Re: [cas-user] 7.0.8 vs 7.1.0 pac4j saml delegatedClient

metadata.service-provider.file-system.location > > On Mon, Sep 23, 2024 at 1:15 PM Jonathon Taylor <mailto:jonath...@berkeley.edu>> wrote: >> Hi Michael, >> >> With 7.1 the SAML delegation components all got moved under >> org.apereo.cas:cas-server-support

[cas-user] 7.0.8 vs 7.1.0 pac4j saml delegatedClient

Hello cas-user, I have a single saml pac4j delegated client configured with only 1 IdP under 7.0.8 which works just fine and on startup I see: [org.apereo.cas.config.DelegatedAuthenticationEventExecutionPlanConfiguration] - On 7.1.0 I do not see the above message on startup and I see the follo

[cas-user] Re: SAML sp override idp-signing, overrides default after use - CAS6.6.15

a unique cacheKey but the most recently resolved privateKey seems to take over all of the cache entities when used for signing. (See examples 2 and 4 in my previous post) -Mike On Monday, April 8, 2024 at 3:38:56 PM UTC-4 Michael Daley wrote: > The saml SP override works correctly on fir

[cas-user] SAML sp override idp-signing, overrides default after use - CAS6.6.15

The saml SP override works correctly on first use, but then the override signing certificate is taking precedence over the default IdP signing certificate, or even another override. This effectively breaks all other SP-integrations. This seems to happen with each new override. The intent here

[cas-user] LDAPS Connection Setup Issues with CAS 6.6.3

Hello all, I reposted this because I goofed and didn't sanitize all the hostnames. I've got CAS working fine with LDAP and now I'm trying to push hard to get it to work with LDAPS. I've got a JKS store, /etc/cas/keys/store which is a JKS file, containing two keys: PDC-CA.FQDN public certificat

[cas-user] CAS 6.6.3 - LDAPS

Hello all, I've got CAS working fine with LDAP and now I'm trying to push hard to get it to work with LDAPS. I've got a JKS store, /etc/cas/keys/store which is a JKS file, containing two keys: PDC-CA.FQDN public certificate VDC.FQDN public certificate issued from PDC-CA In my cas.properties I

[cas-user] React CAS Client recommendations?

We have a project that calls for a React CAS client. None are officially recommended. None of the GitHub projects reviewed thus far seem to be particularly active. Anyone have any recommendations to share? Thanks, - Michael -- - Website: https://apereo.github.io/cas - Gitter Chatroom

Re: [cas-user] Upgrading Tomcat?

Yep I grabbed the 6.6.3 overlay-template and it ran using my old config (it is yelling about some of my service definitions, but I can fix those later since they're not deprecated yet). Thanks all! On Tuesday, November 29, 2022 at 5:49:04 PM UTC-5 Ray Bon wrote: > Michael, > >

Re: [cas-user] Upgrading Tomcat?

s1.fr wrote: > On 26/11/2022 22:51, Michael Santangelo wrote: > > Hello all, > > > > Is there any way to upgrade the Tomcat version included with CAS > independently of upgrading CAS itself? > > > > We are currently running Tomcat 9.0.58 that appears to be

RE: [cas-user] CAS Client help

ice Ticket, and then after you have the Service Ticket you are able to call the service? I didn't see any example of what to do with the Service Ticket once you have it. Thanks! From: Petr Fišer Sent: Wednesday, November 23, 2022 1:27 AM To: cas-user@apereo.org; Michael Remijan Subject

RE: [cas-user] CAS Client help

1 AM To: cas-user@apereo.org Subject: Re: [cas-user] CAS Client help Michael, If a user is logged in to the main app, you can use proxy protocol, https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol.html#proxy-web-flow-diagram<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%

RE: [cas-user] CAS Client help

pereo.org Subject: Re: [cas-user] CAS Client help Michael, Can you use a pre-shared key between the app and the API (and not involve cas)? Ray On Wed, 2022-11-23 at 18:18 +, Michael Remijan wrote: Notice: This message was sent from outside the University of Victoria email system. Please be ca

[cas-user] Upgrading Tomcat?

