HI there,
CAS 6.6.x, delegated authN to IdP, such as CAS delegating to external IdP,
when user mapping is one-to-may.
For historical reasons, one person may have multiple usernames across apps
protected by the same CAS instance, these usernames map to the same
username on external IdP, thus
the [starting] app.
>
> For your Configuration class to be called, it needs to be added to
> src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
>
> Ray
>
> On Mon, 2024-05-06 at 10:04 -0700, Yan Zhou wrote:
>
> Notice: This m
Finally figured this out. The bean seems incorrectly named in the CAS
source code.
I will see if I can submit a fix.
Yan
On Monday, May 6, 2024 at 9:49:45 PM UTC-4 Yan Zhou wrote:
> My thought is that this bean ( jdbcPasswordChangeService) is already
> created somehow, see below logs,
ain]
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<== do Not know who created it.
2024-05-06 12:23:41,836 DEBUG [restartedMain]
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
any idea to find out who created this instance?
On Monday, May 6, 2024 at 11:53:07 AM UTC-4 Ya
Hi,
CAS 7.1.0 overlay, I need to override password change implementation, using
my own PasswordManagementService.
I basically want to provide my own impl. of
JdbcPasswordManagementConfiguration.
See below QuestCasConfiguration,
also defined in META-INF/spring/...AutoImports
hello,
CAS 6.6 MFA trusted device implementation, the doc says Device
Fingerprint's default is:
- Randomly generated cookie plus the client IP (default)
But in cas.properties have this as default:
cas.authn.mfa.trusted.device-fingerprint.client-ip.enabled=false
1, what is the default
r-interface-customizations
>
> Ray
>
>
>
> On Fri, 2024-04-12 at 11:08 -0700, Yan Zhou wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hello,
>
&g
Hello,
I am new to Intellij, and is using CAS7 overlay project. I imported it into
Intellij. I was unable to load classes and html files in
cas-server-support-thymeleaf.
See screen shot, in my project, thymeleaf is correctly listed on
compileClassPath on the right, but not listed in External
Hi,
Two webapps, both protected by CAS. user is in both apps via SSO.
when user idle timeout kicks in, he is also logged out of CAS, i believe
this is the correct behavior. Otherwise, after idle timeout, simply
accessing B will get user in right away, which is a security problem. say,
User
Hi Mike,
How is it going now? did you ever make it work?
Mine is 6.6.x, it should be functional equivalent to CAS7 as far as this
code is concerned, i am getting "Unable to connect to " message. I
verified that i am using Redis Standalone config, which is suitable for
Azure Cloud for
Hi,
CAS 6.6.x with MFA. After I correctly enter user credentials, I will be
asked for a code, if that fails, CAS shows casMfaDeniedView.
The following CAS code (if user enters incorrect code) simply takes user
back to MFA login page, so that user can retry. I would not want users to
have
Hi there,
CAS 6.6.12 on ActiveDirectory authN, Seeing this error intermittently.
I can login successfully and authN works correctly, but seeing errors
fairly often, not sure what they mean. It seems AD is closing the
connection unexpectedly, but why?
thanks!
>> lombokVersion=1.18.30
>> ...
>>
>> In build.gradle:
>>
>> compileOnly "org.projectlombok:lombok:${lombokVersion}"
>> testCompileOnly("org.projectlombok:lombok:${lombokVersion}")
>>
>> If the library is included in c
Hello,
cas.log complains, it cannot find jdbc driver class, but it exists in
cas.war and also declared in gradle dependency. Can anyone suggest what to
do?
thanks!
I have a CAS 6.6.12 overlay, in build.gradle, i have the following:
implementation "org.apereo.cas:cas-server-support-jdbc"
HI there,
with CAS 6.6.x overlay, I need to create my own authentication handler,
which uses Apache Shiro's hash service, etc., it comes with CAS, but I have
to explicitly list them in my project dependency so my code can compile.
looks like the following, Note that I first find out CAS is
it treats your configuration
>> class.
