date:20170815

Re: [cas-user] Is it possible in my app to allow only authorized user to use pac4j delegation to login

2017-08-15 Thread Misagh Moayyed

So you're saying: allow Peter to authenticate via Facebook, then come back to 
CAS, authenticate and verify credentials and then possibly reject Peter because 
he's not allowed? 

You cannot do this without changing source code, but it's strange that you 
present an option first only to possibly reject it later. It would be better if 
you tied that policy to a service record in CAS where you could then say: if 
you want to log into application X, you can use any of the following authorized 
providers (because there is code that knows what to authorize/prepare for each 
delegated scenario). Also requires code, but I submit it's the more sensible 
approach. 

--Misagh 


From: "Ng Sek Long"  
To: "CAS Community"  
Sent: Monday, August 14, 2017 7:59:25 PM 
Subject: [cas-user] Is it possible in my app to allow only authorized user to 
use pac4j delegation to login 

Hi all, and first of all, thanks in advance. Here's my problem: 

[ CAS version ]: 5.2.0-RC1 (I need features from this version) 

[ Background ]: 
My application used pac4j to allow user to login using for example Fb, Google 
Linkedin and such. 

[ Problem ]: 
However, only certain users that are authorized are allowed to login using 
those pac4j method. However, now I use pac4j as login method everybody can 
login. 

[ Question ]: 
Is it possible to allow only authorized user to use pac4j authentication? For 
example maybe I can use a database, which specified only Peter, Mary and John 
can use Fb to login. Then other random people cannot use pac4j as login method. 

[ Things I tried ]: 
I tried to configure this bean: "clientAuthenticationHandler" in 
"org.apereo.cas.support.pac4j.config.support.authentication", and I found out 
that nothing I can do that can implement what I need. 

I would like to edit this: ClientAuthenticationHandler -> doAuthentication, and 
add my customization, but it is not a bean. and I don't really want to replace 
any source code. 



Any help would be appreciated! 


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas 
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
- CAS documentation website: https://apereo.github.io/cas 
- CAS project website: https://github.com/apereo/cas 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f051eb3-3f84-4e48-aba8-45cdee90dab4%40apereo.org
 . 

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/322829933.3724913.1502816034949.JavaMail.zimbra%40unicon.net.

Re: [cas-user] CAS 5.1.2 step by step documentation

2017-08-15 Thread Bob Dill

Uxio,


Thank you for the suggested links. I will read through them shortly. We 
actually have a previous version of CAS installed. Unfortunately, the person 
that installed it left, and I cannot continue where he left off, so I am 
reinstalling and configuring everything from scratch. I suggestions are greatly 
appreciated, and I will get back with you shortly.


~ Bob


From: cas-user@apereo.org  on behalf of Uxío Prego 

Sent: Monday, August 14, 2017 8:23:32 AM
To: CAS Community
Subject: Re: [cas-user] CAS 5.1.2 step by step documentation

Make sure you already read and understood these articles from the maintainer.

https://apereo.github.io/2016/10/04/casbootoverlay/
https://apereo.github.io/2017/02/21/cas-autocfg-strategy/
https://apereo.github.io/2017/03/28/cas5-gettingstarted-overlay/

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues, 
business partners and third parties. Turn off automatic loading of images to 
hamper it.

2017-08-14 11:26 GMT+02:00 satheesh k 
>:
HI All,

We are implementing CAS 5.1.2 in our projct. I need to set up SSO with our 
application using CAS. I have read the documentation at 
https://apereo.github.io/cas/5.1.x/planning/Installation-Requirements.html
.We stuck on the implementation of CAS 5.1.2 in our project. Is there a 
step-by-step guide that will teach me how to perform these basic steps?

Thanks,
Satheesh. K

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/41a2f91f-fcbc-4b4d-8228-1d47ab672e68%40apereo.org.


--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKZFr%3DiazhMycknpFsT2GSg059s-d%3DjfUhgzB78qWOc3JA%40mail.gmail.com.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/666c2ad09c3849019c3dee8acb84ef7f%40cameron.edu.

RE: [cas-user] throttling cas 5.1.3

2017-08-15 Thread Nancy Snoke

It works.  Thank you Misagh.

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Misagh 
Moayyed
Sent: Tuesday, August 15, 2017 9:38 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] throttling cas 5.1.3

Blank out the setting for usernameParameter.