Hello all, Is there any way to upgrade the Tomcat version included with CAS independently of upgrading CAS itself? We are currently running Tomcat 9.0.58 that appears to be bundled with CAS, and I'm trying to update to the latest 9 build (I think 0.69). I have changed the line in the gradle.p

RE: [cas-user] CAS Client help

ereo.org Subject: Re: [cas-user] CAS Client help Michael, If a user is logged in to the main app, you can use proxy protocol, https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol.html#proxy-web-flow-diagram<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.gith

[cas-user] CAS Client help

Hello user community, I am looking for some information on a CAS client and I haven't been able to find it anywhere online. All CAS Client references I've find have been for configuring a Web App so that user login integrates with CAS for authentication. Unfortunately, this is not what I need.

[cas-user] Re: CAS SSL - How to send SSL Certificate Chain?

I solved this by just including the rest of the chain in the tomcat.jks by importing them with keytool -importkeystore -srckeystore chain.jks -destkeystore tomcat.jks. -M On Thursday, November 3, 2022 at 1:55:45 AM UTC-4 Michael Santangelo wrote: > Hello all, > > I'm strugglin

Re: [cas-user] CAS SSL - How to send SSL Certificate Chain?

s during page access either. On Thursday, November 3, 2022 at 12:59:58 PM UTC-4 Ray Bon wrote: > Michael, > > I assume you are running embedded tomcat and the process running tomcat > has read access to the .jks. > What certificate is being sent when you browse to cas/login? >

Re: [cas-user] CAS SSL - How to send SSL Certificate Chain?

re reliable in determining if you have everything > setup correctly. > > On 11/3/22 12:47, Ray Bon wrote: > > Michael, > > I have not run the embedded tomcat so I do not know where the logs are or > if they are the same in the console on startup. > When you are on the cas

[cas-user] CAS SSL - How to send SSL Certificate Chain?

Hello all, I'm struggling with getting CAS to send the certificate chain properly and wondering if maybe I'm using the wrong lines in the config. Before this project I had: server.ssl.key-store=file:/path/to/ssl/tomcat.jks server.ssl.key-store-password=thepassword After some googling, I added s

Re: [cas-user] CAS 6.1.7 attribute for person A released during Person B login

27;uid'][0] }" }, released: principal=SimplePrincipal(id=PersonB, attributes={http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname=[DOMAIN\PersonA], http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn=[pers...@domain.example.edu]}),requiredAttributes={}] On Tuesday, Octobe

[cas-user] CAS 6.1.7 attribute for person A released during Person B login

CAS: 6.1.7 Hazelcast ticket storage, ldap auth and attribute storage, duo MFA Recently experienced and issue where an attribute for Person A was released during Person B session. This caused Person B to have access to Person A's mailbox (Office365). Trying to track down if this is due to a

[cas-user] Surrogate ldap RECURSIVE_ENTRY

I've been having some trouble using the search-entry-handler with the surrogate ldap setup. The RECURSIVE_ENTRY handler does not seem to be used when searching user attributes. - Using Active Directory with the ldap attribute repository for authentication and attribute repository. This is wor

Re: [cas-user] MFA with Duo - A Lot Of Failures

alidClaimException: The Token can't > be used before Thu Feb 17 20:15:11 UTC 2022. > > I don't know about your timezone, but the minute in your log statement is > before the minute when the token can be used. Looks like you are running > about 61 seconds ahead? > >

[cas-user] MFA with Duo - A Lot Of Failures

Hello all, We have implemented Duo as an MFA provider in CAS, and it was working great in small-scale testing. We are pushing to a larger user base to test, and are frequently getting an error upon completion of the MFA process (after the user has approved the push notification): --- MFA Provi

Re: [cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?

ter? > > Felix > Am 08.02.22 um 19:13 schrieb Michael Santangelo: > > I changed my config to: > > cas.authn.ldap[0].order=0 > cas.authn.ldap[0].name=Tech Active Directory > cas.authn.ldap[0].type=AD > cas.authn.ldap[0].ldapUrl=ldap://:389 > cas.authn.ldap[0].valida

[cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?

ee if I can expand it to the entire Staff OU... On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote: > Hello all, > > Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP > working. > > I built an Ubuntu VM and did initial se

Re: [cas-user] CAS Management Overlay 6.5 LDAP Issues?

I can see the bind hit the LDAP server but no other requests seem to make it there. I'll check wireshark and make sure the requests are being sent, then will check back. On Tuesday, February 8, 2022 at 12:08:36 PM UTC-5 Ray Bon wrote: > Michael, > > What do the ldap logs show?

