Re: [cas-user] I am unable to connect with my MYsql Database and Application Not Authorized

Vijayawada, Issue 2: Usually 500s will have some logged failure reason (e.g. unable to connect to db). Turn up the logging level if necessary. Issue 1: The service parameter sent to cas must match the serviceId (which can be a regular expression). Yours is very specific; moodle is probably

Re: [cas-user] CAS 7.0.4 Can't get cas-management (7.0.0-SNAPSHOT) to authenticate to CAS

I have been able to determine that the problem results from cas-management not knowing how to handle the callback [from cas]. In cas-management 6.5, if one directly access the callback endpoint, https://local.uvic.ca/cas-management/callback the log shows the CALLBACK code/filter being activated:

Re: [cas-user] CAS 7.0.4 Can't get cas-management (7.0.0-SNAPSHOT) to authenticate to CAS

Tom, I am experiencing the same problem (too many redirects). I will be comparing the behaviour of cas-management 6.5 to 7-snapshot today. Ray On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote: You don't often get email from ajjreijnd...@gmail.com. Learn why this is

Re: [cas-user] cas 7.1.0 disable slf4j and active groovy for auditing .Is it work ?

'customHttpRequestHeader' is only an example; you would have to define it as part of the groovy script (or add it to the headers somewhere else). Ray On Tue, 2024-05-14 at 04:57 -0700, artur mis wrote: You don't often get email from artvr@gmail.com. Learn why this is

Re: [cas-user] One-to-many User mapping question in Delegated AuthN

Yan, I see two problems with letting user select the correct username: 1. user needs to know which username belongs to which application (sounds like a help desk nightmare) 2. a username may match a real user, e.g., jsmith might exist in both applications, allowing johnsmith to log in as both

Re: [cas-user] CAS 7.04 trying to login on cas-management

Tom, Does your service definition for cas-management include an MFA reference? Ray On Wed, 2024-05-08 at 13:10 -0700, Tom Reijnders wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I've setup

Re: [cas-user] multiple mfa simple instances?

Marcin, If you have multiple providers, cas can display a menu, https://apereo.github.io/cas/7.0.x/mfa/Multifactor-Authentication-ProviderSelection.html Are you making your own mobile authenticator app or do you want to use one not in the list of supported MFA endpoints,

Re: [cas-user] CAS 7.0.3 Office365 Integration and attributes problem

Łukasz, Increase your logging level. Some of the output should list the attributes and values for the user logging in; just to make sure those attributes are being resolved. Ray On Tue, 2024-05-07 at 23:14 -0700, Łukasz Woźniak wrote: Notice: This message was sent from outside the University

Re: [cas-user] Enforce MFA without authentication (active SSO session)

e would want MFA be triggered on EVERY request to /authorize. I might be completely lost too, would be happy to receive some insight on this if someone is aware :) Many thanks! Tom On Wednesday 8 May 2024 at 03:39:51 UTC+3 Ray Bon wrote: Tom, Could it be that the groovy script is returning null or

Re: [cas-user] Enforce MFA without authentication (active SSO session)

Tom, Could it be that the groovy script is returning null or a value that cas does not understand? Ray On Tue, 2024-05-07 at 06:49 -0700, tjan...@gmail.com wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive

Re: [cas-user] Re: CAS7 bean creation override question

Yan, Configuration classes are driven by spring. Perhaps this class runs before the debugger can connect to the [starting] app. For your Configuration class to be called, it needs to be added to src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

Re: [cas-user] SAML2 Delegated Authentication problem (org.xml.sax.SAXParseException: Premature end of file.)

