Ok we have a vendor Modolabs doing a mobile app connected to CAS with OIDC
config (JSON service registry)
Anyone have experience? Things ain't going well. (Modo claims CAS is
sending multiple 302 redirects for Service Ticket validation).
-Bryan
--
- Website: https://apereo.github.io/cas
-
ml#slf4j-audits
>
>
>
> cas.audit.slf4j.auditFormat=JSON
>
> cas.audit.slf4j.singlelineSeparator=|
>
> cas.audit.slf4j.useSingleLine=true
>
> cas.audit.slf4j.enabled=true
>
>
>
> *From: *Bryan Wooten
> *Sent: *Wednesday, August 26, 2020 10:50 AM
> *To: *c
I know this is more of a log4j question, but my google foo is not working.
My log4j2.xml has this:
Does anyone have an example showing a JSON PatternLayout?
-Bryan
University of Utah
--
-
First Ray, thanks to you and others that helped me with cas-management. I
hope I can return the favor.
I deployed my first JSON file created by cas-management today. Success
after some frustration. hehe.
I can't help with your issue, but why is an Incommon cert needed? Is your
CAS also a SAML
We can't get the status/discovery endpoint to work following this:
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#cas-endpoints
We keep getting this error message:
Property: cas.monitor.endpoints.discovery.enabled
Value: true
Origin:
University of Utah
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: ^https://appserv01-test.idm.utah.edu/.*
name: appserv01TestIdmUtahEdu
id: 1014
description: "Bryan Wooten "
expirationPolicy:
{
as a few properties, one of which is syncScript.
>
> Ray
>
> On Wed, 2020-07-15 at 14:16 -0600, Bryan Wooten wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Than
management/blob/v6.1.0-RC4/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
>
> This should be correct:
>
> mgmt.versionControl.syncScript
>
> Ray
>
> On Wed, 2020-07-15 at 13:32 -0600, Bryan Wooten wrote:
> case 's'?
>
> Ray
>
> On Wed, 2020-07-15 at 11:43 -0600, Bryan Wooten wrote:
>
> Hello again,
>
> When we set:
> mgmt.syncScript=/etc/cas/sync.sh in management properties we get this
> error.
>
> Not sure why the case is being changed.
>
> Thanks,
>
>
Hello again,
When we set:
mgmt.syncScript=/etc/cas/sync.sh in management properties we get this error.
Not sure why the case is being changed.
Thanks,
-Bryan
***
APPLICATION FAILED TO START
***
Description:
Binding to target [Bindable@49af530d
onfiguration/CasManagementConfigurationProperties.java
>
>
> ‐‐‐ Original Message ‐‐‐
> On Thursday, July 9, 2020 12:46 AM, Bryan Wooten
> wrote:
>
> So when we load the app on the same Tomcat as the CAS server itself we get
> this error:
>
> ***
So when we load the app on the same Tomcat as the CAS server itself we get
this error:
***
APPLICATION FAILED TO START
***
Description:
Binding to target [Bindable@1471d5e6 type =
org.apereo.cas.configuration.CasManagementConfigurationProperties,
ust create a writable
> directory (or make the default writable) for the git repo and be done with
> it.
> We store our services in ldap (so no file sync), but I am not that far
> along in my config, maybe later this week or next.
>
> Ray
>
> On Mon, 2020-07-06 at 11:52 -0600, B
I was wondering if any of you fine folks could help me.
I am trying to get cas-management application (6.2) with a Cas 6.1.6
server. (I can change the cas-management version if needed.
Anyway I am having trouble understanding the docs and and
management.properties settings.
I am simply trying
I agree with Ron. As a point of reference, we have 1000 json entries in our
service registry. I added 6 this morning.
Very few use any wild cards.
We are also working on getting the management app up and running.
-Bryan
University of Utah
On Wed, Jul 1, 2020 at 5:26 AM Emilian Mitocariu <
We have the same issue. But not on the 6.2 master branch.
On Fri, Jun 26, 2020 at 3:07 PM Amit Poddar wrote:
> Hi,
>
> I am dealing with the same issue, did you get a resolution to this? If
> yes then would you be willing to share the resolution?
>
> Thanks,
> Amit
>
> On Thursday, June 4,
We are trying to test:
https://github.com/cas-projects/openid-sample-java-webapp
But in the CAS logs I see:
[1;31m2020-06-24 13:43:52,517 ERROR
[org.springframework.boot.web.servlet.support.ErrorPageFilter] -
ESC[m
org.thymeleaf.exceptions.TemplateInputException: Error resolving template
We are trying to get the /status /health endpoints to work on the CAS 6.2
main branch following this guide:
https://apereo.github.io/cas/development/monitoring/Monitoring-Statistics.html
We have this in our pom.xml:
implementation
venName
>
> Change it to
>
> cas.authn.ldap[0].principalAttributeList=firstName,lastName,displayName,email,homephone,department,ou,cn,telephoneNumber,acadplan,almail,eduPersonAffiliation,uid,eduPersonPrincipalName,ummail,unid,uudept,uuemployee,
> uustudent,psrole
>
> On Mon, Jun
Hi all,
We are unable to get attributes to release (CAS 6 Master).