[cas-user] Re: CAS Management Overlay 6.5 LDAP Issues?

reo.cas.authentication.DefaultAuthenticationManager] - >> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn >> for ].> >> >> So I tried to verify that the server can connect via LDAP: >> >> ldapsearch -H ldap://:389 -D "CN=cas

Re: [cas-user] CAS Management Overlay 6.5 LDAP Issues?

m new to working on these things. Do you think it would make a difference? On Tuesday, February 8, 2022 at 11:13:48 AM UTC-5 Felix Schumacher wrote: > > Am 08.02.22 um 17:00 schrieb Michael Santangelo: > > Hello all, > > Forgive me for this, I'm brand new to CAS and I

[cas-user] CAS Management Overlay 6.5 LDAP Issues?

Hello all, Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP working. I built an Ubuntu VM and did initial setup by doing: 1. git clone https://github.com/apereo/cas-overlay-template 2. I did some initial config changes in the cas.properties to get SSL up and runnin

[cas-user] CSP script-src breaks SAML functionality in 6.3.X?

Hi all, I believe enabling the *script-src* Content Security Policy in Apache will break SAML. https://content-security-policy.com/script-src/ "The execution of all JS event handlers from inline HTML markup are blocked default, onclick, onload, onmouseover, onsubmit, etc. You can get them to

[cas-user] Re: CAS 6.3.5 with Duo, double login / NCName issue

In our case the issue was primarily due to the apps utilizing older CAS clients, forcing the apps to update the clients. On Thursday, August 19, 2021 at 10:53:16 AM UTC-10 Michael Hodges wrote: > Since upgrading CAS apps are sporadically requiring users to login twice > in a row. One

[cas-user] CAS 6.3.5 with Duo, double login / NCName issue

Since upgrading CAS apps are sporadically requiring users to login twice in a row. One of the app error log snippets includes the following. We are unable to reproduce the issue at will and hoping that someone recognizes this and can provide info. TIA - Michael 2021-Aug-16 05:08:19 ERROR

Re: [cas-user] Conditional attributes via LDAP group membership

that have no HR identifier. I appreciate that you took the time to respond to my OP! On Thursday, August 27, 2020 at 12:56:38 PM UTC-4 Ray Bon wrote: > Michael, > > Is this what you are looking for: > https://apereo.github.io/cas/6.2.x/integration/Attribute-Value-Release-Policies.html#mutant-

[cas-user] Conditional attributes via LDAP group membership

Is it possible to have a flow within CAS that provides differing attributes to the SP based upon ldap group membership? For example, for members of GROUP1 attribute x=value and for members of GROUP2 attribute x=someothervalue? For a more concrete example - my org uses CAS for Zoom integration,

Re: [cas-user] Screwing up...but where (CAS 6.1.5)

Sven, This is a complete guess as I used a Groovy script for my access strategy. Try adding eduPersonEntitlement and memberOf to the allowedAttributes in the attributeReleasePolicy. Good luck, Mike From: "Sven Specker" To: "cas-user" Sent: Wednesday, April 8, 2020 11:49:09 AM Subjec

Re: [cas-user] 6.1.0 RC6 Attributes Values being doubled when surrogacy is enabled

Robert, I'm running 6.1.5 and when I try this config for my surrogate authentication, no attributes get resolved for the surrogate (attributes were 'map[[empty]]'). I've found that I need to add a separate attribute repository for the same ldap in order to pull in any attributes for the surr

Re: [cas-user] Stumped about Login-Page (CAS 6.1)

Sven, There's a whole templating thing going on and I recommend reading David Curry's excellent write up - [ https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html | https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html ] But if you just want to modify the login pa

Re: [External]:Re: [cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request

I'm glad that helped. It took us some time to figure out it wasn't a CAS issue when we first came across it. From: "Michael Daley" To: "cas-user" Sent: Thursday, April 2, 2020 1:27:08 PM Subject: Re: [External]:Re: [cas-user] SAML2 HTTP-POST binding URL too

Re: [External]:Re: [cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request

, Michael Daley wrote: > > Yes. We are behind an haproxy. I’ll take a look at that. Thank you! > > Sent from my iPhone. > > On Apr 2, 2020, at 12:24 PM, Michael J Barsic wrote: > >  > > CAUTION: This email was generated from outside of CCRI. Please do not > cli

Re: [External]:Re: [cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request

Yes. We are behind an haproxy. I’ll take a look at that. Thank you! Sent from my iPhone. On Apr 2, 2020, at 12:24 PM, Michael J Barsic wrote:  CAUTION: This email was generated from outside of CCRI. Please do not click on links or attachments unless you have verified legitimacy of this

Re: [cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request

Are you behind a proxy server? I've had a similar issue due to our Nginx proxy blocking the request. Thanks, Mike From: "Michael Daley" To: "CAS Community" Sent: Thursday, April 2, 2020 11:43:47 AM Subject: [cas-user] SAML2 HTTP-POST binding URL too long?

[cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request

Hi, A vendor (gartner) performing an sp-initiated SSO to our HTTP-POST binding in unable to complete the authentication webflow. The url that CAS send's the user to on the login page is over 3900 characters long, and appears to cause a browser error. We get 400 - Bad Request when clicking on "s

Re: [cas-user] Re: CAS 5.2.6 + Delegated Authentication + SAML + Azure AD =>

I know this is an old thread, but we are trying to do the same thing. I would like to see a sanitized version of your configs for a starting point if you don't mind sharing. On Thursday, December 20, 2018 at 8:32:58 PM UTC-6, Raghavan TV wrote: > > Hi Jason > > We configured the CAS server as S

[cas-user] 6.1.0: Cannot find state with id 'casExpiredPassView' in flow 'login'

rk.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) Is there something I&#

[cas-user] UNSUBCRIBE

-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from th

[cas-user] Version 6 Branding: Overriding specific style names

Hello all, I am working on upgrading our institution to version 6.1.0 and I'm currently trying to import our theme into the new environment and experiencing some issues with style names that are the same within some of the libraries included (like bootstrap). In my experience with the thymelea

[cas-user] Where is AbstractCasWebflowConfigurer

? Michael -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubs

[cas-user] Dynamic data in webflow

all, I need to inject dynamic data (Message of the Day) into the casLoginView.html I have a basic understanding of thymleaf, but I am not sure where in cas do I put a data model? Michael -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List

[cas-user] Spring Boot datasource

:3306/MSO spring.datasource.username=michael spring.datasource.password= spring.datasource.autocommit=true But I am getting an error at bean creation: Failed to bind properties under 'spring.datasource' to javax.sql.DataSource> I can only assume that I put the properties in the wrong

[cas-user] Chained Federation and Service Broker

kes the URL and then authenticates against the proper IDP. Is this the correct approach? Would CAS be the "Broker" in this scenario? Any links to examples would be great help. There are a ton of white papers out there, but I am needing something more concrete at this point. Mich

[cas-user] setting cas.authn.accept.users to blank does nothing

cept.users= cas.authn.accept.name= cas.authn.accept.credentialCriteria= But I still get that error in the logs. How do I set my AuthenticationHander as the one to use? Michael MacEachran -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: http

[cas-user] URL for 6.0.1 javadoc

t;all implemented classes" bit. I am trying to upgrade from an old 4.x cas to 6.0.1. Is there a base URL that I can get all the javadocs for all the sub-projects? Michael -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: http

[cas-user] Re: CAS - adding JWT Authentication issue

Hi smudigan, I've upgraded CAS version to 5.2.3 to use JWT TOKEN SERVICE now. So i can't help your on this part. Sorry. Le lundi 26 février 2018 12:10:17 UTC+1, Michael JOIGNY a écrit : > > Hi Everyone, > > I would like to add the possibility to use JWT Authentication

[cas-user] Evaluation of CAS features/suitability

via REST API (not a delegated authentication scheme, just a list of revokable, time-constrained API Keys per user)* At first it seemed to me that a JWT Authentication could be used, but since JWT can't be simply revoked, it's probably not the best fit, maybe something like a "servi

[cas-user] Deploying to weblogic

I am trying to deploy CAS 5.3.6 to weblogic. I have a simple overlay and when I deploy to weblogic I am getting this error in the logs: org.apereo.cas cas-server-webapp ${cas.version} war runtime Any suggestions? -- - We

[cas-user] Cant compile test

error: org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler cannot be resolved. It is indirectly referenced from required .class files But that is a different package. So I am wondering what I did wrong? I assume I am missing a basic concept here. Michael MacEachran -- - Website: https://apereo.gith