--Misagh


From: "Nancy Snoke" >
To: cas-user@apereo.org
Sent: Tuesday, August 15, 2017 7:17:14 AM
Subject: [cas-user] throttling cas 5.1.3

Hello Everyone,

I am setting up a CAS 5.1.3 and I am currently enabling throttling.  In the 
past (on 4.2 and below) I’ve always done by ip address and allowed 1 attempt 
every 3 seconds. There are several setting that I am not sure about that do not 
seem to be defined in the documentation.

I copied the following from the documentation.  I am unsure about how I tell it 
by ip address instead of username and ip address?
Also what is the appcode used for?

Thanks,
Nancy

cas.authn.throttle.usernameParameter=username
cas.authn.throttle.startDelay=1
cas.authn.throttle.repeatInterval=2
cas.authn.throttle.appcode=CAS

cas.authn.throttle.failure.threshold=1
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=3


CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain 
confidential, privileged and/or proprietary information which is solely for the 
use of the intended recipient(s). Any review, use, disclosure or retention by 
others is strictly prohibited. If you are not an intended recipient, please 
contact the sender and delete this e-mail, any attachments and all copies.

Permanent General Assurance Corporation | Permanent General Assurance 
Corporation of Ohio | The General Automobile Insurance Company, Inc. | Home 
Office: 2636 Elm Hill Pike, Nashville, TN 37214
--
- CAS gitter chatroom: 
https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: 
https://apereo.github.io/cas
- CAS project website: 
https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/66950f3ee70849cda4e7ba3f6f3ea9c3%40TGI-EX13MBX01.pgac.com.
--
- CAS gitter chatroom: 
https://gitter.im/apereo/cas
- CAS mailing list guidelines: 
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: 
https://apereo.github.io/cas
- CAS project website: 
https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2145729698.3705835.1502807891624.JavaMail.zimbra%40unicon.net.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e20ebdb33ada4c3ca30ee169faafa313%40TGI-EX13MBX01.pgac.com.

Re: [cas-user] Having issues w/ trustedDevice in 5.1.2

2017-08-15 Thread Matt Elson


> In any case, any help would be appreciated!

Just noting for future people potentially stumbling on this that this
got fixed up in 5.1.3 (commit 29d4fd6388969820e4631b2a2693cb8116a36f98
would be my guess).

The flow is going to the right place and the in memory storage is
working fine.

However, I'm currently having some trouble w/ JDBC and mysql (have tried
both available drivers, various dialects) - the DDL statement to create
the tables failed:

Caused by: java.sql.SQLSyntaxErrorException: You have an error in your
SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'varchar(255) not null, name
varchar(255) not null, principal varchar(255) not nu' at line 1

And if I create the table by hand (guessing at what the columns should
be), I get a similar error.

 [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] - https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0ed85c17-512e-325e-9a6e-201228c8b048%40fastmail.net.

[cas-user] CAS 5.1.x, Docker, github & tags

2017-08-15 Thread Chris Peck

Hi all,
I've created a small docker setup that builds and runs CAS in docker using
a multi-stage build, resulting image is about 173MB. We're planning on
using this to build & run our production CAS servers when we update to
5.1.x. Does this seem reasonable?  The github repo is at:
https://github.com/crpeck/cas-overlay-docker

The way it works is that the first stage clones the git repo from
https://github.com/apereo/cas-overlay-template (branch master), copies in
any overlay files, then builds cas.war using mvn clean package.  The second
stage copies in the warfile from the 1st stage, copies etc/cas into the
container and runs  java -jar cas.war
One thing that would be helpful is if releases to the cas-overlay-template
repo were tagged with the version, as in 5.1.3 would have a tag of 5.1.3,
5.1.4 would be tagged 5.1.4, that way when I go production I can clone
based on the tag I want.

Thanks,
Chris Peck

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFZ1tgYkyvhstENUFTJbTdRN5Dy9xw4BMS_xmQDALK%3DN8QOkhg%40mail.gmail.com.

Re: [cas-user] Is it possible in my app to allow only authorized user to use pac4j delegation to login

2017-08-15 Thread Ng Sek Long

Thanks for your suggestion! I don't mind editing cas source code if my use 
case is specific for me. Because of my use case, I think I will use the 
less elegant approach for now until I get time to implement the better 
approach.

