Hi,
I'm testing CAS version 5.3.2 and found out that
the DefaultTicketRegistryCleaner is not deleting expired tickets when
running CAS with JPA.
My investigation after checking the code is the following:
1. DefaultTicketRegistryCleaner calls TicketRegistry.deleteTicket passing
the id of the
Hello Team,
I have multiple CAS client (mod_auth_cas) connected to a load balancer. My
problem is mod_auth_cas ask CASCOOKIEPATH to set to store the user
information locally.
I am planning to use NFS for the same but I feel there will be a delay in
reading/writing the cookie information and
Hello Ray,
Thanks for the update.
I have already configured "LogoutUrl" in the service registry but the
problem is that in response i am receiving 302 error with the other URL in
the "Location" header.
When i fire the same logout URL from a new tab then i got logged out from
the wordpress
Hi all,
I want to change the cas properties dynamically i,e during runtime
without restarting the server.
Does CAS picks(refreshes) the properties without restarting the CAS Server.
Thanks & Regards,
A Sairam
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
Hello,
I try to authenticate a user with a IdP and use the custom IdP attributes
to sign on the SP. Please could you tell me the way to extract the custom
attributes from the IdP response.
Thanks in advance. Regards.
--
---
The information contained in this e-mail is LEGALLY PRIVILEGED AND
Hopefully you find this page helpful
https://apereo.github.io/cas/5.2.x/installation/Configuring-SAML2-Authentication.html#saml-services
On Fri, Aug 3, 2018, 7:54 AM Carlos Saavedra Martín <
carlos.saave...@edosoft.es> wrote:
> Hello,
>
> I try to authenticate a user with a IdP and use the
Ramakrishna,
I have not used mod_auth_cas but it sounds like CASCookiePath is written rarely
and read many. Is mod_auth_cas doing the writing or is it handing off to
Apache? There must be other cookies that will be accessed just as frequently.
How are they managed?
Could it be that there is
James,
The TGT is scoped to the CAS server and is only used by CAS. Are you using
certificates (https)? If they are self signed, they will have to be added to
all nginx configs.
Back channel communication (like ticket validation) is done over https and both
sides need to know about the other's
Ray,
I will be having concurrent 5 - 10 k request. When the bandwidth goes down
I am really worried what will happen to the system.
Since redis is in memory storage system it will be comparatively faster
than reading in a file is my feeling. Correct if I am wrong somewhere.
And also since I
Hello all,
I am using Mod_auth_cas and HA- Cas server behind a loadbalancer.
Whenever I set CASValidateURL to one of the cas servers it works fine. But
when I send to cas via NGINX server then it says "Unauthorized error" in
browser.
My Nginx has
location /cas/login
{
proxy_pass
Ramakrishna,
How much time do you think it will take to read/write NFS?
If redis is shared among your servers, how long will it take?
Ray
On Fri, 2018-08-03 at 15:26 +0530, Ramakrishna G wrote:
Hello Team,
I have multiple CAS client (mod_auth_cas) connected to a load balancer. My
problem is
Ramakrishna,
This sounds like slow ticket replication. Does redis sentinel have multiple
stores?
If you set nginx to be sticky, will validation succeed?
Check your cas logs to see if the ticket is being validated. I think the cas
client tries to validate the ticket using https.
You could
mod_auth_cas does all of it's own cookie management and persistence... i
went looking at the source one day to investigate an issue we had, the
issue was not there, but i'm permanently scarred by the lack of HTTPD APIs
for common tasks like this.
On Friday, August 3, 2018 at 1:21:39 PM UTC-4,
On Fri, Aug 3, 2018 at 5:56 AM, Ramakrishna G wrote:
> Hello Team,
>
> I have multiple CAS client (mod_auth_cas) connected to a load balancer. My
> problem is mod_auth_cas ask CASCOOKIEPATH to set to store the user
> information locally.
>
> I am planning to use NFS for the same but I feel there
Hello Ray,
Oh~, thank you.
I'm not using certificates now.
I will try it.
Thank you again.
James
On Saturday, August 4, 2018 at 12:11:44 AM UTC+8, rbon wrote:
>
> James,
>
> The TGT is scoped to the CAS server and is only used by CAS. Are you using
> certificates (https)? If they are self
Neha,
Is it possible that LogoutUrl is protected by CAS? (That is, can you access
LogoutUrl without being logged in?)
Our word press expert is away until at least Tuesday so I will ask how logout
is set up then.
Ray
On Fri, 2018-08-03 at 02:22 -0700, Neha Gupta wrote:
Hello Ray,
Thanks for
Ray,
Can you please elaborate this "If you set nginx to be sticky, will
validation succeed?" Any example for this.
Also in cas logs I could see ticket was not validated when I go through
NGINX
Thanks
Ramakrishna G
On Fri, Aug 3, 2018 at 11:02 PM, Ray Bon wrote:
> Ramakrishna,
>
> This
Do you mean to say ip-hash as load balancing mechnaism. I have tried that
as well. But No Luck
Thanks
Ramakrishna G
On Sat, Aug 4, 2018 at 12:37 AM, Ramakrishna G wrote:
> Ray,
>
> Can you please elaborate this "If you set nginx to be sticky, will
> validation succeed?" Any example for this.
>
We upgraded cas from 5.2 to 5.3 last night. Today almost everything is
working fine except banner 8 sso logins via ellucian's ssomanager(circa
2013 version). We're sporadically seeing the below trace in the browser.
I'm suspecting the 2013 ssomanager app from ellucian is running an outdated
Ramakrishna,
This is what I set on my test machine:
upstream casssl {
server localhost:8491;
server localhost:8492 backup;
}
location /cas {
proxy_pass https://casssl;
}
The backup means that all requests go through 8491
20 matches
Mail list logo