>> This logger may also help
>>
>>
>>
>>
>> Did you create your authenticator from scratch (as described in
>> https://fawnoos.com/2017/02/02/cas51-authn-handlers/)
>> <https://fawnoos.com/2017/02/02/ca
rt-${it}"
}
projectsToAdd.each {implementation it}
}
}
On Friday, January 26, 2024 at 1:44:58 PM UTC-5 Mohamed Amdouni wrote:
> Hi,
>
> Did you tried to add the driver dependency ?
>
> cas-server-support-jdbc-drivers
>
>
>
>
> Le ven. 26 janv. 2024 à 18:42,
Hi there,
I maybe missing something obvious.
I created my own JDBC-based authenticator, I noticed that the JDBC
authentication is Not registered, so login does not load jdbc-authenticator
at all.
set breakpoint in CasJdbcAuthenticationConfiguration, it is not called
during CAS start-up.
HI there,
I have CAS delegated authN via SAML working. But I have trouble getting a
much simpler flow to work.
I would like CAS to act as a SAML2 ServiceProvider, it accepts a HTTP POST
with SAML Response (user is already authenticated by another Idp such as
Okta, which Posts SAML response to
Ray
>
> On Mon, 2023-12-11 at 07:01 -0800, Yan Zhou wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> HI,
>
> i am using CAS 6.6.12 overlay, new to Gradle, s
HI,
i am using CAS 6.6.12 overlay, new to Gradle, so I maybe missing something
obvious.
I need to create my own authentication handler class, so, In my
build.gradle, I added:
implementation "org.apereo.cas:cas-server-core-authentication-api"
implementation
well, figured out after careful reading of the console logs.
I accidentally deleted the temp folder under tomcat, the initial start-up
failed.
Yan
On Wednesday, December 6, 2023 at 11:02:45 AM UTC-5 Yan Zhou wrote:
> Hi there,
>
> this is very odd, but I cannot figure this o
to the following,
Is something missing after this?
Ray
On Mon, 2023-11-27 at 11:36 -0800, Yan Zhou wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi,
I am on CAS 6.4.x. Two apps, appA
Hi there,
this is very odd, but I cannot figure this out. I am setting up SAML and
Delegated AuthN on CAS.
I am on CAS 6.4.6.6, it works on Linux servers, but on my Windows laptop,
CAS starts up with this error.
I confirmed that it is loading the right cas.properties on Windows, as
long
Hi,
I am on CAS 6.4.x. Two apps, appA, authenticated by Okta, and appB,
authenticated by CAS, cas delegates authN to Okta for appB.
This is working correctly: I login to appA via Okta, when I got to appB
URL, SSO happens. If I go straight to appB without login to Okta first,
delegated
never mind, we had the same class brought by another 3rd party dependenceis.
Yan
On Thursday, November 2, 2023 at 1:46:23 PM UTC-4 Yan Zhou wrote:
>
> I looked at the code. it seems that either 1.15 or 1.16.0, both should
> work.Not sure why we get NoSuchMethod error.
>
>
tool.com/sp_metadata.php
>
> Ray
>
> On Tue, 2023-10-24 at 13:15 -0700, Yan Zhou wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi there,
>
> I am using
, CodecPolicy.STRICT);
* @since 1.15
*/
public Base64(final int lineLength, final byte[] lineSeparator, final
boolean urlSafe,
final CodecPolicy decodingPolicy) {
On Thursday, November 2, 2023 at 1:40:43 PM UTC-4 Yan Zhou wrote:
> Hi there,
>
> CAS 6.4.6.6 overlay,
Hi there,
CAS 6.4.6.6 overlay, using CAS for SAML delegated authN, getting this error
when go to /cas/login page, while it is generating CAS sp-metadata.xml
CAS comes with commons-codec-1.15.jar, one some RHEL, I had success with
replacing it with commons-codec-1.16.0.jar, but it still fails
Hi there,
I am using CAS 6.4.6.6 for delegated authN using SAML, CAS delegates authN
to Okta. I run into a strange error, on Windows, this works fine (i.e.,
once I point to /cas/login, it generates SP metadata and keystore), but on
Linux, CAS does not generate SP meta data and SP keystore. I
hello,
for historical reasons, our CAS set-up needs to support accepting an
incoming SAML Assertion (validate, etc.) from HTTP request parameter,
perform authentication as the user principal in the incoming SAML
assertion, basically, we trust the SAML authN done by our vendor earlier,
and
there is that I thought about CAS delegated authN to Okta has
been working, how did that carry signature, and I also saw the property.