-Andy

On Wednesday, 16 August 2017 00:53:59 UTC+8, Misagh Moayyed wrote:
>
> So you're saying: allow Peter to authenticate via Facebook, then come back 
> to CAS, authenticate and verify credentials and then possibly reject Peter 
> because he's not allowed? 
>
> You cannot do this without changing source code, but it's strange that you 
> present an option first only to possibly reject it later. It would be 
> better if you tied that policy to a service record in CAS where you could 
> then say: if you want to log into application X, you can use any of the 
> following authorized providers (because there is code that knows what to 
> authorize/prepare for each delegated scenario). Also requires code, but I 
> submit it's the more sensible approach.
>
> --Misagh
>
> --
> *From: *"Ng Sek Long" 
> *To: *"CAS Community" 
> *Sent: *Monday, August 14, 2017 7:59:25 PM
> *Subject: *[cas-user] Is it possible in my app to allow only authorized 
> user to use pac4j delegation to login
>
> Hi all, and first of all, thanks in advance. Here's my problem:
>
> [*CAS version*]: 5.2.0-RC1 (I need features from this version)
>
> [*Background*]:
> My application used pac4j to allow user to login using for example Fb, 
> Google Linkedin and such. 
>
> [*Problem*]:
> However, only certain users that are authorized are allowed to login using 
> those pac4j method. However, now I use pac4j as login method everybody can 
> login.
>
> [*Question*]:
> Is it possible to allow only authorized user to use pac4j authentication? 
> For example maybe I can use a database, which specified only Peter, Mary 
> and John can use Fb to login. Then other random people cannot use pac4j as 
> login method.
>
> [*Things I tried*]:
> I tried to configure this bean: "clientAuthenticationHandler" in 
> "org.apereo.cas.support.pac4j.config.support.authentication", and I found 
> out that nothing I can do that can implement what I need.
>
> I would like to edit this: ClientAuthenticationHandler 
> -> doAuthentication, and add my customization, but it is not a bean. and I 
> don't really want to replace any source code.
>
>
>
> Any help would be appreciated!
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f051eb3-3f84-4e48-aba8-45cdee90dab4%40apereo.org
>  
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/07ee04a7-fd96-4622-bd62-696275dcf5e6%40apereo.org.

[cas-user] throttling cas 5.1.3

2017-08-15 Thread Nancy Snoke

Hello Everyone,

I am setting up a CAS 5.1.3 and I am currently enabling throttling.  In the 
past (on 4.2 and below) I've always done by ip address and allowed 1 attempt 
every 3 seconds. There are several setting that I am not sure about that do not 
seem to be defined in the documentation.

I copied the following from the documentation.  I am unsure about how I tell it 
by ip address instead of username and ip address?
Also what is the appcode used for?

Thanks,
Nancy

cas.authn.throttle.usernameParameter=username
cas.authn.throttle.startDelay=1
cas.authn.throttle.repeatInterval=2
cas.authn.throttle.appcode=CAS

cas.authn.throttle.failure.threshold=1
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=3

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain 
confidential, privileged and/or proprietary information which is solely for the 
use of the intended recipient(s). Any review, use, disclosure or retention by 
others is strictly prohibited. If you are not an intended recipient, please 
contact the sender and delete this e-mail, any attachments and all copies.
Permanent General Assurance Corporation | Permanent General Assurance 
Corporation of Ohio | The General Automobile Insurance Company, Inc. | Home 
Office: 2636 Elm Hill Pike, Nashville, TN 37214

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/66950f3ee70849cda4e7ba3f6f3ea9c3%40TGI-EX13MBX01.pgac.com.

Re: [cas-user] throttling cas 5.1.3

2017-08-15 Thread Misagh Moayyed

Blank out the setting for usernameParameter. 

--Misagh 

From: "Nancy Snoke"  
To: cas-user@apereo.org 
Sent: Tuesday, August 15, 2017 7:17:14 AM 
Subject: [cas-user] throttling cas 5.1.3 

Hello Everyone, 

I am setting up a CAS 5.1.3 and I am currently enabling throttling. In the past 
(on 4.2 and below) I’ve always done by ip address and allowed 1 attempt every 3 
seconds. There are several setting that I am not sure about that do not seem to 
be defined in the documentation. 

I copied the following from the documentation. I am unsure about how I tell it 
by ip address instead of username and ip address? 

Also what is the appcode used for? 