Java client 3.6.1
We have a json service registry entry:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://cas6test.go.utah.edu/.*;,
"name" : "cas6testGoUtahEdu",
"id" : 2020052801,
an help.
>
>
> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
> level="warn"/>
>
>
> name="org.apereo.cas.services.DenyAllAttributeReleasePolicy" level="warn"/>
>
> Ray
>
> On Mon, 2020-06-01 at 08:34 -0600, Bryan
60Z
http://www.ja-sig.org/products/cas/;>
LdapAuthenticationHandler
mfa-duo
http://www.ja-sig.org/products/cas/;>
mfa-duo
http://www.ja-sig.org/product
t; Before debugging, I would bump up to the latest client (3.6.x). Easy to
> do and might just fix it.
>
> Dan
>
>
> On Wed, May 13, 2020 at 1:17 PM Bryan Wooten wrote:
>
>> cas-client-core-3.4.1.jar and cas-client-support-saml-3.40.jar
>>
>> I should
Dan
>
> Dan Ellentuck
> Columbia University I.T.
>
>
> On Wed, May 13, 2020 at 12:51 PM Bryan Wooten wrote:
>
>> Hi all,
>>
>> I wrote a brain dead simple CAS servlet that demos attribute release
>> about 5 years ago. Worked as expected.
>>
>>
Hi all,
I wrote a brain dead simple CAS servlet that demos attribute release about
5 years ago. Worked as expected.
But suddenly it does this:
HTTP Status 500 – Internal Server Error
--
*Type* Exception Report
*Message*
vs. "hazelcast".
We are good to go now.. :)
Cheers,
-Bryan
On Tue, Feb 25, 2020 at 3:41 AM Jérôme LELEU wrote:
> Hi,
>
> The Hazelcast dependency is available in the Maven central repository as
> most dependencies.
> Thanks.
> Best regards,
> Jérôme
>
>
:
> https://github.com/apereo/cas/blob/master/gradle/maven.gradle#L197
> Thanks.
> Best regards,
> Jérôme
>
>
> Le lun. 24 févr. 2020 à 17:14, Bryan Wooten a
> écrit :
>
>> Following the instructions here:
>>
>>
>> https://apereo.github.io/2019/
Following the instructions here:
https://apereo.github.io/2019/01/07/cas61-gettingstarted-overlay/#dependencies
We are trying to add dependencies for Hazelcast and Duo by adding to the
build.gradle file:
compile "org.apereo.cas:cas-server-support-duo:${casServerVersion}"
compile
Ok I have 800+ servers using CAS, SLO is an ongoing issue.
So now I have a major department moving to Docker, my SLO "solution" to SLO
does work at ( forwarding SLO requests in a load balanced sticky session
env). It depends on static DNS server names.
Anyone doing Docker SLO? It is all new
We started with JPA ticket registry back in the 3.x days. Ran into the same
issue.
We moved to ehcache then to hazelcast.
We do about 300k (with Duo) logins per day. I would never recommend JPA
because of this exact issue.
-Bryan
University of Utah
On Fri, Oct 5, 2018 at 5:50 PM Trevor Fong
Is there a load balancer involved?
I see you have a mix of https and http in the configuration.
We had a similar issue with .Net. Our load balancer was not configured to
redirect http to https.
-Bryan
On Tue, Mar 26, 2019 at 4:30 PM Pablo Vidaurri wrote:
> Have you found a solution for this?
1, Hazelcast
2. 4
3. 4
4. Same server
5. 200k per day using Duo (employees) Students add more. I have seen 400k
total per day.
6. No issues
Bryan
University of Utah
On Fri, Feb 22, 2019 at 10:12 AM wrote:
> Hi everyone,
>
> A few questions for those of you who are using a distributed or high
>
We also use hazelcast across 4 Cas nodes, all active (behind a Citrix
Netscaler with sticky sessions). We do about 400k logins per day. (30k
students and 20k staff).
Duo enabled for all employees. We don't use any Proxy Tickets at this time.
I have 600+ servers in the JSON Service Registry, all
Hi all,
I am working with a team using WSO2 for "micro services"/ restful api using
OAuth / JWT.
So to start with we are using CAS 5.2.x customized for Duo to our specs
(Thanks Unicon).
I am new at this OAuth stuff so forgive me if I have this all wrong...
So using this as a start:
Hi all,
So I have this one application (PHP on Apache) that wants to write their
own CAS PHP client. Yeah a bad idea I know.
Anyway they they don't like mod_auth_cas because it takes auth out of the
application and delegates it to Apache? (My opinion is that this is the
least effort solution)
I believe filter mappings are regex expressions.