Thx!
On Monday, September 11, 2023 at 1:44:33 PM UTC-4 Yan Zhou wrote:
> HI,
>
> Looks like CAS already performed logout (TGC cookie is already removed)
s a bad actor from
> creating false logouts.
> 'Validate SAML requests with signature ... ' is for the log in request.
>
> When your client app sends a logout request to cas, does cas (as IdP) end
> its session with the client?
>
> Ray
>
> On Fri, 2023-09-08 at 13:18 -070
to
> /cas/login. In your case, cas should redirect to the remote IdP.
> The cas endpoints are described here,
> https://apereo.github.io/cas/6.6.x/authentication/OIDC-Authentication.html
> (though
> I note that the protocol differs from what my client is doing above and
> sa
Hi,
I have almost completed SAML delegated authN with CAS and Okta, CAS
delegates to Okta, except for SLO.
When client app initiates SLO, it goes to CAS, CAS redirects to Okta, but
Okta says "invalid signature", the SAML Logout request from CAS has no
signature element. See below.
I
ere the login takes
> place. It should only know about cas. That way you can change the upstream
> IdP in cas and not have to make changes to your client.
>
> Ray
>
> On Fri, 2023-08-25 at 11:49 -0700, Yan Zhou wrote:
>
> Notice: This message was sent from outside the
Hi,
This is my environment:
CAS 6.6.x, SAML2 delegated authN, SpringBoot app -> CAS -> Okta (CAS
delegates to Okta, CAS is a SP to Okta, Okta is IDP).
one trouble I have is on client app side, it needs to specify IDP, which
should be CAS, but I do not know what should be the CAS SSO
HI there,
I am a bit confused with a couple configuration.
Say, client app (bootsp2) wants to authN against CAS 6.6.x via SAML2,
which delegates to Okta IDP using SAML2.
CAS starts up fine, generates meta data for SP as well.
1. my CAS login page, under External Provider, shows "bootsp2",
tIdFromSessionStore(webContext, client, clientId,
CasClient.class, CAS_CLIENT_ID_SESSION_KEY);
LOGGER.debug("Located delegated client identifier [{}]", clientId);
return clientId;
}
If you know whether I missed anything, I would love to know. I still do
not understand why I cannot just u
tion.populateContextWithService(DelegatedClientAuthenticationAction.java:205)
~[cas-server-support-pac4j-webflow-6.6.9.jar!/:6.6.9]
at
On Tuesday, August 15, 2023 at 9:39:52 AM UTC-4 Yan Zhou wrote:
> Thanks Ray, making some progress, I now see the SP Meta data and
> keystore being generated.
>
> for del
.serviceProviderEntityId
> are for cas as a service provider metadata, not the destination
> application.
>
> https://apereo.github.io/cas/6.6.x/integration/Delegate-Authentication-SAML.html
>
> Ray
>
>
> On Mon, 2023-08-14 at 12:25 -0700, Yan Zhou wrote:
>
> Notice: This mes
en SPs and IdPs.
>
> Ray
>
> On Fri, 2023-08-11 at 13:42 -0700, Yan Zhou wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hi there,
>
> When CAS i
Hi there,
When CAS is the SAML2 IDP, I am able to run a client app authenticating
successfully. But have trouble when CAS delegates authN to Okta (cas is
set up as a SP in Okta)
Client app runs on localhost:8081, CAS 6.6.x runs on localhost:8443,
delegate to Okta SAML2 IDP.