Thanks, 

Nancy 

cas.authn.throttle.usernameParameter=username 

cas.authn.throttle.startDelay=1 

cas.authn.throttle.repeatInterval=2 

cas.authn.throttle.appcode=CAS 

cas.authn.throttle.failure.threshold=1 

cas.authn.throttle.failure.code=AUTHENTICATION_FAILED 

cas.authn.throttle.failure.rangeSeconds=3 

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain 
confidential, privileged and/or proprietary information which is solely for the 
use of the intended recipient(s). Any review, use, disclosure or retention by 
others is strictly prohibited. If you are not an intended recipient, please 
contact the sender and delete this e-mail, any attachments and all copies. 

Permanent General Assurance Corporation | Permanent General Assurance 
Corporation of Ohio | The General Automobile Insurance Company, Inc. | Home 
Office: 2636 Elm Hill Pike, Nashville, TN 37214 

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas 
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
- CAS documentation website: https://apereo.github.io/cas 
- CAS project website: https://github.com/apereo/cas 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/66950f3ee70849cda4e7ba3f6f3ea9c3%40TGI-EX13MBX01.pgac.com
 . 

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2145729698.3705835.1502807891624.JavaMail.zimbra%40unicon.net.

Re: [cas-user] Spring profiles

2017-08-15 Thread David Rodriguez Gonzalez

Ok, looks like it's solved.

The problem was the standalone profile. We have to specify the native one

Thanks a lot!!

On Mon, 14 Aug 2017 at 14:58 David Rodriguez Gonzalez <
davidrg131...@gmail.com> wrote:

> Giving you a bit more of information, having a look into
> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html 
> looks
> like what I want is "native" but, where should I place my config files?
> under cas/src/main/resources or in the standalone directory?
>
>
>
> On Mon, 14 Aug 2017 at 12:25 David Rodriguez Gonzalez <
> davidrg131...@gmail.com> wrote:
>
>> yeah, but why if I pass the first one, instead of the last one, through
>> command line args?
>> I have it working in a different project, so I was wondering if there is
>> something going on with CAS
>>
>> On Mon, 14 Aug 2017 at 12:21  wrote:
>>
>>> According to
>>> https://docs.spring.io/spring-boot/docs/current/reference/html/howto-properties-and-configuration.html#howto-change-configuration-depending-on-the-environment
>>>
>>> last active profile in a yaml document always wins.
>>>
>>> D.
>>>
>>>
>>>
>>>
>>> On Mon, Aug 14, 2017 at 5:15 AM -0400, "David Rodriguez Gonzalez" <
>>> davidrg131...@gmail.com> wrote:
>>>
>>> Hi everyone,

 We are setting up CAS 5.1.2 profiles in order to configure properties
 per environment.
 Although Spring is reading the profile we are passing through command
 line and that are properly defined in the application.yml, the last profile
 defined in the yaml file is chosen to get the properties from.

 Any ideas? How are you doing it?

 Thank you|
 David

 --
 - CAS gitter chatroom: https://gitter.im/apereo/cas
 - CAS mailing list guidelines:
 https://apereo.github.io/cas/Mailing-Lists.html
 - CAS documentation website: https://apereo.github.io/cas
 - CAS project website: https://github.com/apereo/cas
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+unsubscr...@apereo.org.
 To view this discussion on the web visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFGxCisLOL8eWAZjsSq4UDNXJHp%3DYi%3Dre8hfA0A8MhfXb7AgkA%40mail.gmail.com
 
 .

>>> --
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines:
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/D5BBD223FBD5BCE6.0124EC43-BCF3-4D6C-B93E-B34939EFA4D7%40mail.outlook.com
>>> 
>>> .
>>>
>>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFGxCivXpjhrW7Y4v2Y8eQJsFaBd2v0gsxqPGUSC8nAwsBj5yg%40mail.gmail.com.

Re: [cas-user] CAS 5.1.2 step by step documentation

2017-08-15 Thread David Rodriguez Gonzalez

+1

How to set up Spring profiles?

On Mon, 14 Aug 2017 at 11:26 satheesh k  wrote:

> HI All,
>
> We are implementing CAS 5.1.2 in our projct. I need to set up SSO with our
> application using CAS. I have read the documentation at
> https://apereo.github.io/cas/5.1.x/planning/Installation-Requirements.html
> .We stuck on the implementation of CAS 5.1.2 in our project. Is there a
> step-by-step guide that will teach me how to perform these basic steps?
>
> Thanks,
> Satheesh. K
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/41a2f91f-fcbc-4b4d-8228-1d47ab672e68%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFGxCivnX9Hzf3zRwcjVFLs4JVJHeJW_QurwBAD1%2BxF8E%3DPMJg%40mail.gmail.com.

