metadata.service-provider.file-system.location
>
> On Mon, Sep 23, 2024 at 1:15 PM Jonathon Taylor <mailto:jonath...@berkeley.edu>> wrote:
>> Hi Michael,
>>
>> With 7.1 the SAML delegation components all got moved under
>> org.apereo.cas:cas-server-support
Hello cas-user,
I have a single saml pac4j delegated client configured with only 1 IdP under
7.0.8 which works just fine and on startup I see:
[org.apereo.cas.config.DelegatedAuthenticationEventExecutionPlanConfiguration]
-
On 7.1.0 I do not see the above message on startup and I see the follo
a unique cacheKey but
the most recently resolved privateKey seems to take over all of the cache
entities when used for signing. (See examples 2 and 4 in my previous post)
-Mike
On Monday, April 8, 2024 at 3:38:56 PM UTC-4 Michael Daley wrote:
> The saml SP override works correctly on fir
The saml SP override works correctly on first use, but then the override
signing certificate is taking precedence over the default IdP signing
certificate, or even another override. This effectively breaks all other
SP-integrations. This seems to happen with each new override.
The intent here
Hello all,
I reposted this because I goofed and didn't sanitize all the hostnames.
I've got CAS working fine with LDAP and now I'm trying to push hard to get
it to work with LDAPS.
I've got a JKS store, /etc/cas/keys/store which is a JKS file, containing
two keys:
PDC-CA.FQDN public certificat
Hello all,
I've got CAS working fine with LDAP and now I'm trying to push hard to get
it to work with LDAPS.
I've got a JKS store, /etc/cas/keys/store which is a JKS file, containing
two keys:
PDC-CA.FQDN public certificate
VDC.FQDN public certificate issued from PDC-CA
In my cas.properties I
We have a project that calls for a React CAS client. None are officially
recommended. None of the GitHub projects reviewed thus far seem to be
particularly active. Anyone have any recommendations to share?
Thanks,
- Michael
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom
Yep I grabbed the 6.6.3 overlay-template and it ran using my old config (it
is yelling about some of my service definitions, but I can fix those later
since they're not deprecated yet). Thanks all!
On Tuesday, November 29, 2022 at 5:49:04 PM UTC-5 Ray Bon wrote:
> Michael,
>
>
s1.fr
wrote:
> On 26/11/2022 22:51, Michael Santangelo wrote:
> > Hello all,
> >
> > Is there any way to upgrade the Tomcat version included with CAS
> independently of upgrading CAS itself?
> >
> > We are currently running Tomcat 9.0.58 that appears to be
ice Ticket, and then after you
have the Service Ticket you are able to call the service? I didn't see any
example of what to do with the Service Ticket once you have it.
Thanks!
From: Petr Fišer
Sent: Wednesday, November 23, 2022 1:27 AM
To: cas-user@apereo.org; Michael Remijan
Subject
1 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS Client help
Michael,
If a user is logged in to the main app, you can use proxy protocol,
https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol.html#proxy-web-flow-diagram<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%
pereo.org
Subject: Re: [cas-user] CAS Client help
Michael,
Can you use a pre-shared key between the app and the API (and not involve cas)?
Ray
On Wed, 2022-11-23 at 18:18 +, Michael Remijan wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be ca
Hello all,
Is there any way to upgrade the Tomcat version included with CAS
independently of upgrading CAS itself?
We are currently running Tomcat 9.0.58 that appears to be bundled with CAS,
and I'm trying to update to the latest 9 build (I think 0.69). I have
changed the line in the gradle.p
ereo.org
Subject: Re: [cas-user] CAS Client help
Michael,
If a user is logged in to the main app, you can use proxy protocol,
https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol.html#proxy-web-flow-diagram<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.gith
Hello user community,
I am looking for some information on a CAS client and I haven't been able to
find it anywhere online.
All CAS Client references I've find have been for configuring a Web App so that
user login integrates with CAS for authentication. Unfortunately, this is not
what I need.
I solved this by just including the rest of the chain in the tomcat.jks by
importing them with keytool -importkeystore -srckeystore chain.jks
-destkeystore tomcat.jks.
-M
On Thursday, November 3, 2022 at 1:55:45 AM UTC-4 Michael Santangelo wrote:
> Hello all,
>
> I'm strugglin
s during page access either.
