tronically but that kind of defeats the point.
Lots of companies make these, just google "OTP scratch card"
-Mike.
____________
From: Michael O Holstein
Sent: Thursday, March 15, 2018 9:57:17 AM
To: CAS Community
Subject: Re: [cas-user] Google Authentic
Mathematically .. think salted hash of list of known values. output is on the
card .. you compare the values you have against what they gave you and see if
it matches. The salt is unique per card. You buy them in bulk and you get a
list of serial numbers = card ID .. usually there's QR so you
of June,
-Mike
From: Michael O Holstein
Sent: Friday, February 23, 2018 2:39:23 PM
To: cas-user@apereo.org
Subject: pay forward?
Our annual contract with Unicon is going to renew here in a bit, and we have a
bunch of unused consulting hours which are for features
Our annual contract with Unicon is going to renew here in a bit, and we have a
bunch of unused consulting hours which are for features and whatnot. I'm sure
if they're not cool with this I'll get told shortly but here's what I'm
proposing ..
I'll bet there's a couple others in the same boat ..
p; confused administrators.
Ray
On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote:
Do you have a logout URL configured? Best I know is that when a session expires
in Bb, it kills the Bb session, then sends the browser to the IdP logout URL,
which would kill your TGT.
On 01/30/2018 07:08
s ==> unhappy
users & confused administrators.
Ray
On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote:
Do you have a logout URL configured? Best I know is that when a session expires
in Bb, it kills the Bb session, then sends the browser to the IdP logout URL,
which would kill your
en sends the browser to the IdP logout URL,
which would kill your TGT.
On 01/30/2018 07:08 AM, Michael O Holstein wrote:
We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random
users are telling us it times out of them. While I suspect this is an issue of
op
We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random
users are telling us it times out of them. While I suspect this is an issue of
opening the app, letting it sit for 2 hours, and then noticing their session
went away (which should re-auth as the TGT is still valid on our
CAS is an open-source project. It is not plug-and-play.
If you want a turnkey implementation, I'd recommend contacting Unicon (the
principal architects) who offer it as a hosted solution, various support
contracts, and implementation consulting.
From:
> A default service registry will be automatically created under /etc/cas
I've never found that to be the case .. it gets created in
JAVA_IO_TEMPDIR/$server.context.path/services
eg .. with no other options, you'll find it in /tmp/cas/services.
IMPORTANT NOTE: despite what's claimed about
what's in hazelcast.xml .. it's mandatory you configure that.
also bear in mind that only spring will load externalized configs, everything
else seems to need be in the classpath.
ymmv, and you are using less features .. but I had to :
- use an updated springboot due to a bug in 1.5.3
-
This held me up forever .. I CC'd the author because I don't think I can post.
fwiw we contract support for cas via Unicon.
File :
cas/support/cas-server-support-sms-twillio/src/main/java/org/apereo/cas/config/TwillioSmsConfiguration.java
Commit :
620dc67c760cb2489adbd9ef6a3170d9d604f354
The biggest thing you will need to do is configure some sort of replication for
the ticket registry .. pick a flavor (ehcache, memcache, whatever ...).
Also, with casshib you can do per-service on the SAML/shib side as well, since
each shib service comes across to CAS separately (if you wish).
(cross-posted to both lists since I'm not sure who to ask)
I have a deployment of both Shibboleth3 and Cas3 whereby authentication is
delegated (to CAS) via Shibcas. I'm running into a wall trying to get ECP
working.
I am front-ending Tomcat with Apache and using AJP, configured per the wiki
14 matches
Mail list logo