Re: [cas-user] Spring profiles

2017-08-15 Thread David Rodriguez Gonzalez

Giving you a bit more of information, having a look into
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html
looks
like what I want is "native" but, where should I place my config files?
under cas/src/main/resources or in the standalone directory?



On Mon, 14 Aug 2017 at 12:25 David Rodriguez Gonzalez <
davidrg131...@gmail.com> wrote:

> yeah, but why if I pass the first one, instead of the last one, through
> command line args?
> I have it working in a different project, so I was wondering if there is
> something going on with CAS
>
> On Mon, 14 Aug 2017 at 12:21  wrote:
>
>> According to
>> https://docs.spring.io/spring-boot/docs/current/reference/html/howto-properties-and-configuration.html#howto-change-configuration-depending-on-the-environment
>>
>> last active profile in a yaml document always wins.
>>
>> D.
>>
>>
>>
>>
>> On Mon, Aug 14, 2017 at 5:15 AM -0400, "David Rodriguez Gonzalez" <
>> davidrg131...@gmail.com> wrote:
>>
>> Hi everyone,
>>>
>>> We are setting up CAS 5.1.2 profiles in order to configure properties
>>> per environment.
>>> Although Spring is reading the profile we are passing through command
>>> line and that are properly defined in the application.yml, the last profile
>>> defined in the yaml file is chosen to get the properties from.
>>>
>>> Any ideas? How are you doing it?
>>>
>>> Thank you|
>>> David
>>>
>>> --
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines:
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFGxCisLOL8eWAZjsSq4UDNXJHp%3DYi%3Dre8hfA0A8MhfXb7AgkA%40mail.gmail.com
>>> 
>>> .
>>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/D5BBD223FBD5BCE6.0124EC43-BCF3-4D6C-B93E-B34939EFA4D7%40mail.outlook.com
>> 
>> .
>>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFGxCittRE7MpN5V%3DvRLPZtPVJj5huHNu_m03tWLuTmQ%3DEUi0g%40mail.gmail.com.

Re: [cas-user] Spring profiles

2017-08-15 Thread David Rodriguez Gonzalez

yeah, but why if I pass the first one, instead of the last one, through
command line args?
I have it working in a different project, so I was wondering if there is
something going on with CAS

On Mon, 14 Aug 2017 at 12:21  wrote:

> According to
> https://docs.spring.io/spring-boot/docs/current/reference/html/howto-properties-and-configuration.html#howto-change-configuration-depending-on-the-environment
>
> last active profile in a yaml document always wins.
>
> D.
>
>
>
>
> On Mon, Aug 14, 2017 at 5:15 AM -0400, "David Rodriguez Gonzalez" <
> davidrg131...@gmail.com> wrote:
>
> Hi everyone,
>>
>> We are setting up CAS 5.1.2 profiles in order to configure properties per
>> environment.
>> Although Spring is reading the profile we are passing through command
>> line and that are properly defined in the application.yml, the last profile
>> defined in the yaml file is chosen to get the properties from.
>>
>> Any ideas? How are you doing it?
>>
>> Thank you|
>> David
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFGxCisLOL8eWAZjsSq4UDNXJHp%3DYi%3Dre8hfA0A8MhfXb7AgkA%40mail.gmail.com
>> 
>> .
>>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/D5BBD223FBD5BCE6.0124EC43-BCF3-4D6C-B93E-B34939EFA4D7%40mail.outlook.com
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFGxCiuM2tZeRs6U7r%3D%3Dk3n1-CbbkSk1Kkpktf8nixQ0oGO46A%40mail.gmail.com.

[cas-user] RE: pac4j delegate authentication on cas 4.2.7

2017-08-15 Thread Nancy Snoke

An update on my issue:  I found where there was a facebook update in March that 
is what makes the 4.2.7 facebook login not work anymore.

So I tried the latest version of the social sign on casa demo project 
https://github.com/casinthecloud/cas-pac4j-oauth-demo/tree/master and that does 
not work either.  The twitter had an error after being redirected back to cas, 
and the redirect to facebook had facebook displaying an error.  This version 
uses cas 5.0.