Here is
Hi there,
My organization is asking: who are using CAS out there? that is one of the
key factors for commercial companies to consider for adoption.
several years ago, we had a survey on this, is there a recent survey? the
survey I mentioned listed industries such as university, healthcare,
github.com/apereo/cas-overlay-template
>
> Ray
>
> On Mon, 2023-07-17 at 12:15 -0700, Yan Zhou wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> HI
>
> i follo
HI
i followed doc to this step, but not sure why it failed. I am on Windows
and using CAS 6.6.9. it built fine, but when running in embedded tomcat,
run into error.
not sure what it tries to do in /etc/cas/templates, I am on Windows, so I
am hoping to find where it is specified and change it
hi there,
i am following CAS doc to setup Intellij to start up CAS via embedded
tomcat container, but keeps getting this error.
I do not understand why it keeps saying the bean is already registered..
thanks in advance!
Yan
here is the output console.
"C:\Program
The kid then appears on the endpoint.
>
> Thanks,
> Carl Waldbieser
> ITS
> Lafayette College
>
> On Tue, Mar 7, 2023 at 12:13 AM Yan Zhou wrote:
>
>> Hi,,
>>
>> CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem with
>> its
Hi,
We are using CAS 6.4.6.6, I still find this is the case, RT is removed
(We like it to expire in 7 days), but it was removed after 8 hours, because
the underlying TGT expired, which is default to 8 hours.
i did not understand why Logout behavior would affect RT retention when TGT
is
Hi,,
CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem with
its missing fields such as alg, kid, and use.
Anyone knows how to show these fields in JWKS? They showed us what Okta
and Google OIDC provider presents, yes, they do have these fields.
This probably affects OIDC
UTC-4 Ray Bon wrote:
> Yan,
>
> Copy RegisteredServiceResponseHeadersEnforcementFilter into your project
> and modify it. The build will replace the cas version with yours.
> You may need to add some compile dependencies to build.gradle.
>
> Ray
>
> On Mon, 2022-10-
Hi there,
this following validation is new in CAS6.x
OIDC endpoint: cas/oidc/token (request access token using authCode)
OAuth20AuthorizationCodeGrantTypeTokenRequestValidator
the log says it all, if authCode is expired, it will attempt to revoke all
access tokens issued to the authCode
)
at
com.hazelcast.map.impl.recordstore.DefaultRecordStore.forEach(DefaultRecordStore.java:278)
at
com.hazelcast.map.impl.recordstore.DefaultRecordStore.forEach(DefaultRecordStore.java:261)
On Monday, February 28, 2022 at 11:11:44 AM UTC-5 Yan Zhou wrote:
> Hi there,
>
> Anyo
Hi there,
Anyone having to deal with token/ticket storage that require serializing
CAS objects like Hazelcast?
For instance, TGT, ST, OIDC RT/AT all go to Hazelcast ticket registry,
which requires to serialize any objects put on IMap.
Would I have to package all jars containing these class
Hi there,
I am using CAS 6.4.4, OIDC flow with custom scope and attributes
This is what I expected to see: if authHandler puts in attributes (mapped
to claims) required by the scope, access token introspection will show the
token has that scope, otherwise, it will not show the scope.
For
Hi there,
CAS 6.4.x. we have global MFA turned on for all requests, but we want our
SSO traffic to skip MFA. I run into problem with CAS looking for
simple-mfa during our SSO login flow. I followed the CAS' source on token
authentication, but has not found a solution.
The following are
Hello,
I am using CAS6.4 overlay. I package the war and deploy to tomcat.
cas-server-webapp-tomcat-6.4.0-RC6.jar has log4j2.xml that points to
/tmp/logs.
I have already set this in my cas.properties.
# mine is Windows
logging.config=c://apache-tomcat-cas6/lib/cas6/log4j2.xml
the
Hello,
I see this in 6.4 RC4.I use Hazelcast, I see connections made but
tickets do not go into HZ. is that because they are still in memory?