Are you missing service-provider-metadata-path? Ray On Wed, 2024-05-01 at 20:20 +0200, wouldsmina wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I want to use SAML2 Delegated

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

merging? On Tuesday, April 16, 2024 at 8:55:32 p.m. UTC-2:30 Ray Bon wrote: I have been able to confirm that the presence of the surrogate log in feature can create the observed problem. implementation "org.apereo.cas:cas-server-support-surrogate-webflow" The non merging of attribut

Re: [cas-user] CAS Client side (user) session timeout - regd

text only) Any relevant cas.properties for this? Thanks in advance! On Saturday, April 13, 2024 at 12:10:30 AM UTC+5:30 Ray Bon wrote: Amulya, Are you talking about logging out of an application or about cas? For an application, that would be in the application configuration. For cas, see https

Re: [cas-user] Bean Creation Exception on CAS 6.6.x migration from 6.5.x when using CAS events components

Dhanunjaya, It is possible that some of the properties have changed name. Check the docs and / or ./gradlew exportConfigMetadata Which will list deprecated properties and their replacement. Ray On Thu, 2024-04-18 at 00:16 -0700, Dhanunjaya Y wrote: Notice: This message was sent from outside

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

:48:06 a.m. UTC-2:30 Ray Bon wrote: Mike, What logger did you enable to see this? Ray On Fri, 2024-04-12 at 11:36 -0700, Mike S wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Thanks for your re

Re: [cas-user] cas7, how do I load thymeleaf files in Intellij?

full insights. > Get more help at https://help.gradle.org. BUILD FAILED in 3m 9s 10 actionable tasks: 9 executed, 1 up-to-date On Saturday, April 13, 2024 at 12:18:06 AM UTC-4 Ray Bon wrote: Yan, The overlay project is a shell that makes deployment simple because it _does not_ include all of the

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

12, 2024 at 12:24:47 p.m. UTC-2:30 Ray Bon wrote: Mike, I can confirm this behaviour. DefaultPrincipalElectionStrategy was changed between 6.5 and 7.0. The change was in 5bcef20 about 5 months ago. The old behaviour was to select the first principle in a list; new behaviour defaults to last

Re: [cas-user] cas7, how do I load thymeleaf files in Intellij?

Yan, The overlay project is a shell that makes deployment simple because it _does not_ include all of the files from cas. When you build the overlay, it pulls in the cas war file, replacing any files you may want to override with ones from your overlay src folder. If you want to make changes

Re: [cas-user] CAS Client side (user) session timeout - regd

Amulya, Are you talking about logging out of an application or about cas? For an application, that would be in the application configuration. For cas, see https://apereo.github.io/cas/6.6.x/ticketing/Configuring-Ticket-Expiration-Policy.html Ray On Fri, 2024-04-12 at 04:00 -0700, Amulya Sri

Re: [cas-user] CAS 7.0.3: missing LDAP principal attributes when using DUO MFA

Mike, I can confirm this behaviour. DefaultPrincipalElectionStrategy was changed between 6.5 and 7.0. The change was in 5bcef20 about 5 months ago. The old behaviour was to select the first principle in a list; new behaviour defaults to last. Even setting this property,

Re: [cas-user] Throttling Authentication Attempts doesn't work

cas.authn.throttle.failure.throttle-window-seconds=PT5M but when i have deux failed attempts it's banned. I need 5 attempts Le jeudi 6 avril 2023 à 11:59:11 UTC, William Vincent a écrit : Hi It works, user can login if using wrong password William Le mer. 5 avr. 2023 à 23:56, Ray Bon a écrit : William

Re: [cas-user] SAML2 protocol in CAS6.4.6.6

d solution? Thanks, - Xavier - El dia divendres, 22 de març del 2024 a les 16:03:39 UTC+1, Ray Bon va escriure: Xavier, The property names may have changed (your version is old). Maybe search this blog, https://fawnoos.com/blog/ Ray On Fri, 2024-03-22 at 06:02 -0700, Xavier Rodríguez wro

Re: [cas-user] CAS management 7

2024 à 19:40:57 UTC+1, Ray Bon a écrit : Benjamin, The behaviour you describe happens when the service ticket can not be validated. cas management submits the ST to cas through a back channel over https. If there is nothing in cas audit log about validation / failed validation (which would

Re: [cas-user] CAS management 7

Benjamin, The behaviour you describe happens when the service ticket can not be validated. cas management submits the ST to cas through a back channel over https. If there is nothing in cas audit log about validation / failed validation (which would give a reason for failure), it could be a

Re: [cas-user] how to handle idle timeout in App?