Does anyone have social sign on working today in CAS and if so what version of 
CAS are you using?

Thanks,
Nancy

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Nancy Snoke
Sent: Thursday, August 10, 2017 3:15 PM
To: cas-user@apereo.org
Subject: [cas-user] pac4j delegate authentication on cas 4.2.7

Hi All,

I am using CAS 4.2.7 and the delegate authentication does not appear to be 
working properly.  I got the exact same results using the demo 
https://github.com/casinthecloud/cas-pac4j-oauth-demo/tree/4.2.x.
  In both cases twitter works and facebook does not.  Clicking the facebook 
link properly takes the user to Facebook, and the user can click approve and 
then it forwards back to CAS and displays the server error page.

The relevant log entries are:
2017-08-10 15:07:19,943 DEBUG 
[org.springframework.webflow.execution.ActionExecutor] - Executing 
org.jasig.cas.support.pac4j.web.flow.ClientAction@6c59325f
2017-08-10 15:07:19,944 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - 
sessionState : yZkhX8vavT / stateParameter : yZkhX8vavT
2017-08-10 15:07:19,944 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - 
verifier : 
AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68
2017-08-10 15:07:19,965 DEBUG [org.pac4j.oauth.client.FacebookClient] - 
credentials :  | requestToken: null | token: null | verifier: 
AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68
 | clientName: FacebookClient |
2017-08-10 15:07:19,966 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - 
verifier : 
AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68

2017-08-10 15:07:20,900 INFO 
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail 
record BEGIN
=
WHO: org.jasig.cas.authentication.principal.ClientCredential@62d12aca
WHAT: Supplied credentials: 
[org.jasig.cas.authentication.principal.ClientCredential@62d12aca]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Aug 10 15:07:20 CDT 2017
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=


2017-08-10 15:07:20,905 DEBUG 
[org.springframework.webflow.engine.impl.FlowExecutionImpl] - Attempting to 
handle [org.springframework.webflow.execution.ActionExecutionException: 
Exception thrown executing 
org.jasig.cas.support.pac4j.web.flow.ClientAction@6c59325f in state 
'clientAction' of flow 'login' -- action execution attributes were 
'map[[empty]]'] with root cause [org.scribe.exceptions.OAuthException: Response 
body is incorrect. Can't extract a token from this: 
'{"access_token":"EAAJuVu68W5sBAE8aNvzKSZCyZBACpRS3rMjIxw06KojA2AcOkt5ZAWY654nYjOXaAbOFciOX0XsaKf8RVTSlXaUn8iOUpJoZAWXGfmucqeets3OFWnmInjXQ4ZAsZBa5eSpkB6Hv9jKp4FfSXyX0JmORPnENj0eNgiBwUxBQnuEQZDZD","token_type":"bearer","expires_in":5183856}']

Does anyone have any suggestions?
Thanks,
Nancy

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain 
confidential, privileged and/or proprietary information which is solely for the 
use of the intended recipient(s). Any review, use, disclosure or retention by 
others is strictly prohibited. If you are not an intended recipient, please 
contact the sender and delete this e-mail, any attachments and all copies.

Permanent General Assurance Corporation | Permanent General Assurance 
Corporation of Ohio | The General Automobile Insurance Company, Inc. | Home 
Office: 2636 Elm Hill Pike, Nashville, TN 37214
--
- CAS gitter chatroom: 
https://gitter.im/apereo/cas
- CAS mailing list guidelines:

Re: [cas-user] CAS 5.0 & Resource Owner Grant

2017-08-15 Thread Tom Andersson

Hi,

Thanks for the tips! I saw you already implementing something for this on 
the master branch :) Related to this - is there currently no way to control 
which oAuth grant types are allowed per service? Running CAS 5.0.3 that is. 
That is, we'd like to enable Resource Owner Password grant for a single 
service, but not all of them (to me it seems like by default it's enabled 
on all oauth services).