So with the proper regex I can protect:
/secure/* but exclude a url like:
/secure/notsensitve/*
Thanks,
Bryan
University of Utah
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines:
All,
I am trying to implement our first CAS proxy.
I have read
https://apereo.github.io/cas/5.0.x/installation/Configuring-Proxy-Authentication.html
This is our exact use case. But I am having trouble truly understanding.
Currently our JSON service registry has this entry for the desired
Hi all,
I have department that uses mod_auth_basic for local login (non UofU
persons) and defers to an ancient home grown CAS proxy (don't ask) for SSO
for UofU persons.
Anyway if I understand Apache at all, each of these can be configured to
protect specific endpoints and afterward subsequent
I am trying to implement the Java Client on my Tomcat server but I am now
running into this exception:
java.lang.ClassCastException: org.jasig.cas.client.validation.AssertionImpl
cannot be cast to org.jasig.cas.client.validation.Assertion
at
Hi all,
We are trying to CASify Grouper 2.4 (just released) per this:
https://spaces.at.internet2.edu/display/Grouper/Implementing+CAS+Authentication+for+Grouper
And reading this: https://github.com/apereo/java-cas-client
*Tomcat 6/7/8 Integration*
The client supports container-based
agree.
But in all honesty commercial software is not really better…
As a community there are limited resources that can be dedicated to docs,
it certainly will not gain me or you any points ($) at our org.
Just as a member of this community I sincerely appreciate any docs
/experiences/config
"I certainly hope that Bb is not sending a logout request to CAS when 'its'
session expires (not user initiated). That would single logout the user out
of all services (that participate in SLO) regardless of CAS settings ==>
unhappy users & confused administrators."
This topic begs the question:
ously
> mentioned, for our service definition store.
>
> I hope this helps, if you have questions I can probably help.
>
> Best,
>
> Erik Mallory
>
> Server Analyst
>
> Wichita State University
>
>
>
>
>
> *From: *<cas-user@apereo.org> on be
Thanks Dima.
That may be just the ticket!
-Bryan
On Fri, Jun 23, 2017 at 2:06 PM, <dkopyle...@unicon.net> wrote:
> https://apereo.github.io/cas/5.1.x/installation/
> Configuring-Service-Access-Strategy.html
>
> D.
>
> On Jun 23, 2017, 15:59 -0400, Bryan Wooten <
I just got this request from one our developers:
"The QA-team has an app called “QA Dashboard”. They have asked us to
CASify it, we’re assigning that work to BobtheDev. But the app does have
to be constrained to a very narrow set of authorized users. Of course we
could create a table to manage
I guess I understand the way it is, but must it be that way? Should
> it be that way?
>
> On Mon, May 01, 2017 at 07:20:00PM -0600, Bryan Wooten wrote:
> >Ok, If you are manually editing the JSON service registry or using any
> tool
> >(home grown or provided by Apereo) you
Ok, If you are manually editing the JSON service registry or using any tool
(home grown or provided by Apereo) you MUST carefully validate the final
JSON file syntax.
I never make a change during normal hours.
We are HA with 4 CAS servers. I make the change on one server. (They are
all
Just my 2 cents and hope it helps.
We use a time based RollingFileAppender. The size based created issues.
And check your Tomcat localhost (not access log) log file. I found that
some errors go to cas.log others to catalina.out and some of the more
esoteric ones go to localhost.
Also note that
enerally login only once a day or
> so.
>
> 24 Feb:
>
> AUTHENTICATION_SUCCESS: 91116
> SERVICE_TICKET_VALIDATED: 161060
>
> Cf.
>
> for h in casweb{6,7,8,10}
> do ssh $h 'gzip -dc /path.../logs/cas_audit-2017-02-24-1.gz | fgrep
> SERVICE_TICKET_VALIDATED'
> don
We have two CAS 3.6.x servers behind a Netscaler running on Tomcat 8.
Hazelcast Ticket Registry. JSON Service Registry with 500+ entries (all
wild carded for urls). Duo for all employees. (30k)
CAS1
grep AUTHENTICATION_SUCCESS cas.log.2017-02-24* | wc -l
215743
CAS2
grep
If anyone wants the slides I would be happy to email them.
On Fri, Jan 27, 2017 at 4:26 PM, David Hawes <dha...@vt.edu> wrote:
> On 26 January 2017 at 13:23, Bryan Wooten <ttbaja...@gmail.com> wrote:
> > We have our Peoplesoft environment CASified by adding CAS filter
wrote:
> This won't answer your questions -- only as an FYI.
>
> The consultants working on this gave a large price tag (with the
> associated backend authorizations etc)-- as it is not part of the usual
> PeopleSoft supported flow.
>
> So we went with LDAP.
>
>
> On Thu, Ja
We have an Apache server running mod_auth_cas that sits behind a Citrix
load balancer that does SSL termination.
So the user goes to https://server.utah.edu/secure and the load balancer
hits the real server at http://server.utah.edu/secure due to the SSL
termination.
This results in
53 matches
Mail list logo