On Thursday, November 3, 2022 at 12:59:58 PM UTC-4 Ray Bon wrote:
> Michael,
>
> I assume you are running embedded tomcat and the process running tomcat
> has read access to the .jks.
> What certificate is being sent when you browse to cas/login?
>
re reliable in determining if you have everything
> setup correctly.
>
> On 11/3/22 12:47, Ray Bon wrote:
>
> Michael,
>
> I have not run the embedded tomcat so I do not know where the logs are or
> if they are the same in the console on startup.
> When you are on the cas
Hello all,
I'm struggling with getting CAS to send the certificate chain properly and
wondering if maybe I'm using the wrong lines in the config.
Before this project I had:
server.ssl.key-store=file:/path/to/ssl/tomcat.jks
server.ssl.key-store-password=thepassword
After some googling, I added
s
27;uid'][0] }" },
released:
principal=SimplePrincipal(id=PersonB,
attributes={http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname=[DOMAIN\PersonA],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn=[pers...@domain.example.edu]}),requiredAttributes={}]
On Tuesday, Octobe
CAS: 6.1.7 Hazelcast ticket storage, ldap auth and attribute storage, duo
MFA
Recently experienced and issue where an attribute for Person A was released
during Person B session. This caused Person B to have access to Person A's
mailbox (Office365).
Trying to track down if this is due to a
I've been having some trouble using the search-entry-handler with the
surrogate ldap setup. The RECURSIVE_ENTRY handler does not seem to be used
when searching user attributes.
- Using Active Directory with the ldap attribute repository for
authentication and attribute repository. This is wor
alidClaimException: The Token can't
> be used before Thu Feb 17 20:15:11 UTC 2022.
>
> I don't know about your timezone, but the minute in your log statement is
> before the minute when the token can be used. Looks like you are running
> about 61 seconds ahead?
>
>
Hello all,
We have implemented Duo as an MFA provider in CAS, and it was working great
in small-scale testing.
We are pushing to a larger user base to test, and are frequently getting an
error upon completion of the MFA process (after the user has approved the
push notification):
---
MFA Provi
ter?
>
> Felix
> Am 08.02.22 um 19:13 schrieb Michael Santangelo:
>
> I changed my config to:
>
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].name=Tech Active Directory
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].ldapUrl=ldap://:389
> cas.authn.ldap[0].valida
ee if I can expand
it to the entire Staff OU...
On Tuesday, February 8, 2022 at 11:03:31 AM UTC-5 Michael Santangelo wrote:
> Hello all,
>
> Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
> working.
>
> I built an Ubuntu VM and did initial se
I can see the bind hit the LDAP server but no other requests seem to make
it there.
I'll check wireshark and make sure the requests are being sent, then will
check back.
On Tuesday, February 8, 2022 at 12:08:36 PM UTC-5 Ray Bon wrote:
> Michael,
>
> What do the ldap logs show?
reo.cas.authentication.DefaultAuthenticationManager] -
>> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
>> for ].>
>>
>> So I tried to verify that the server can connect via LDAP:
>>
>> ldapsearch -H ldap://:389 -D "CN=cas
m new to working on these
things. Do you think it would make a difference?
On Tuesday, February 8, 2022 at 11:13:48 AM UTC-5 Felix Schumacher wrote:
>
> Am 08.02.22 um 17:00 schrieb Michael Santangelo:
>
> Hello all,
>
> Forgive me for this, I'm brand new to CAS and I
Hello all,
Forgive me for this, I'm brand new to CAS and I'm trying to get LDAP
working.
I built an Ubuntu VM and did initial setup by doing:
1. git clone https://github.com/apereo/cas-overlay-template
2. I did some initial config changes in the cas.properties to get SSL up
and runnin
Hi all,
I believe enabling the *script-src* Content Security Policy in Apache will
break SAML.
https://content-security-policy.com/script-src/
"The execution of all JS event handlers from inline HTML markup are blocked
default, onclick, onload, onmouseover, onsubmit, etc. You can get them to
In our case the issue was primarily due to the apps utilizing older CAS
clients, forcing the apps to update the clients.
On Thursday, August 19, 2021 at 10:53:16 AM UTC-10 Michael Hodges wrote:
> Since upgrading CAS apps are sporadically requiring users to login twice
> in a row. One
Since upgrading CAS apps are sporadically requiring users to login twice in
a row. One of the app error log snippets includes the following. We are
unable to reproduce the issue at will and hoping that someone recognizes
this and can provide info. TIA - Michael
2021-Aug-16 05:08:19 ERROR
that have no HR
identifier.