Cheers!
Tom

On Wednesday, 9 August 2017 12:39:02 UTC+3, Misagh Moayyed wrote:
>
> Cool. I feel uneasy about the spec saying “For example” :) but that’s 
> neither here nor there.
>
>  
>
> The mechanics of how one should proceed to patch this are fairly simple: 
> find the spot that handles the GET request in the OAuth module, tune it to 
> also accept POST and use that method/handler when dealing with the 
> particular grant type. (This I think is the easiest approach; the 
> possibly-better alternative to ensure that grant type can only respond to 
> POST requires other [breaking] changes that would be outside the scope of 
> 5.1) Start with OAuth20AuthorizeEndpointController and work your way up. 
> Post a pull request when ready, or better yet, when not ready as a WIP so 
> others see what you’re working on and can provide early feedback. 
>
>  
>
> More here: https://apereo.github.io/2017/07/05/cas-contribution-guide/ 
>
>  
>
> --Misagh
>
>  
>
> *From:* Tom Andersson [mailto:tjan...@gmail.com ] 
> *Sent:* Wednesday, August 9, 2017 12:22 AM
> *To:* CAS Community 
> *Cc:* mmoa...@unicon.net 
> *Subject:* Re: [cas-user] CAS 5.0 & Resource Owner Grant
>
>  
>
> Hi Misagh!
>
>  
>
> Not sure about hard rule, but:
>
>  
>
> *"The client makes a request to the token endpoint by adding the following 
> parameters using the 'application/x-www-form-urlencoded' format per 
> Appendix B ** with a 
> character encoding of UTF-8 in the HTTP request entity-body"*
>
>  
>
> and
>
>  
>
> *"For example, the client makes the following HTTP request using 
> transport-layer security (with extra line breaks for display purposes only):"*
>
>  
>
> * POST /token HTTP/1.1*
>
> * Host: server.example.com *
>
> * Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW*
>
> * Content-Type: application/x-www-form-urlencoded*
>
>  
>
> * grant_type=password=johndoe=A3ddj3w*
>
>  
>
>  
>
> Referencing https://tools.ietf.org/html/rfc6749#section-4.3.2.
>
>  
>
> Do you think it would be relatively simple to patch this feature, or how 
> should one proceed with such a change request?
>
>  
>
> Cheers,
>
> Tom
>
>  
>
>  
>
>
> On Wednesday, 9 August 2017 09:33:27 UTC+3, Misagh Moayyed wrote:
>
> I don’t remember if the spec makes a hard and fast rule on this, strictly 
> speaking, but you’re certainly right that if it’s done via a GET it would 
> be better for it to switch to POST. 
>
>  
>
> --Misagh
>
>  
>
> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *Tom 
> Andersson
> *Sent:* Tuesday, August 8, 2017 12:32 AM
> *To:* CAS Community 
> *Subject:* [cas-user] CAS 5.0 & Resource Owner Grant
>
>  
>
> Hello,
>
>  
>
> I have the need to provide an authentication mechanism using the oAuth2 
> Resource Owner Grant type. However if I've understood correctly, the 
> implementation expects the user to authenticatite using GET and passing the 
> credentials in the query parameters? To me this seems quite insecure as the 
> credentials will then stick in access logs etc. I'm wondering why it's been 
> implemented in this way instead of POSTing the credentials or if I have 
> misunderstood something. Or would it be better to rely on the tickets REST 
> api?
>
>  
>
> Thank you!
>
> Tom
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/59d21bfd-052c-4311-acb6-ee47102ceaa1%40apereo.org
>  
> 
> .
>
>  
>
>  
> --
>
> This email has been scanned for spam and viruses by Proofpoint Essentials. 
> Click here 
> 
>  
> to report this email as spam.
>
>
> =
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines:

Re: [cas-user] CAS 5.0 & Resource Owner Grant

2017-08-15 Thread Misagh Moayyed

At this point, no there isn't but speaking for myself, it is something that 
will likely get done prior to 5.3. It's not exactly high on my list. 

It's not that difficult to do, and an OAuth service definition already has the 
placeholder to carry grant types it supports. The remaining work is to ensure 
whatever the service carries is in fact enforced. Your best bet at this point 
is put together a patch that executes that enforcement. 

--Misagh 


From: "Tom Andersson"  
To: "CAS Community"  
Cc: "Misagh Moayyed"  
Sent: Tuesday, August 15, 2017 6:38:50 AM 
Subject: Re: [cas-user] CAS 5.0 & Resource Owner Grant 

Hi, 
Thanks for the tips! I saw you already implementing something for this on the 
master branch :) Related to this - is there currently no way to control which 
oAuth grant types are allowed per service? Running CAS 5.0.3 that is. That is, 
we'd like to enable Resource Owner Password grant for a single service, but not 
all of them (to me it seems like by default it's enabled on all oauth 
services). 