Yan, Single logout is messy business. Cas has a session that is independent from an application session. Cas session may be longer or shorter than an application, it may have different settings and conditions for how its length is determined. Application participation in single log out can be

Re: [cas-user] AUP and Ldap storage error

Cas will try each ldap target in sequence. Is ldap[0] the same for aup and authn? Try setting ldap (and cas) log level to debug or trace? Ray On Sun, 2024-03-24 at 01:48 -0700, Mm Mm wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious

Re: [cas-user] Disabling escaping of special characters such as '#' in MS Active Directory usernames

Bogdan, Perhaps you can use the ldap filter search-filter=#{user} You can have multiple ldap configs and they are processed in order. Ray On Fri, 2024-03-22 at 11:04 -0700, Bogdan Badz wrote: Notice: This message was sent from outside the University of Victoria email system. Please be

Re: [cas-user] SAML2 protocol in CAS6.4.6.6

Xavier, The property names may have changed (your version is old). Maybe search this blog, https://fawnoos.com/blog/ Ray On Fri, 2024-03-22 at 06:02 -0700, Xavier Rodríguez wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links

Re: [cas-user] CAS 7.0.x: How to prevent cas.war from containing Oracle driver?

. Any suggestions for what to include in my build.gradle config to exclude the ojdbc war from the final war file WEB-INF/lib directory? Any suggestions are appreciated. Thanks, Ed O. On Tuesday, February 27, 2024 at 10:57:39 AM UTC-8 Ray Bon wrote: Ed, Are you including the

Re: [cas-user] Cas configuration properties source locator

empty memory database for cas management... Best Regards. Le mer. 6 mars 2024 à 03:46, Ray Bon mailto:r...@uvic.ca>> a écrit : Mohamed, I was having similar problems with v6.5. Maybe try version 7.0 Ray On Tue, 2024-03-05 at 10:53 +0100, Mohamed Amdouni wrote: Notice: This message was

Re: [cas-user] Cas configuration properties source locator

Mohamed, I was having similar problems with v6.5. Maybe try version 7.0 Ray On Tue, 2024-03-05 at 10:53 +0100, Mohamed Amdouni wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I’m using

Re: [cas-user] Sending queries to multiple databases

We use ldap and it does process each entry until it finds a successful match. Set cas log level to debug and you should see db queries being made. Ray On Wed, 2024-02-28 at 21:09 -0800, 폴폴 wrote: Notice: This message was sent from outside the University of Victoria email system. Please be

Re: [cas-user] I would like claims defined for service not for all serviced registred in CAS OIDC .Can i do it in json service file?

artur, Perhaps 'user-defined scopes' under https://apereo.github.io/cas/7.0.x/authentication/OIDC-Authentication-Claims-Mapping.html#mapping-claims-per-service Ray On Thu, 2024-02-29 at 08:39 -0800, artur mis wrote: Notice: This message was sent from outside the University of Victoria email

Re: [cas-user] Deleteged Azure AD, duplicate pk in postgres_jpa_ticket_entity

Pablo, Is that deleted or delegated? Is it possible that azure ad metadata is missing or not in the location that cas thinks it is? Ray On Mon, 2024-02-26 at 13:44 -0800, Pablo Vidaurri wrote: Notice: This message was sent from outside the University of Victoria email system. Please be

Re: [cas-user] CAS v7.0.0 Performance issue.

that needs to be done in that case. On Friday 23 February 2024 at 19:44:24 UTC+5:30 Ray Bon wrote: Shavi, Could this be related to the storage mechanism you use for services? Are you able to try a different back end? Ray On Fri, 2024-02-23 at 00:09 -0800, Shavi Teotia wrote: Notice

Re: [cas-user] CAS 7.0.x: How to prevent cas.war from containing Oracle driver?

