[cas-user] non-expiring tgt

Hi, I'm following CAS project 4.2.x branch to use an access token and tgt. In this branch, it seems refresh token is not supported. So, for development purpose, I want to make a non-expiring access token. However, the access token's expiration is related to tgt expiration policy.

Re: [cas-user] Regarding JWT and CAS Server

Hi, We already generate JWTs for the OpenID Connect protocol so for sure, it's feasible. For example, you can create some controller to return a JWT generated by pac4j based on the CAS user identity. Replacing the service ticket validation by a returned JWT would be more work. Thanks. Best

Re: [cas-user] OpenID Connect server

1)  I need to register and unregister clients dynamically at the runtime. How can I do it? https://openid.net/specs/openid-connect-registration-1_0.html  2)  How can I configure claims that OIDC server will return to the client? Can I add my custom claims?

Re: [cas-user] CAS 5: Changing the principal resolver in application.properties

As I said earlier, this works for the LDAP attributes but doesn't merge with the JDBC ones (no query sent). See this section:  https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-attributes   > If no other attribute source is defined and if

Re: [cas-user] OpenID Connect server

The link below describes the dynamic registration. Does CAS support the static registration? I supposed the JSON example related to the static registration. Yes. That’s it. The dynamic part is the “REST API” you had in mind which isn’t implemented, but would be trivial to do so. 2) Is it

Re: [cas-user] OpenID Connect server

Hi, Is below link to the management webapp? https://github.com/apereo/cas-services-management-overlay/tree/5.0 On Tuesday, October 18, 2016 at 6:09:51 PM UTC+3, Misagh Moayyed wrote: > > Yes, via the management webapp. > > -- CAS gitter chatroom: https://gitter.im/apereo/cas CAS mailing list

Re: [cas-user] Regarding JWT and CAS Server

Hi Jerome, Thanks for your response. Where do I plugin this controller to replace the original ticket generation inside CAS?? Regards Ajay On Tue, Oct 18, 2016 at 1:08 AM, Jérôme LELEU wrote: > Hi, > > We already generate JWTs for the OpenID Connect protocol so for sure,

Re: [cas-user] CAS 5: Changing the principal resolver in application.properties

Thanks, I think I see better the logic; but I've just tried and if I comment the attribute part of the LDAP authentication it fails to authenticate: 2016-10-18 16:27:33,579 DEBUG > [org.apereo.cas.authentication.LdapAuthenticationHandler] - LDAP authentication for egunyar> > 2016-10-18

[cas-user] CAS 5 RC4 snapshot Hazelcast warning

Not sure if I should be concerned about deprecated warnings but I thought I should mention it. Maybe it's my config but I don't see those settings listed. Have not enabled encryption (yet). WARN [com.hazelcast.config.MapConfig] - cas.properties # hazelcast ticket cache replication

Re: [cas-user] CAS 5 RC4 snapshot Hazelcast warning

Cool. File an issue please. From: "Tom Mendenhall" To: cas-user@apereo.org Sent: Tuesday, October 18, 2016 6:22:33 PM Subject: [cas-user] CAS 5 RC4 snapshot Hazelcast warning Not sure if I should be concerned about deprecated warnings but I thought I should

Re: [cas-user] OpenID Connect server

Yes, via the management webapp. From: "Michael" To: "CAS Community" Cc: "Misagh Moayyed" Sent: Tuesday, October 18, 2016 5:53:07 PM Subject: Re: [cas-user] OpenID Connect server Thanks Misagh, I still need a

Re: [cas-user] CAS Ldaptive connectTimeout java.time.Duration

Thank you for the insight, I removed the ldaptive dependency from my pom.xml and this seemed to move my deployment farther. On Mon, Oct 17, 2016 at 12:47 PM, Misagh Moayyed wrote: > > 4.2.x runs with ldaptive 1.x by default. I recommend you don’t change that > version.

Re: [cas-user] CAS 5 RC4 snapshot Hazelcast warning

This is caused by the HazelcastConfiguration.java calling a method that .setEvictionPercentage(); when setting up the ticket map that has been deprecated in version 3.7.1 that is now used. Nothing you change externally, the class needs to be modified to not call that method. On Tue, Oct 18,

Re: [cas-user] SAML2 support

File an issue please; include all details. From: "kaphael" To: "CAS Community" Sent: Tuesday, October 18, 2016 6:27:01 PM Subject: [cas-user] SAML2 support Hi, I'm using CAS 5.0.0.RC3-SNAPSHOT with SAML2 support. Since this version I

Re: [cas-user] CAS 5: Changing the principal resolver in application.properties

Turn this back on: cas.authn.ldap[0].principalAttributeId=sAMAccountName Or blank it out. If that doesn't work, you are welcome to file an issue. From: "Erdal Gunyar" To: "CAS Community" Cc: "Misagh Moayyed" Sent: Tuesday,

Re: [cas-user] OpenID Connect server

Thanks Misagh, I still need a clarification. Is the static registration supported at runtime? I need to add and remove clients via static registration. Thank you for your help, Michael -- CAS gitter chatroom: https://gitter.im/apereo/cas CAS mailing list guidelines:

[cas-user] SAML2 support

Hi, I'm using CAS 5.0.0.RC3-SNAPSHOT with SAML2 support. Since this version I got an issue with authentication (authentication works with RC1). I think the issue comes from these

[cas-user] Recording events to StatsD 5.x

We like graphs and StatsD. So I would like to send the successful and failed login attempts to StatsD. I'm trying to figure out where it would be best to wire that in. I'm thinking events API, but would like to know if there is a better place. I could just do it via Groovy script, but once

[cas-user] CAS 5 RC4: MFA-Duo bypass rules?

I have MFA-Duo enabled globally, but this is complicating our scripted regression testing. Rather than try to make it work with this right now, I think it would be easier to try to make an exception for the service definition used by our regression test (assuming that results in no Duo checks

Re: [cas-user] CAS 5 RC4: MFA-Duo bypass rules?

But it's not clear to me how they are actually used, or if there is in  fact a way to bypass MFA on a per-service basis. Bypass rules cannot be done per service now. Certainly something that can be added in a follow-up minor release perhaps. Some examples in the docs describe typical use cases,