[cas-user] Re: Enabling LDAP Attribute Resolution breaks authentication

Hi Raymond, Have you ever solved this? I just came across the same issue in CAS 4.1.7 Thanks, --Michael On Wednesday, January 18, 2017 at 12:47:20 PM UTC-5, ray.walker wrote: > > In CAS 4.1... > > > > I had LDAP authentication working with cas-mfa overlay, with the de

Re: [cas-user] CAS 5.2.3 / JWT Service Ticket not working

know why it produces this error "cas.example.org" because i'm using exactly the same Cas-Overlay-Template for generating my cas.war, i just set the cas version 5.2.4. And with CAS 5.2.3 + jwtAsResponse, i have no errors in the logs Le vendredi 27 avril 2018 10:28:38 UTC+2, Micha

Re: [cas-user] CAS 5.2.3 / JWT Service Ticket not working

org/d/msgid/cas-user/fd5502dd-f0bc-46b4-bedb-942d162ab5ff%40apereo.org > > El jueves, 26 de abril de 2018, Michael JOIGNY > escribió: > >> *correction : CAS keeps returning ST-xxx ticket instead of >> ticket=eyxxyyyzzz when i use curl to my service.* >> >> &

[cas-user] Re: CAS 5.2.3 / JWT Service Ticket not working

*correction : CAS keeps returning ST-xxx ticket instead of ticket=eyxxyyyzzz when i use curl to my service.* Le jeudi 26 avril 2018 12:14:43 UTC+2, Michael JOIGNY a écrit : > > Hi everybody, > > I'm trying to configure my CAS server (5.2.3) with JWT Service Ticket in &

[cas-user] CAS 5.2.3 / JWT Service Ticket not working

"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository" },"authorizedToRe

Re: [cas-user] Apache/Tomcat

This is currently how I have my CAS 5.2 install setup. We use Apache as the SSL handler because it is usually more up to date cipher wise than Tomcat. The setup isn't too difficult, you just need to enable mod_proxy, mod_proxy_html, rewrite, and ssl in apache. Then you want to create a vhost lik

Re: [cas-user] java 1.62 - JCE Unlimited Strength Jurisdiction Policy

stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org > <mailto:cas-user+unsubscr...@apereo.org>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/718bdd24-4d97-4723-8f00-a156f7c79757%40apereo.or

Re: [cas-user] Couchbase Ticket Registry Connection Error

In your config settings I did not see a setting for username. I am not familiar with couchbase but it seems to me a username should also be set in the cas properties. On Tue, Mar 20, 2018 at 4:47 PM, Scott Green wrote: > I am trying to setup an HA environment and use Couchbase as the ticket > re

[cas-user] Re: Help with LDAP auth

yet found how to get it to work with nested Active Directory groups, only direct child of the group. On Tuesday, March 20, 2018 at 11:21:09 AM UTC-5, Michael Peterson wrote: > > Is the issue have to do with nested group membership in the Active > Directly group? In order for your LDAP

[cas-user] Re: Help with LDAP auth

Is the issue have to do with nested group membership in the Active Directly group? In order for your LDAP filter to evaluate to true, the user you are testing authenticating with needs to be directly a member of the checked for group. If you want to have it recursively check if the user is a mem

[cas-user] Re: rejected attribute

Are you solely creating services through the CAS management application? I know I ran into some weird behavior when I was inserting service definitions outside of the management app. I also ran into some funky behavior when multiple service definitions had the same ID. On Sunday, March 18, 2018

[cas-user] Re: ssoEnabled in service definition not working correctly

all I really know about it. -Michael On Tuesday, March 20, 2018 at 9:09:24 AM UTC-5, tffishe wrote: > > > > We are running CAS 4.1.5 and we need to make a couple services do > authentication only through CAS without creating an SSO session – that is > force renew=true fr

Re: [cas-user] Google Authenticator - scratch codes

electronically but that kind of defeats the point. Lots of companies make these, just google "OTP scratch card" -Mike. ________ From: Michael O Holstein Sent: Thursday, March 15, 2018 9:57:17 AM To: CAS Community Subject: Re: [cas-user] Google Auth

Re: [cas-user] Google Authenticator - scratch codes

how the others work. IIRC you can also do it via API but that's a bad dependency if it's not you running it, and why bother if it's you. Michael Holstein CISSP Cleveland State University From: cas-user@apereo.org on behalf of Janina Byky Sent:

Re: [cas-user] Latest CAS Stable Release for Production

5.2.2 Is the last stable release that I know of. I think 5.3 is in RC 3 right now. --Mike K On Tue, Mar 6, 2018 at 1:14 PM, Y Levine wrote: > Pardon me, I am new to CAS. > > If we wish to evaluate CAS for production, which version number would you > recommend? > > Thanks. > > -- > - Website: h

Re: [cas-user] CAS SAML no signature signing ???