Ed, Are you including the oracle jdbc jar in JBOSS? My understanding is that the application server creates a jndi object independent of the application being deployed (i.e. it does not look to the application for drivers). Ray On Mon, 2024-02-26 at 15:22 -0800, Ed O. wrote: Notice: This

Re: [cas-user] Re: Multiple SAML Federated SP

(wildcard) service definition, so you could effectively say "for an unknown SP, first try InCommon, then eduGAIN, then ..." or whatever. On Wednesday, February 21, 2024 at 9:54:52 AM UTC-5 Ray Bon wrote: What Kostas said! Perhaps what is needed is a feature to generate service d

Re: [cas-user] CAS v7.0.0 Performance issue.

Shavi, Could this be related to the storage mechanism you use for services? Are you able to try a different back end? Ray On Fri, 2024-02-23 at 00:09 -0800, Shavi Teotia wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and

Re: [cas-user] Take user back to Login page after MFA login error

Yan, The doExecute method gets the RequestContext https://docs.spring.io/spring-webflow/docs/current/api/org/springframework/webflow/execution/RequestContext.html, which has a number of maps. At least one of them should have an object(s) that represents the successful login (hopefully it will

Re: [cas-user] Re: Multiple SAML Federated SP

What Kostas said! Perhaps what is needed is a feature to generate service definitions (in memory) for each [SP] entry in federated metadata (during parsing of metadata). With filters, allow and deny lists could be created, attributes to release set, and other conditions (like MFA) could be

Re: [cas-user] CAS Initializr and Versions

You can update your instance by copying in differences from https://github.com/apereo/cas-overlay-template Ray On Tue, 2024-02-20 at 07:18 -0800, atilling wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive

Re: [cas-user] Error CAS 7.0.1

[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2024-02-20 09:41:34,325 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - Le 14/02/2024 à 17:36, Ray Bon a écrit : Those are not errors. CoreTicketUtils Either your registry does not support encryption or you have

Re: [cas-user] ABAC Service Access Strategy not working as expected?

Baron, Without looking at the code, this may be treated as an 'or'. That is, user does not have allow [ false ] but also does not have reject [ ! false ]. You may be able to use a groovy condition (described on the same page) or a custom solution,

Re: [cas-user] Error CAS 7.0.1

Those are not errors. CoreTicketUtils Either your registry does not support encryption or you have not provided the properties. This is what my log line looks like: cas | 2024-02-14 16:16:53,778 DEBUG [ org.aper.cas.util.CoreTicketUtils] - [main] BaseStringCipherExecutor I also see this

Re: [cas-user] Alway Error 404 after compilation deployment

: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, I can't find casAppender.java. In CAS7, where can I find this class? Thank you, Jérémie Le vendredi 9 février 2024 à 18:32:25 UTC+1, Ray Bon a écrit : Jérémie, I

Re: [cas-user] Alway Error 404 after compilation deployment

. 2024 à 17:09, Ray Bon mailto:r...@uvic.ca>> a écrit : Jérémie, 'CasAppender' is defined in the log4j2.xml So it looks like cas is able to find the file, but not able to process it; hence, no log output. CasAppender is an indirection for the defined appender(s)

Re: [cas-user] Re: why is redirecting to cas.example.org:8443 instead of using cas.server.name host

ouni mailto:me.amdo...@gmail.com>> a écrit : You mean 6.4? The only version available in https://getcas.apereo.org/ui when choosing cas management is 6.4 Will try the cas.server.scope Thanks Le mer. 7 févr. 2024 à 19:09, Ray Bon mailto:r...@uvic.ca>> a écrit : Mohamed,

Re: [cas-user] Alway Error 404 after compilation deployment

] [info] Le déploiement de l'archive de l'application web [/var/lib/tomcat10/webapps/cas.war] s'est terminé en [8 955] ms ``` About localhost_access_log.2024-02-09.txt ``` 192.168.1.xx - - [09/Feb/2024:08:32:35 +0100] "GET /DevMgmt/DiscoveryTree.xml HTTP/1.1" 404 719 ``` Thank you, Jérémie Le jeu

Re: [cas-user] Alway Error 404 after compilation deployment

instead of openjdk-21-jdk, it should works. Is that possible that the problems comes from the cas.properties files ? I think my file is good Thank you, Jérémie Le mercredi 7 février 2024 à 03:51:39 UTC+1, Ray Bon a écrit : Jérémie, Are there any files in TOMCAT_HOME/logs ? (Could also