I appreciate that you took the time to respond to my OP!
On Thursday, August 27, 2020 at 12:56:38 PM UTC-4 Ray Bon wrote:
> Michael,
>
> Is this what you are looking for:
> https://apereo.github.io/cas/6.2.x/integration/Attribute-Value-Release-Policies.html#mutant-
Is it possible to have a flow within CAS that provides differing attributes
to the SP based upon ldap group membership? For example, for members of
GROUP1 attribute x=value and for members of GROUP2 attribute
x=someothervalue?
For a more concrete example - my org uses CAS for Zoom integration,
Sven,
This is a complete guess as I used a Groovy script for my access strategy.
Try adding eduPersonEntitlement and memberOf to the allowedAttributes in the
attributeReleasePolicy.
Good luck,
Mike
From: "Sven Specker"
To: "cas-user"
Sent: Wednesday, April 8, 2020 11:49:09 AM
Subjec
Robert,
I'm running 6.1.5 and when I try this config for my surrogate
authentication, no attributes get resolved for the surrogate (attributes
were 'map[[empty]]'). I've found that I need to add a separate attribute
repository for the same ldap in order to pull in any attributes for the
surr
Sven,
There's a whole templating thing going on and I recommend reading David Curry's
excellent write up - [
https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html |
https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html ]
But if you just want to modify the login pa
I'm glad that helped. It took us some time to figure out it wasn't a CAS issue
when we first came across it.
From: "Michael Daley"
To: "cas-user"
Sent: Thursday, April 2, 2020 1:27:08 PM
Subject: Re: [External]:Re: [cas-user] SAML2 HTTP-POST binding URL too
, Michael Daley wrote:
>
> Yes. We are behind an haproxy. I’ll take a look at that. Thank you!
>
> Sent from my iPhone.
>
> On Apr 2, 2020, at 12:24 PM, Michael J Barsic wrote:
>
>
>
> CAUTION: This email was generated from outside of CCRI. Please do not
> cli
Yes. We are behind an haproxy. I’ll take a look at that. Thank you!
Sent from my iPhone.
On Apr 2, 2020, at 12:24 PM, Michael J Barsic wrote:
CAUTION: This email was generated from outside of CCRI. Please do not click on
links or attachments unless you have verified legitimacy of this
Are you behind a proxy server? I've had a similar issue due to our Nginx proxy
blocking the request.
Thanks,
Mike
From: "Michael Daley"
To: "CAS Community"
Sent: Thursday, April 2, 2020 11:43:47 AM
Subject: [cas-user] SAML2 HTTP-POST binding URL too long?
Hi,
A vendor (gartner) performing an sp-initiated SSO to our HTTP-POST binding
in unable to complete the authentication webflow. The url that CAS send's
the user to on the login page is over 3900 characters long, and appears to
cause a browser error. We get 400 - Bad Request when clicking on "s
I know this is an old thread, but we are trying to do the same thing. I
would like to see a sanitized version of your configs for a starting point
if you don't mind sharing.
On Thursday, December 20, 2018 at 8:32:58 PM UTC-6, Raghavan TV wrote:
>
> Hi Jason
>
> We configured the CAS server as S
rk.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
Is there something I
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from th
Hello all,
I am working on upgrading our institution to version 6.1.0 and I'm
currently trying to import our theme into the new environment and
experiencing some issues with style names that are the same within some of
the libraries included (like bootstrap).
In my experience with the thymelea
?
Michael
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubs
all,
I need to inject dynamic data (Message of the Day) into the
casLoginView.html
I have a basic understanding of thymleaf, but I am not sure where in cas
do I put a data model?
Michael
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List
:3306/MSO
spring.datasource.username=michael
spring.datasource.password=
spring.datasource.autocommit=true
But I am getting an error at bean creation:
Failed to bind properties under 'spring.datasource' to javax.sql.DataSource>
I can only assume that I put the properties in the wrong
kes the URL and then authenticates against the proper IDP.
Is this the correct approach? Would CAS be the "Broker" in this
scenario?
Any links to examples would be great help. There are a ton of white
papers out there, but I am needing something more concrete at this point.