I had the same error and had to regenerate my idp-metadata.xml after setting the following parameters. cas.authn.samlIdp.entityId=https://cas.example.org/idp cas.authn.samlIdp.scope=example.org cas.authn.samlIdp.attributeQueryProfileEnabled=true I then had to uncomment the AttributeAuthorityDescr

[cas-user] CAS 5.2.2 logs showing authentication failure and sucess

I am trying to add my own custom authentication handler that accesses the database and I have this in my main configuration class: @Bean public DatabaseAuthenticationProvider getAuthenticationProvider() { return new DatabaseAuthenticationProvider("databaseAuthenticationProvider",

[cas-user] Can't find AbstractUsernamePasswordAuthenticationHandler

I am trying to write my own AuthenticationHandler. I have this dependency in my POM: org.apereo.cas cas-server-support-jdbc ${cas.version} But I am getting an error when building. I get a cannot find symbol for symbol: class ServicesMa

Re: [cas-user] Stumped on attribute release in CAS 5.1

If you want to release attributes under CAS 2.0 protocol, here ( https://kogentadono.com/2017/08/30/attribute-release-cas-5-1-x-for-cas-2-0-protocol/) is a post I wrote up a while back. Also, attached is the file you'll need to put in your war overlay to make release work. It should live in src/m

[cas-user] CAS - adding JWT Authentication issue

[org.jasig.cas.web.view.CasReloadableMessageBundle] - 2018-02-26 11:58:13,003 WARN [org.jasig.cas.web.view.CasReloadableMessageBundle] - 2018-02-26 11:58:13,004 WARN [org.jasig.cas.web.view.CasReloadableMessageBundle] - 2018-02-26 11:58:15,243 DEBUG [org.jasig.cas.util.CasSpringBeanJobFactory]

[cas-user] Re: pay forward?

r expire end of June, -Mike ____ From: Michael O Holstein Sent: Friday, February 23, 2018 2:39:23 PM To: cas-user@apereo.org Subject: pay forward? Our annual contract with Unicon is going to renew here in a bit, and we have a bunch of unused consulting hours which a

[cas-user] CAS 5.2 -- Custom Authenticator and UserDetailsService

It's been a few years since my last CAS deployment, and oh dear have things changed! I need to use my own AuthenticationManager and UserDetailsService. I see there is no more .xml configuration. So how do I add by own custom beans now? -- - Website: https://apereo.github.io/cas - Gitter C

[cas-user] pay forward?

is cool with this we're game. Yay open source, etc. Suggestions? Needs to be well-scoped though, so if you've thought it through but couldn't get funding, here's your chance. Michael Holstein CISSP Mgr. Network & Data Security Cleveland State University -- - Website: https

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

ess you > seem to have I’m sure you aren’t going to have a lot of trouble with CAS > once you focus in your problem. Or is it that your thing is to assess which > one performs better? And if so, why not just ask that? > > Regards, > > On 9 Feb 2018, at 20:55, michael kromarek w

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

pty string being written (which for whatever reason Dynamo does not like empty strings at all). I'm thinking PostgreSQL didn't have a problem because the expiration policy is stored as a large object and it probably doesn't care what it is. --Mike K. On Wed, Feb 7, 2018 at 5:51 AM

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

urce=g> > +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu > > [image: The New School] > > On Wed, Feb 7, 2018 at 8:25 AM, michael kromarek > wrote: > >> Hi Dave, >> >> I actually tried those settings first (I was following your gu

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

Hi Uxio, Sure I can share that. I had to do a few tweaks to the database. The first is if you are using SAML, you need to change the samlobject columns from varchar(5000) to text, because signed assertions will exceed those 5000 characters really fast. Next you want to update the constraints for

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

Hi Dave, I actually tried those settings first (I was following your guide, but only having a single server instead of a cluster for mongo). Unfortunately, it fails in the same way with those settings too. I might be able to eek out a little more information if I set org.apereo.cas.ticket.regi