Re: [cas-user] Re: why is redirecting to cas.example.org:8443 instead of using cas.server.name host

Mohamed, In my cas-management 6.5, I have this in management.properties which I place in /etc/cas/config cas.server.name=https://${cas.server.scope} cas.server.prefix=${cas.server.name}/cas logging.config: file:/etc/cas/config/log4j2-management.xml mgmt.server-name=${cas.server.name} where

Re: [cas-user] Help With Performance Optimisation. CAS 6.6.x

for ticket. I believe there is issue with cas's ability to process requests. On Tuesday, February 6, 2024 at 6:49:20 PM UTC+5:30 Ray Bon wrote: Is the issue with tomcat's ability to handle traffic or cas's ability to process requests? How much memory is allocated to tomcat? What are you using for ticket

Re: [cas-user] Alway Error 404 after compilation deployment

lun. 5 févr. 2024 à 20:45, Ray Bon mailto:r...@uvic.ca>> a écrit : Jérémie, You might be waiting a long time debian to upgrade java ;) You can download and install openjdk-21 (on Ubuntu, mine is in /usr/lib/jvm) You can $ JAVA_HOME=/usr/lib/jvm/jdk-21 Then when you run ./g

Re: [cas-user] Help With Performance Optimisation. CAS 6.6.x

Is the issue with tomcat's ability to handle traffic or cas's ability to process requests? How much memory is allocated to tomcat? What are you using for ticket storage (in memory storage will be faster than database, etc)? See

Re: [cas-user] Couldn't build in Linux RHEL

10:06:17 AM UTC+5:30 Ray Bon wrote: Amulya, Depending on where the groovy script is called, it may have different requirements / passed in arguments. These are outlined in the docs. 'method not implemented' sounds like a method signature issue; would need to see the code. You should

Re: [cas-user] Couldn't build in Linux RHEL

y provide me if you have any grovy scripts tutorial or custom handler tutorial.. Amulya On Tue, Feb 6, 2024 at 1:27 AM Ray Bon mailto:r...@uvic.ca>> wrote: Amulya, Are you sure you need to have a custom captcha (or any other custom code)? If you do create something custom, try t

Re: [cas-user] how do I add dependency without being tied to version?

Yan, You can put the version into gradle.properties (I put this at the bottom of my file): lombokVersion=1.18.30 ... In build.gradle: compileOnly "org.projectlombok:lombok:${lombokVersion}" testCompileOnly("org.projectlombok:lombok:${lombokVersion}") If the library is included in cas, then

Re: [cas-user] Couldn't build in Linux RHEL

links and sensitive information. Thanks! Yeah.. am trying to add captcha, username, password etc in a single handler. Any pointers to such tutorials? Amulya On Mon, Feb 5, 2024 at 7:58 PM Ray Bon mailto:r...@uvic.ca>> wrote: Amulya, To add 'customHandlers' you would need to modi

Re: [cas-user] Alway Error 404 after compilation deployment

be cautious with links and sensitive information. Hi Ray Bon, I am using Debian 12 and openjdk is the version 18. So, must I install openjdk-11-jdk ? (18 > 11 should be good ...) The same for Tomcat, tomcat9 is required for cas 6.6 so it should be good for tomcat10 too .. normally ... I

Re: [cas-user] Alway Error 404 after compilation deployment

Jérémie, Is there a reason why java and tomcat are not the versions in the requirements? You do not need to concern yourself with spring boot and gradle; they will be handled by the build process. If you are starting out, use the most recent version. See

Re: [cas-user] Couldn't build in Linux RHEL

:27:11 AM UTC+5:30 Ray Bon wrote: Amulya, You can copy what is done for the default login form. I thought there was some guidance in the docs, but I am unable to find it. You can use spring tutorials. Ray On Thu, 2024-02-01 at 15:10 -0800, Amulya Sri Pulijala wrote: Notice: This message was sen