Cheers! 
Tom 

On Wednesday, 9 August 2017 12:39:02 UTC+3, Misagh Moayyed wrote: 




Cool. I feel uneasy about the spec saying “For example” :) but that’s neither 
here nor there. 



The mechanics of how one should proceed to patch this are fairly simple: find 
the spot that handles the GET request in the OAuth module, tune it to also 
accept POST and use that method/handler when dealing with the particular grant 
type. (This I think is the easiest approach; the possibly-better alternative to 
ensure that grant type can only respond to POST requires other [breaking] 
changes that would be outside the scope of 5.1) Start with 
OAuth20AuthorizeEndpointController and work your way up. Post a pull request 
when ready, or better yet, when not ready as a WIP so others see what you’re 
working on and can provide early feedback. 



More here: https://apereo.github.io/2017/07/05/cas-contribution-guide/ 



--Misagh 



From: Tom Andersson [mailto: tjan...@gmail.com ] 
Sent: Wednesday, August 9, 2017 12:22 AM 
To: CAS Community < cas-...@apereo.org > 
Cc: mmoa...@unicon.net 
Subject: Re: [cas-user] CAS 5.0 & Resource Owner Grant 




Hi Misagh! 





Not sure about hard rule, but: 





"The client makes a request to the token endpoint by adding the following 
parameters using the 'application/x-www-form-urlencoded' format per Appendix B 
with a character encoding of UTF-8 in the HTTP request entity-body" 





and 



"For example, the client makes the following HTTP request using transport-layer 
security (with extra line breaks for display purposes only):" 
POST /token HTTP/1.1 
Host: server.example.com 
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW 
Content-Type: application/x-www-form-urlencoded 
grant_type=password=johndoe=A3ddj3w 








Referencing https://tools.ietf.org/html/rfc6749#section-4.3.2 . 





Do you think it would be relatively simple to patch this feature, or how should 
one proceed with such a change request? 





Cheers, 


Tom 









On Wednesday, 9 August 2017 09:33:27 UTC+3, Misagh Moayyed wrote: 
BQ_BEGIN



I don’t remember if the spec makes a hard and fast rule on this, strictly 
speaking, but you’re certainly right that if it’s done via a GET it would be 
better for it to switch to POST. 



--Misagh 



From: cas-...@apereo.org [mailto: cas-...@apereo.org ] On Behalf Of Tom 
Andersson 
Sent: Tuesday, August 8, 2017 12:32 AM 
To: CAS Community < cas-...@apereo.org > 
Subject: [cas-user] CAS 5.0 & Resource Owner Grant 




Hello, 





I have the need to provide an authentication mechanism using the oAuth2 
Resource Owner Grant type. However if I've understood correctly, the 
implementation expects the user to authenticatite using GET and passing the 
credentials in the query parameters? To me this seems quite insecure as the 
credentials will then stick in access logs etc. I'm wondering why it's been 
implemented in this way instead of POSTing the credentials or if I have 
misunderstood something. Or would it be better to rely on the tickets REST api? 





Thank you! 


Tom 


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas 
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html 
- CAS documentation website: https://apereo.github.io/cas 
- CAS project website: https://github.com/apereo/cas 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+u...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/59d21bfd-052c-4311-acb6-ee47102ceaa1%40apereo.org
 . 











This email has been scanned for spam and viruses by Proofpoint Essentials. 
Click here to report this email as spam. 


= 

BQ_END



-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas 
- CAS mailing

Re: [cas-user] Is it possible in my app to allow only authorized user to use pac4j delegation to login

Re: [cas-user] CAS 5.1.2 step by step documentation

RE: [cas-user] throttling cas 5.1.3

Re: [cas-user] Having issues w/ trustedDevice in 5.1.2

[cas-user] CAS 5.1.x, Docker, github & tags

Re: [cas-user] Is it possible in my app to allow only authorized user to use pac4j delegation to login

[cas-user] throttling cas 5.1.3

Re: [cas-user] throttling cas 5.1.3

Re: [cas-user] Spring profiles

Re: [cas-user] CAS 5.1.2 step by step documentation

Re: [cas-user] Spring profiles

Re: [cas-user] Spring profiles

[cas-user] RE: pac4j delegate authentication on cas 4.2.7

Re: [cas-user] CAS 5.0 & Resource Owner Grant

Re: [cas-user] CAS 5.0 & Resource Owner Grant

15 matches

Site Navigation

Mail list logo

Footer information