Mich
cept.users=
cas.authn.accept.name=
cas.authn.accept.credentialCriteria=
But I still get that error in the logs.
How do I set my AuthenticationHander as the one to use?
Michael MacEachran
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: http
t;all implemented classes" bit. I am trying to upgrade
from an old 4.x cas to 6.0.1.
Is there a base URL that I can get all the javadocs for all the
sub-projects?
Michael
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: http
Hi smudigan,
I've upgraded CAS version to 5.2.3 to use JWT TOKEN SERVICE now.
So i can't help your on this part.
Sorry.
Le lundi 26 février 2018 12:10:17 UTC+1, Michael JOIGNY a écrit :
>
> Hi Everyone,
>
> I would like to add the possibility to use JWT Authentication
via REST API (not a delegated authentication scheme, just a list
of revokable, time-constrained API Keys per user)*
At first it seemed to me that a JWT Authentication could be used, but since
JWT can't be simply revoked, it's probably not the best fit, maybe
something like a "servi
I am trying to deploy CAS 5.3.6 to weblogic. I have a simple overlay and
when I deploy to weblogic I am getting this error in the logs:
org.apereo.cas
cas-server-webapp
${cas.version}
war
runtime
Any suggestions?
--
- We
error:
org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler
cannot be resolved. It is indirectly referenced from required .class files
But that is a different package. So I am wondering what I did wrong? I
assume I am missing a basic concept here.
Michael MacEachran
--
- Website: https://apereo.gith
Hi Raymond,
Have you ever solved this? I just came across the same issue in CAS 4.1.7
Thanks,
--Michael
On Wednesday, January 18, 2017 at 12:47:20 PM UTC-5, ray.walker wrote:
>
> In CAS 4.1...
>
>
>
> I had LDAP authentication working with cas-mfa overlay, with the de
know why it produces this error "cas.example.org" because i'm using
exactly the same Cas-Overlay-Template for generating my cas.war, i just set
the cas version 5.2.4.
And with CAS 5.2.3 + jwtAsResponse, i have no errors in the logs
Le vendredi 27 avril 2018 10:28:38 UTC+2, Micha
org/d/msgid/cas-user/fd5502dd-f0bc-46b4-bedb-942d162ab5ff%40apereo.org
>
> El jueves, 26 de abril de 2018, Michael JOIGNY > escribió:
>
>> *correction : CAS keeps returning ST-xxx ticket instead of
>> ticket=eyxxyyyzzz when i use curl to my service.*
>>
>>
&
*correction : CAS keeps returning ST-xxx ticket instead of
ticket=eyxxyyyzzz when i use curl to my service.*
Le jeudi 26 avril 2018 12:14:43 UTC+2, Michael JOIGNY a écrit :
>
> Hi everybody,
>
> I'm trying to configure my CAS server (5.2.3) with JWT Service Ticket in
&
"@class" :
"org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
"principalAttributesRepository" : { "@class" :
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},"authorizedToRe
This is currently how I have my CAS 5.2 install setup. We use Apache as
the SSL handler because it is usually more up to date cipher wise than
Tomcat. The setup isn't too difficult, you just need to enable mod_proxy,
mod_proxy_html, rewrite, and ssl in apache. Then you want to create a
vhost lik
stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org
> <mailto:cas-user+unsubscr...@apereo.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/718bdd24-4d97-4723-8f00-a156f7c79757%40apereo.or
In your config settings I did not see a setting for username. I am not
familiar with couchbase but it seems to me a username should also be set in
the cas properties.
On Tue, Mar 20, 2018 at 4:47 PM, Scott Green wrote:
> I am trying to setup an HA environment and use Couchbase as the ticket
> re
yet
found how to get it to work with nested Active Directory groups, only
direct child of the group.
On Tuesday, March 20, 2018 at 11:21:09 AM UTC-5, Michael Peterson wrote:
>
> Is the issue have to do with nested group membership in the Active
> Directly group? In order for your LDAP
Is the issue have to do with nested group membership in the Active Directly
group? In order for your LDAP filter to evaluate to true, the user you are
testing authenticating with needs to be directly a member of the checked
for group. If you want to have it recursively check if the user is a mem
Are you solely creating services through the CAS management application? I
know I ran into some weird behavior when I was inserting service
definitions outside of the management app. I also ran into some funky
behavior when multiple service definitions had the same ID.