Re: [cas-user] Delegated Azure callbackUrl by service

Pablo, This may give some ideas https://fawnoos.com/2017/10/23/cas-multitenancy/ Ray On Fri, 2024-02-02 at 21:10 -0800, Pablo Vidaurri wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I have a

Re: [cas-user] Couldn't build in Linux RHEL

:51:33 PM UTC+5:30 Ray Bon wrote: Amulya, See https://fawnoos.com/2022/07/22/cas66-ui-themes/ and https://fawnoos.com/2023/12/15/cas70x-gettingstarted-overlay/ Ray On Tue, 2024-01-30 at 22:01 -0800, Amulya Sri Pulijala wrote: Notice: This message was sent from outside the University of Victoria

Re: [cas-user] Re: SAML specify signing cert/key

There is also this on SP set up, https://apereo.github.io/cas/7.0.x/installation/Configuring-SAML2-DynamicMetadata.html#per-service Ray On Thu, 2024-02-01 at 10:45 -0800, atilling wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious

Re: [cas-user] Re: SAML specify signing cert/key

Cas creates metadata and certs when they do not exist. Create them and put them in that directory and cas will use your files. Ray On Wed, 2024-01-31 at 13:35 -0800, atilling wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with

Re: [cas-user] Re: Upload metadata - already registered?

. On Wednesday, January 31, 2024 at 1:56:37 PM UTC-5 Ray Bon wrote: Do you have git or authorization workflow enabled? There are two metadata properties (see line 142 https://github.com/apereo/cas-management/blob/6.6.x/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration

Re: [cas-user] Re: Upload metadata - already registered?

metadata/ On Tuesday, January 30, 2024 at 2:57:06 PM UTC-5 Ray Bon wrote: Try mgmt.metadata-dir= Ray On Tue, 2024-01-30 at 09:36 -0800, atilling wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. F

Re: [cas-user] Couldn't build in Linux RHEL

?? And specific functionality for them? Regards, Amulya On Wednesday, January 31, 2024 at 1:51:45 AM UTC+5:30 Ray Bon wrote: Amulya, Are you talking about the cas project or cas-overlay-template? Check your command (mind the '/' not '\'): ./gradlew clean build Ray On Tue, 2024-01-30 at 10:22 -0800

Re: [cas-user] Couldn't build in Linux RHEL

Amulya, Are you talking about the cas project or cas-overlay-template? Check your command (mind the '/' not '\'): ./gradlew clean build Ray On Tue, 2024-01-30 at 10:22 -0800, Amulya Sri Pulijala wrote: Notice: This message was sent from outside the University of Victoria email system. Please

Re: [cas-user] Re: Upload metadata - already registered?

Try mgmt.metadata-dir= Ray On Tue, 2024-01-30 at 09:36 -0800, atilling wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Further clarification after some experimentation. This only applies to

Re: [cas-user] Apache CAS 6.6.x Custom Captcha integration

Amulya, Review the code for recaptcha in the cas project. You may be able to use it as a starting point. See https://fawnoos.com/2020/10/22/cas63x-codebase-feature-build/ and the developer section of the docs https://apereo.github.io/cas/6.6.x/developer/Build-Process.html on how to create new

Re: [cas-user] how do i enable jdbc feature in CAS 6.6.12?

Yan, I have found that intellij will report errors/missing references but code compiles just fine. The build process with cas-overlay places files (compiled coded and resources) from src onto the prebuilt cas.war. I have not tried to replace jar files, so I am not sure how you would get those

Re: [cas-user] how do i enable jdbc feature in CAS 6.6.12?

Yan, Add your configuration class to src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports See https://apereo.github.io/cas/7.0.x/configuration/Configuration-Management-Extensions.html#register Ray On Fri, 2024-01-26 at 08:54 -0800, Yan Zhou

Re: [cas-user] Hazelcast not working for single node/non-clustered environment - 6.5.8

Hazelcast failed to start. On Friday, October 7, 2022 at 9:14:57 PM UTC+5:30 Ray Bon wrote: Anusuya, ldaptive is for your ldap connection. Check those settings. Ray On Fri, 2022-10-07 at 00:48 -0700, Morning Star (vidivelli) wrote: Notice: This message was sent from outside the University of Victoria