Re: [cas-user] Blackboard Ultra

they started (it didn't work before either, but at least provided the facade). So if you're encountering this, try turniing that setting off and see how it goes. If anyone needs the internal ticket numbers for reference ping me off-list. Thanks, Michael Ho

Re: [cas-user] Blackboard Ultra

s & confused administrators. Ray On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote: Do you have a logout URL configured? Best I know is that when a session expires in Bb, it kills the Bb session, then sends the browser to the IdP logout URL, which would kill your TGT. On 01/30/2018

Re: [cas-user] Blackboard Ultra

ich would kill your TGT. On 01/30/2018 07:08 AM, Michael O Holstein wrote: We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random users are telling us it times out of them. While I suspect this is an issue of opening the app, letting it sit for 2 hours, and the

[cas-user] Blackboard Ultra

ll valid on our end). Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are as-delivered default. Thanks, Michael Holstein CISSP Mgr. Network & Data Security Cleveland State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://git

Re: [cas-user] Re: CAS documentation for a new user is terrible

CAS is an open-source project. It is not plug-and-play. If you want a turnkey implementation, I'd recommend contacting Unicon (the principal architects) who offer it as a hosted solution, various support contracts, and implementation consulting. From: cas-user@

Re: [cas-user] CAS ldap against AD?

We use SSL as startTLS tends to complain, saying it has already occurred, so SSL. You will want the cert from the server you are connecting to, which you can pull with openssl like so: echo -n | openssl s_client -connect 192.168.1.225:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > l

Re: [cas-user] Re: Cas 5.1.6 to 5.20 JSON Service Theme Parameter Not Working as Expected

It would seem so. It would also seem that even when pointing to a groovy script for the theme, that works for login, but even though the correct service is found on logout, it can't find the theme and goes with the default. On Sun, Dec 10, 2017 at 11:12 PM, Andy Ng wrote: > I also encounter thi

Re: [cas-user] Re: SSO problems with CAS 5.1.3

t;;> cas 2 LFU 0 99 ~ It seems that hazelcast.xml MUST be present, regardless of how little information is in there. I played with it and this is as little as you can get away with. Michael Holstein Cleveland State University _

Re: [cas-user] Re: SSO problems with CAS 5.1.3

the patches and apply them on build by inserting them into your overlay. All the diffs I have to do bugfixes against what comes out of github I just stick in another VCS directory and tell Jenkins to overlay them. I'm using 5.1.5-RELEASE and have at least a dozen of them thus far. Cheers

[cas-user] Bug in Twilio config

when you read in the config .. (and these are right) cas.Twilio.AccountId= cas.Twilio.Token= it throws an exception ... WARN [org.apereo.cas.web.CasWebApplicationContext] - I suppose the easy fix is to just change the config to use a double "L" .. but geez. Michael Holstein Cleveland

Re: [cas-user] CAS for Jira 7

Also, I found a workaround for the Login gadget appearing at times. You can simply hide it: https://confluence.atlassian.com/jirakb/howto-hide-the-login-gadget-from-the-system-dashboard-in-jira-5-1-305037906.html Mike On Saturday, September 30, 2017 at 4:47:44 PM UTC-4, Michael Brown wrote

Re: [cas-user] CAS for Jira 7

Hi Marco, We are experience the same issues with the CAS integration as well. We did put together some instructions on modifying / updating the seraph-config.xml and web.xml files, and you can download the .JAR files we used here: https://bitbucket.org/mbrown_ascend/jira-cas-integration/downl

[cas-user] Re: CORS OPTIONS XMLHttpRequest Getting Intercepted?

This issue is actually resolved. We had some configurations and JS issues on our end that turned out to be the issues here. That being said, the CORS filter settings on the CAS server are working as intended as of version 5.1.x. On Tuesday, August 22, 2017 at 2:56:24 PM UTC-4, Michael Matovic

[cas-user] CORS OPTIONS XMLHttpRequest Getting Intercepted?

I've been working on some additional items that we deploy with our CAS server, one of which happens to be a restful api that works alongside CAS. I'm having issues now with OPTIONS requests not getting processed at all. I understand that in CAS 5.1 (the version we are migrating to) there is a C

[cas-user] How to prevent that the LDAP admin user can login?

I put all authentication data below a separated LDAP node, for example, ou=users,dc=cas,dc=mydomain,dc=de, so CAS searches CAS users in another location than the LDAP user location? Thanks for your feedback. Regards, Michael. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS ma

  1   2   >