Yan
On Monday, July 19, 2021 at 12:38:11 PM UTC-4 Ray Bon wrote:
> Jeremy,
>
> I see this in cas 6.3.4 as well.
>
> Ray
>
> On Mon, 2021-07-19 at
Hi,
I noticed this in CAS4.x and CAS5.x. CAS is built on Spring Webflow, it
should automatically prevent double submission, but on my CAS overlay, it
does not.
After form submits (such as Login, Password Reset), if the action takes
longer to complete, and user clicks again before the Post is
use instead?
>
> On Thursday, May 13, 2021 at 5:42:23 PM UTC-5 Yan Zhou wrote:
>
>> Hello,
>>
>> I am about to give up, and stay with jdbcTemplate. I am unable to get
>> Spring JPA Data Repository to work with CAS 6.4 snapshot.
>>
>> This is my CasWebApp
t; Any help would be appreciated.
>
> -psv
>
> On Tuesday, May 11, 2021 at 8:43:05 AM UTC-5 Yan Zhou wrote:
>
>> Hello,
>>
>> CAS uses Spring JdbcTemplate, it does not use Spring JPA Data Repository.
>> I was able to easily add that in CAS 5.3, but
Hello,
CAS uses Spring JdbcTemplate, it does not use Spring JPA Data Repository. I
was able to easily add that in CAS 5.3, but run into difficulty with CAS
6.3.
The Spring JPA Data Repository allows me to define interface and Spring
provides beans that implement them and Spring cares for all
Hello,
Does CAS5.x or CAS6.x support OIDC for native Mobile apps that does not use
Web View, instead, using REST API, etc.?
I thought CAS would always require a webview since it needs to present the
login page?
Thanks,
Yan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
Hi there,
CAS 5.3.x. oidc flow.
it works well with authorization code flow. does it support "hybrid flow",
i.e., the response type is "code token" or "code id_token".
I am getting "application not authorized to use CAS" error.
Is this by design?
2021-03-07 04:40:24,173 WARN
Hi there,
I am aware of the CAS dashboard UI, I am looking for a user-oriented UI
that provide common security mitigations.
remote logout, login history
For instance, when user no longer has access to a device (mobile phone), he
can initiate logout from another device. And, he or an admin
Hello,
We noticed an issue on CAS 5.3 with OIDC. I finally realized what maybe
going on, but do not have a solution.
App uses CAS for authentication via OIDC, App redirects to CAS login page.
When people bookmark the apps, the first opportunity they have is the CAS
login page, the URL
Hello,
We are running CAS 5.3.x on Tomcat9. One of our clients uses OIDC.
Intermittently, after login, instead of getting into the app's landing
page, they got redirected to the root context, which is the Tomcat page.
What I noticed is at the end: 2021-01-20 23:31:49,158 DEBUG
7:09:35 PM UTC-5 richard.frovarp wrote:
> Why are you trying to POST to the login URL? It looks like this isn't
> the POST from the login page? What do the CAS logs say?
>
> On Thu, 2021-01-21 at 15:27 -0800, Yan Zhou wrote:
> > Hello,
> >
> > i am using CAS 5.3.X,
Hello,
i am using CAS 5.3.X, but I think the same would apply to CAS4 or CA5.
https://.MyCASEndPoint,,>/cas/login">
In browser, when I submit this form, I get 403,
But, when I use PostMan, it returns CAS login page.
I do not understand why in browser (FF and Chrome), I am getting
emember, cas is THE point of security to all your apps.
>
> Ray
>
> On Fri, 2020-11-20 at 12:24 -0800, Yan Zhou wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
cas/6.2.x/planning/Security-Guide.html#protocol-ticket-encryption,
>
> for encryption options.
>
> Ray
>
> On Thu, 2020-11-19 at 14:07 -0800, Yan Zhou wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cauti
Hello,
is there any user info. being stored in TGT and ST? I would think so, I
see Authentication being part of TGT.