Re: [cas-user] Re: Migrating services from version 5 to 6

janv. 2024 à 06:16, Ray Bon mailto:r...@uvic.ca>> a écrit : To get a list of all properties (and some defunct ones) run: ./gradlew exportConfigMetadata During startup, cas logs properties that are deprecated and prints out the current property key. You are upgrading to 7 and not 6, right

Re: [cas-user] Re: Migrating services from version 5 to 6

To get a list of all properties (and some defunct ones) run: ./gradlew exportConfigMetadata During startup, cas logs properties that are deprecated and prints out the current property key. You are upgrading to 7 and not 6, right? Ray On Fri, 2024-01-19 at 11:23 -0800, atilling wrote: Notice:

Re: [cas-user] CAS 7 and OIDC problems

Let us try this again. Cas does not need to know about appserver.my.domain; only HAProxy needs this. cas.server.scope=public.my.domain cas.server.name=https://${cas.server.scope} cas.server.prefix=${cas.server.name}/cas cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc Are you missing this

Re: [cas-user] CAS 7 and OIDC problems

-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from

Re: [cas-user] casSimpleMultifactorAuthenticationTicketsCache table name as a property

-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from

Re: [cas-user] cas redirect url has special characters like '#'

Benny, Something is amiss with your service URL service=http://localhost:9280/cas/login... The service parameter is the URL of the protected application. Assuming 8881 is your cas server, your url should look like (perhaps with more characters escaped)

Re: [cas-user] Re: Duo MFA behavior on CAS 7

Jeremiah, Could a URL rewrite (that strips :8443) work? After updating metadata ... Ray On Fri, 2024-01-05 at 12:40 -0800, Jeremiah Garmatter wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Re: [cas-user] Duo MFA behavior on CAS 7

Jeremiah, It is simpler to change cas to run on 443 instead, i.e. no port specified. (One bit of work for you instead of many bits of work for all service providers). Cas does not need to know the port if you are forwarding. We front our tomcat (running 8443) with apache (default ports) which

Re: [cas-user] Force a user session to expire

Mark, If you are talking about a service that insists that the user log in, the service should send the renew parameter https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#211-parameters If you are talking about administratively ending an SSO session, there are

Re: [cas-user] Re: cas 7.0.0-RC9 - slow groovy ?

g 9 seconds (creating groovy object) 2023-12-13 08:10:59,307 TRACE [org.apereo.cas.util.scripting.ScriptingUtils] - commment: script run in 11ms 2023-12-13 08:10:59,318 DEBUG [org.apereo.cas.authentication.principal.resolvers.InternalGroovyScriptDao] - wtorek, 12 grudni

Re: [cas-user] CAS as SP using SAML?

Yan, Cas is not an application that you 'log in to', but an application that 'logs you in'. If you want to build this capability, pac4j, which is part of cas, can act as a service provider. Thought I do not know if it can be configured to handler more than one service. (If you do this once,

Re: [cas-user] Re: cas 7.0.0-RC9 - slow groovy ?

artur, Where does the additional metadata come from? That script looks very basic. You could put a timer around each statement in the script to see which one(s) takes a long time. Ray On Tue, 2023-12-12 at 02:19 -0800, artur miś wrote: Notice: This message was sent from outside the University

Re: [cas-user] CAS 6.6.12 compiler error, though jars are in classpath

of Victoria email system. Please be cautious with links and sensitive information. gradlew --debug clean build, i am using Gradle 7.6, JDK11, on Windows. basically, everything comes with Overlay project, other than I am adding my own classes. On Monday, December 11, 2023 at 12:31:50 PM UTC-5 Ray

Re: [cas-user] CAS 6.6.12 compiler error, though jars are in classpath

Yan, What is your build command / process? Ray On Mon, 2023-12-11 at 07:01 -0800, Yan Zhou wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. HI, i am using CAS 6.6.12 overlay, new to Gradle, so

Re: [cas-user] app not authorized error with IdP initiated SAML SSO

on /idp/profile/SAML2/Unsolicited/SSO, this does Not accept HTTP POST, it expects GET, But IdP initiated flow always does POST since SAML response is included. I hope that makes sense. Yan On Monday, December 4, 2023 at 2:46:08 PM UTC-5 Ray Bon wrote: Yan, Could you configure IdP initiated

Re: [cas-user] Using the username field pre-authentication to do home realm discovery?