On Sunday, March 18, 2018
all I really know about it.
-Michael
On Tuesday, March 20, 2018 at 9:09:24 AM UTC-5, tffishe wrote:
>
>
>
> We are running CAS 4.1.5 and we need to make a couple services do
> authentication only through CAS without creating an SSO session – that is
> force renew=true fr
electronically but that kind of defeats the point.
Lots of companies make these, just google "OTP scratch card"
-Mike.
________
From: Michael O Holstein
Sent: Thursday, March 15, 2018 9:57:17 AM
To: CAS Community
Subject: Re: [cas-user] Google Auth
how the others work. IIRC you can also do it via API but that's
a bad dependency if it's not you running it, and why bother if it's you.
Michael Holstein CISSP
Cleveland State University
From: cas-user@apereo.org on behalf of Janina Byky
Sent:
5.2.2 Is the last stable release that I know of. I think 5.3 is in RC 3
right now.
--Mike K
On Tue, Mar 6, 2018 at 1:14 PM, Y Levine wrote:
> Pardon me, I am new to CAS.
>
> If we wish to evaluate CAS for production, which version number would you
> recommend?
>
> Thanks.
>
> --
> - Website: h
I had the same error and had to regenerate my idp-metadata.xml after
setting the following parameters.
cas.authn.samlIdp.entityId=https://cas.example.org/idp
cas.authn.samlIdp.scope=example.org
cas.authn.samlIdp.attributeQueryProfileEnabled=true
I then had to uncomment the AttributeAuthorityDescr
I am trying to add my own custom authentication handler that accesses the
database and I have this in my main configuration class:
@Bean
public DatabaseAuthenticationProvider getAuthenticationProvider() {
return new
DatabaseAuthenticationProvider("databaseAuthenticationProvider",
I am trying to write my own AuthenticationHandler. I have this dependency
in my POM:
org.apereo.cas
cas-server-support-jdbc
${cas.version}
But I am getting an error when building. I get a cannot find symbol for
symbol: class ServicesMa
If you want to release attributes under CAS 2.0 protocol, here (
https://kogentadono.com/2017/08/30/attribute-release-cas-5-1-x-for-cas-2-0-protocol/)
is a post I wrote up a while back.
Also, attached is the file you'll need to put in your war overlay to make
release work. It should live in src/m
[org.jasig.cas.web.view.CasReloadableMessageBundle] - 2018-02-26 11:58:13,003 WARN
[org.jasig.cas.web.view.CasReloadableMessageBundle] - 2018-02-26 11:58:13,004 WARN
[org.jasig.cas.web.view.CasReloadableMessageBundle] - 2018-02-26 11:58:15,243 DEBUG
[org.jasig.cas.util.CasSpringBeanJobFactory]
r expire end of June,
-Mike
____
From: Michael O Holstein
Sent: Friday, February 23, 2018 2:39:23 PM
To: cas-user@apereo.org
Subject: pay forward?
Our annual contract with Unicon is going to renew here in a bit, and we have a
bunch of unused consulting hours which a
It's been a few years since my last CAS deployment, and oh dear have
things changed! I need to use my own AuthenticationManager and
UserDetailsService. I see there is no more .xml configuration. So how do
I add by own custom beans now?
--
- Website: https://apereo.github.io/cas
- Gitter C
is cool with this we're game. Yay open source, etc.
Suggestions? Needs to be well-scoped though, so if you've thought it through
but couldn't get funding, here's your chance.
Michael Holstein CISSP
Mgr. Network & Data Security
Cleveland State University
--
- Website: https
ess you
> seem to have I’m sure you aren’t going to have a lot of trouble with CAS
> once you focus in your problem. Or is it that your thing is to assess which
> one performs better? And if so, why not just ask that?
>
> Regards,
>
> On 9 Feb 2018, at 20:55, michael kromarek w
pty string being written
(which for whatever reason Dynamo does not like empty strings at all). I'm
thinking PostgreSQL didn't have a problem because the expiration policy is
stored as a large object and it probably doesn't care what it is.
--Mike K.