Due to some security policy, we are asked whether we need to encrypt TGT
and ST, because there is User Auth info., it sounds like we should encrypt
it.
Does that sound
hi there,
I am having trouble understanding CAS5.3 claim/scope mapping. My JS app
uses OIDC to authenticate against CAS5, customers login with their
credentials (using the implicit grant type).
let us say, I have two custom-defined scope: questCAS and questExtra.
Anyone logged in
uly 28, 2020 at 1:47:56 PM UTC-4, Yan Zhou wrote:
>
> Hi there,
>
> oidc/logout. with post_logout_redirect_uri
>
is part of OIDC spec, but I do not see CAS 5.3 support that endpoint. It
> is not mentioned on the CAS OIDC documentation, either.
>
> Am I missing somet
Hi there,
oidc/logout. with post_logout_redirect_uri is part of OIDC spec, but I
do not see CAS 5.3 support that endpoint. It is not mentioned on the CAS
OIDC documentation, either.
Am I missing something?
Thx!
Yan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
Hello,
I have CAS5.3.x, and OIDC working.
I am setting up a client with scopes like "readUser" and "writeUser".
With a valid access token, at /introspect endpoint, I expect to see the
scopes defined in the service registry, but all I see is "openid", I am
missing all the other scopes
Hello,
CAS 5.3.9. oidc/introspect is returning incorrect value in "exp"
attribute. Spring framework (and others) after calling the introspect
endpoint, may consider the token invalid, because "exp" is before "iat".
It seems that "exp" is the time token expires, it should always be after
Hi,
I want to have an Angular App authenticate against CAS5.3.x. I set the
following properties in cas.properties.
When launching app from my localhost:4200, i see this error, when my
Angular App tries to redirect browser to CAS5 login page,
Access to XMLHttpRequest at '
Hi there,
CAS5.3.x overlay. It looks like we have to build it into a WAR file first,
then either run it as an executable WAR or deploy to external container.
There is also a way to run CAS as an executable WAR via Spring Boot's maven
plugin, but that requires NO change to CAS dependencies,
Hi there,
CAS5 supports Redis sentinel. When seeing Redis in this group, I am
assuming it is all about Redis Sentinel.
Has anyone integrated CAS5 with Redis Labs (the commercial offering of
Redis clustering)?
Thx!
Yan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
Hello,
I have done both CAS4 and CAS5 overlay development. CAS5 start up seems
much longer (I already set it to use embed mode, i.e., not look for
configuration from remote server, everything is local), close to 3
minutes. In addition, since I had to add additional dependencies in CAS
POM,
Hello,
CAS5's hazelcast module does not seem to support Hazelcast Management
Center. The properties does not include URL for mancenter, etc.
How do I extend CAS hazelcast support so that I can set additional
properties under hazelcast Config class?
Thx!
Yan
--
- Website:
Hello,
Documentation in CAS4/CAS5 both say it requires size 16 for webflow
encryption key.
However, for CAS4, it is 16 after base64 encoding, which means the key
itself is 12 bytes, correct? This seems to be corrected in CAS5, it is
using size 16 before base64 encoding, which is 24
Hi,
CAS 4.1.9, I need to modify hazelcast-ticket-registry.xml under
cas-server-integration-hazelcast jar, to add the following section.
How would I do that?
http://localhost:8080/hazelcast-mancenter}"/>
Hi,
We use CAS 4.1.9 and CAS 5.3. It has been running well in PROD., We are in
health-care industry and would like to look into commercial CAS support.
One of my biggest unknowns and fear is gaining visibility into CAS ticket
registry, hazelcast. If some of PROD users cannot login, it seems
Hello,
CAS 4.1.x, I wish to implement onSuccessfulValidation() when
/serviceValidate is successful.
How do I do this? see the documentation below.
/**
* Triggered on successful validation events. Extensions are to
* use this as hook to plug in behvior.