Sean, If you have multiple authentication sources (cas.authn. properties), cas will check each one for the username, and stop when when authn completes. This will work if each username is unique across realms or you can put authn sources in an order that would catch users, in multiple realms,

Re: [cas-user] app not authorized error with IdP initiated SAML SSO

Yan, Could you configure IdP initiated login to redirect to appB rather than cas? fails due to the following, Is something missing after this? Ray On Mon, 2023-11-27 at 11:36 -0800, Yan Zhou wrote: Notice: This message was sent from outside the University of Victoria email system. Please be

Re: [cas-user] Re: CAS 5.3.16 loses service reference for SAML SP with ForcedAuth when CAS uses Delegated Auth

with the method you mentioned but will review it once I am back in front of my computer. Thanks, Justin From: Ray Bon Sent: Wednesday, November 22, 2023 1:40:45 PM To: cas-user@apereo.org Cc: isenh...@gmail.com Subject: Re: [cas-user] Re: CAS 5.3.16 loses service reference

Re: [cas-user] Re: CAS 5.3.16 loses service reference for SAML SP with ForcedAuth when CAS uses Delegated Auth

Justin, Loggin out of the SP does not necessarily log out of cas (SLO is messy business). If ForceAuthn is not forcing authentication, that should be your focus. Perhaps cas is not sending ForceAuthn to the delegated authn server, or perhaps the delegated server is ignoring it. Why does

Re: [cas-user] CAS 5.3.16 loses service reference for SAML SP with ForcedAuth when CAS uses Delegated Auth

Justin, Upgrading very likely will solve this problem (as well as provide a great deal more benefit). Customizing old code adds technical debt. Ray On Tue, 2023-11-21 at 11:41 -0800, Justin Isenhour wrote: Notice: This message was sent from outside the University of Victoria email system.

Re: [cas-user] Doubt about mappedAttributes configuration in 6.6.13

Jorge, You can map attributes with the retrieval mechanism. https://fawnoos.com/2023/10/21/cas70x-dbauthn-tutorial/ shows a jdbc example. And you can set names on a per service basis, https://apereo.github.io/cas/6.6.x/installation/Configuring-SAML2-Attribute-Release.html and links within.

Re: [cas-user] how to custom service registry

Night, This might be the replacement, JpaServiceRegistry It looks like the docs have not changed the name since the class no longer exists. Ray On Sat, 2023-11-18 at 06:30 -0800, Night King wrote: Notice: This message was sent from outside the University of Victoria email system. Please be

Re: [cas-user] CAS 6.6.9 Hazelcast and Ticket Registry errors

Sathish, Your async-backup-count and backup-count have non default values. Is it possible these values are causing hazelcast to consume memory? Try using default values to see if memory use improves. You can monitor the JVM with JDK Misson Control or jConsole. Ray P.S. To keep your config

Re: [cas-user] Allow REST login, but prohibit web login

Ben, This policy would prevent a login _after_ the REST session was established, https://apereo.github.io/cas/6.6.x/authentication/Configuring-Authentication-Policy-UniquePrincipal.html There is also a custom groovy script option,

Re: [cas-user] Re: Implementing ORCID auth: Problem with cas.authn.pac4j.oauth2[0].profile-url

Aleix, That documentation is _very_ old. There have been a lot of changes to cas since 2014; not the least of which is the change from org.jasig to org.apereo. Reading that document may provide some general understanding. You can increase the logging level [debug|trace] to see what classes are

Re: [cas-user] Re: Implementing ORCID auth: Problem with cas.authn.pac4j.oauth2[0].profile-url

And this property warn Ray On Wed, 2023-11-08 at 07:44 -0800, Aleix Mariné wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. So, I have found

  1   2   3   4   5   6   7   8   9   10   >