Hi,
I'm following CAS project 4.2.x branch to use an access token and tgt.
In this branch, it seems refresh token is not supported.
So, for development purpose, I want to make a non-expiring access token.
However, the access token's expiration is related to tgt expiration policy.
Hi,
We already generate JWTs for the OpenID Connect protocol so for sure, it's
feasible.
For example, you can create some controller to return a JWT generated by
pac4j based on the CAS user identity. Replacing the service ticket
validation by a returned JWT would be more work.
Thanks.
Best
1) I need to register and unregister clients dynamically at the runtime.
How can I do it?
https://openid.net/specs/openid-connect-registration-1_0.html
2) How can I configure claims that OIDC server will return to the client?
Can I add my custom claims?
As I said earlier, this works for the LDAP attributes but doesn't merge with
the JDBC ones (no query sent).
See this section:
https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-attributes
> If no other attribute source is defined and if
The link below describes the dynamic registration.
Does CAS support the static registration?
I supposed the JSON example related to the static registration.
Yes. That’s it. The dynamic part is the “REST API” you had in mind which isn’t
implemented, but would be trivial to do so.
2) Is it
Hi,
Is below link to the management webapp?
https://github.com/apereo/cas-services-management-overlay/tree/5.0
On Tuesday, October 18, 2016 at 6:09:51 PM UTC+3, Misagh Moayyed wrote:
>
> Yes, via the management webapp.
>
>
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list
Hi Jerome,
Thanks for your response. Where do I plugin this controller to replace the
original ticket generation inside CAS??
Regards
Ajay
On Tue, Oct 18, 2016 at 1:08 AM, Jérôme LELEU wrote:
> Hi,
>
> We already generate JWTs for the OpenID Connect protocol so for sure,
Thanks, I think I see better the logic; but I've just tried and if I
comment the attribute part of the LDAP authentication it fails to
authenticate:
2016-10-18 16:27:33,579 DEBUG
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - LDAP authentication for egunyar>
> 2016-10-18
Not sure if I should be concerned about deprecated warnings but I thought I
should mention it. Maybe it's my config but I don't see those settings
listed. Have not enabled encryption (yet).
WARN [com.hazelcast.config.MapConfig] -
cas.properties
# hazelcast ticket cache replication
Cool. File an issue please.
From: "Tom Mendenhall"
To: cas-user@apereo.org
Sent: Tuesday, October 18, 2016 6:22:33 PM
Subject: [cas-user] CAS 5 RC4 snapshot Hazelcast warning
Not sure if I should be concerned about deprecated warnings but I thought I
should
Yes, via the management webapp.
From: "Michael"
To: "CAS Community"
Cc: "Misagh Moayyed"
Sent: Tuesday, October 18, 2016 5:53:07 PM
Subject: Re: [cas-user] OpenID Connect server
Thanks Misagh,
I still need a
Thank you for the insight, I removed the ldaptive dependency from my
pom.xml and this seemed to move my deployment farther.
On Mon, Oct 17, 2016 at 12:47 PM, Misagh Moayyed
wrote:
>
> 4.2.x runs with ldaptive 1.x by default. I recommend you don’t change that
> version.
This is caused by the HazelcastConfiguration.java calling a method that
.setEvictionPercentage(); when setting up the ticket map that has been
deprecated in version 3.7.1 that is now used. Nothing you change
externally, the class needs to be modified to not call that method.
On Tue, Oct 18,
File an issue please; include all details.
From: "kaphael"
To: "CAS Community"
Sent: Tuesday, October 18, 2016 6:27:01 PM
Subject: [cas-user] SAML2 support
Hi,
I'm using CAS 5.0.0.RC3-SNAPSHOT with SAML2 support.
Since this version I
Turn this back on:
cas.authn.ldap[0].principalAttributeId=sAMAccountName
Or blank it out.
If that doesn't work, you are welcome to file an issue.
From: "Erdal Gunyar"
To: "CAS Community"
Cc: "Misagh Moayyed"
Sent: Tuesday,
Thanks Misagh,
I still need a clarification.
Is the static registration supported at runtime?
I need to add and remove clients via static registration.
Thank you for your help,
Michael
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines:
Hi,
I'm using CAS 5.0.0.RC3-SNAPSHOT with SAML2 support.
Since this version I got an issue with authentication (authentication works
with RC1).
I think the issue comes from these
We like graphs and StatsD. So I would like to send the successful and
failed login attempts to StatsD. I'm trying to figure out where it would
be best to wire that in. I'm thinking events API, but would like to know
if there is a better place. I could just do it via Groovy script, but
once
I have MFA-Duo enabled globally, but this is complicating our scripted
regression testing. Rather than try to make it work with this right now,
I think it would be easier to try to make an exception for the service
definition used by our regression test (assuming that results in no Duo
checks
But it's not clear to me how they are actually used, or if there is in
fact a way to bypass MFA on a per-service basis.
Bypass rules cannot be done per service now. Certainly something that can be
added in a follow-up minor release perhaps. Some examples in the docs describe
typical use cases,
20 matches
Mail list logo