*
* @param
rn to the mock server, but I doubt it can ensure
> security or not.
>
> 在 2019年8月21日星期三 UTC+8上午4:51:40,Yan Zhou写道:
>>
>> Hello,
>>
>> Our organization wants to make sure customers can still use their apps,
>> in the event that CAS is down or unavailable (even thoug
Hello,
Our organization wants to make sure customers can still use their apps, in
the event that CAS is down or unavailable (even though we have HA, etc.).
The idea is to have CAS return password in encrypted format to some apps.
that is critical. When CAS is down, the app. can authenticate
Hello,
CAS 4.1.x, I want to override
org.jasig.cas.authentication.UsernamePasswordCredential so that I can
customize the validation logic.
This class is part of cas-server-core jar, If I simply recreate this class
in my overlay, I end up with two classes, one in WEB-INF/classes and the
other
Hello,
CAS5.3.X, one client uses CAS protocol and the other uses OpenId Connect.
Both Clients are SSO.
The openID connect client does not want to call /cas/logout, because they
prefer an OpenId Connect approach.
Does CAS provide logout for OpenId Connect clients? I do not see it,
2 AM UTC-4, rbon wrote:
>
> Yan,
>
> Do you mean they both try to come up with 5701 or the second one complains
> the port is already taken?
>
> Perhaps hazelcast tries to grab selection of ports. Maybe set one to 4701.
>
> Ray
>
> On Thu, 2019-07-11 at 07:26 -0700,
Hello,
CAS 5.3.x, using Hazelcast for ticket registry. Two CAS instances on the
same server A.
I was trying to avoid port conflict in cas.properties, so, one instances'
cas.properties look like this
cas.ticket.registry.hazelcast.cluster.members=A
;
> Ray
>
> On Thu, 2019-05-02 at 15:38 -0700, Yan Zhou wrote:
>
> Hello,
>
> CAS has a nice diagram explains CAS protocol, how it achieves SSO, by
> using cookie.
>
> With CAS5, I can achieve SSO with two clients, one speaking CAS protocol,
> the
Hello,
CAS has a nice diagram explains CAS protocol, how it achieves SSO, by using
cookie.
With CAS5, I can achieve SSO with two clients, one speaking CAS protocol,
the other speaking OpenID Connect.
How did CAS do that, is that by the use of cookie as well? I do not think
OpenID Connect
Hello,
CAS 4.1.x management app., JPA service registry, it generates table
RegisteredServiceImpl with column access_strategy as BLOB.
But management app does not have an UI to write to Access Strategy, it
defaults to two attributes, firstName and lastName, neither is what I want,
it does
Hello,
Say, one webapp using CAS protocol to authenticate against CAS 5.3,
another native mobile app uses OpenID Connect to authenticate.
When user gets into Mobile app, can he SSO to webapp?
Thx,
Yan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
ner, maybe it can manage session
> replication (tomcat can do this).
> Another, maybe less desirable option, perhaps the load balancer can look
> for /logout and broadcast to all members of the cluster.
>
> Ray
>
> On Tue, 2019-04-02 at 07:53 -0700, Yan Zhou wrote:
>
>
Hello,
CAS 5.3.x, CAS-management. I imported a OIDC service definition to UI.
Looks like this. But the UI is asking me to provide JSON Web KeyStore,
Encryption Algorithm, and Encryption Encoding Algorithm. What are these?
On both cas.properties and management.properties, I have defined
Hello!
CAS4, for SLO, CAS server POSTs (back-channel SLO) to each service to
perform SLO. It works because there is a CAS client in the application
that intercepts such SLO requests, it can find the app. session Id based on
the CAS service ticket Id.
Is there any requirement on the part
Hello,
I am able to get access token through /token endpoint, but I do not see a
way to get both refresh token and access token.
This is the response of CAS5 /token endpoint. I do not see refresh token
there. How do I get refresh token, either separately or get it returned
along with access
1 - 100 of 191 matches
Mail list logo