On Wed, Feb 7, 2018 at 5:51 AM
urce=g>
> +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Wed, Feb 7, 2018 at 8:25 AM, michael kromarek
> wrote:
>
>> Hi Dave,
>>
>> I actually tried those settings first (I was following your gu
Hi Uxio,
Sure I can share that. I had to do a few tweaks to the database. The first
is if you are using SAML, you need to change the samlobject columns from
varchar(5000) to text, because signed assertions will exceed those 5000
characters really fast.
Next you want to update the constraints for
Hi Dave,
I actually tried those settings first (I was following your guide, but only
having a single server instead of a cluster for mongo). Unfortunately, it
fails in the same way with those settings too. I might be able to eek out
a little more information if I set
org.apereo.cas.ticket.regi
they
started (it didn't work before either, but at least provided the facade).
So if you're encountering this, try turniing that setting off and see how it
goes. If anyone needs the internal ticket numbers for reference ping me
off-list.
Thanks,
Michael Ho
s & confused administrators.
Ray
On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote:
Do you have a logout URL configured? Best I know is that when a session expires
in Bb, it kills the Bb session, then sends the browser to the IdP logout URL,
which would kill your TGT.
On 01/30/2018
ich would kill your TGT.
On 01/30/2018 07:08 AM, Michael O Holstein wrote:
We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random
users are telling us it times out of them. While I suspect this is an issue of
opening the app, letting it sit for 2 hours, and the
ll valid on our end).
Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are as-delivered
default.
Thanks,
Michael Holstein CISSP
Mgr. Network & Data Security
Cleveland State University
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://git
CAS is an open-source project. It is not plug-and-play.
If you want a turnkey implementation, I'd recommend contacting Unicon (the
principal architects) who offer it as a hosted solution, various support
contracts, and implementation consulting.
From: cas-user@
We use SSL as startTLS tends to complain, saying it has already occurred,
so SSL. You will want the cert from the server you are connecting to,
which you can pull with openssl like so:
echo -n | openssl s_client -connect 192.168.1.225:636 | sed -ne
'/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > l
It would seem so. It would also seem that even when pointing to a groovy
script for the theme, that works for login, but even though the correct
service is found on logout, it can't find the theme and goes with the
default.
On Sun, Dec 10, 2017 at 11:12 PM, Andy Ng wrote:
> I also encounter thi
t;;>
cas
2
LFU
0
99
~
It seems that hazelcast.xml MUST be present, regardless of how little
information is in there. I played with it and this is as little as you can get
away with.
Michael Holstein
Cleveland State University
_
the patches and apply them on build by inserting them into your
overlay. All the diffs I have to do bugfixes against what comes out of github I
just stick in another VCS directory and tell Jenkins to overlay them. I'm using
5.1.5-RELEASE and have at least a dozen of them thus far.
Cheers
when you read in the config .. (and these are right)
cas.Twilio.AccountId=
cas.Twilio.Token=
it throws an exception ...
WARN [org.apereo.cas.web.CasWebApplicationContext] -
I suppose the easy fix is to just change the config to use a double "L" .. but
geez.
Michael Holstein
Cleveland
Also, I found a workaround for the Login gadget appearing at times. You can
simply hide
it:
https://confluence.atlassian.com/jirakb/howto-hide-the-login-gadget-from-the-system-dashboard-in-jira-5-1-305037906.html
Mike
On Saturday, September 30, 2017 at 4:47:44 PM UTC-4, Michael Brown wrote
Hi Marco, We are experience the same issues with the CAS integration as
well.
We did put together some instructions on modifying / updating the
seraph-config.xml and web.xml files, and you can download the .JAR files we
used
here: https://bitbucket.org/mbrown_ascend/jira-cas-integration/downl
This issue is actually resolved. We had some configurations and JS issues
on our end that turned out to be the issues here.
That being said, the CORS filter settings on the CAS server are working as
intended as of version 5.1.x.
On Tuesday, August 22, 2017 at 2:56:24 PM UTC-4, Michael Matovic
I've been working on some additional items that we deploy with our CAS
server, one of which happens to be a restful api that works alongside CAS.
I'm having issues now with OPTIONS requests not getting processed at all. I
understand that in CAS 5.1 (the version we are migrating to) there is a
C
I put all
authentication data below a separated LDAP node, for example,
ou=users,dc=cas,dc=mydomain,dc=de, so CAS searches CAS users in another
location than the LDAP user location?
Thanks for your feedback.
Regards, Michael.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS ma
1 - 100 of 126 matches
Mail list logo