5.3.x/installation/Troubleshooting-Guide.html#review-logs And capture more logs for debugging purpose? Also, please be careful when reading the documentation, I see that you are using CAS 5.3.x, but you are viewing CAS 5.2.x

Re: [cas-user] Re: SAMLResponse is not base64 encoded

Hi all, I am not familiar with CAS 3, however, I have done some research and tried building CAS 6.1.1 (latest release CAS) with OneLogin PHPSAML, And I found that, CAS 6 can successfully integrate with OneLogin PHPSaml using SAML protocol. No error for CAS 6. So, maybe the lack of base64

  1   2   3   4   >