date:20161005

[cas-user] Google reCAPTCHA - CAS 5 RC4

2016-10-05 Thread Jeffrey Ramsay

Google reCAPTCHA does not work in any release past the RC2-SNAP; are there 
any plans to fix. Also, reCAPTCHA does not render in Internet Explore 11. I 
reported this before but no one followed up on my post.

-Jeff 

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dfe4ef61-63fd-4e83-824f-62c90e50f986%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] CAS 5 RC3: redirect to /login on 404?

2016-10-05 Thread Baron Fujimoto

Another difference that has been noted between our CAS 3.4.x and
CAS 5.0 is that CAS 3 appears to redirect to the /login endpoint
for 404s whereas CAS 5 RC3 goes to a 404 page. I don't see where
I might have configured our CAS 3 to redirect to /login for 404,
so I'm assuming this was the previous default? Is there a way to
configure this behaviour for CAS 5, or is this now inadvisable?

-baron
-- 
Baron Fujimoto  :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20161005192520.GL10923%40praenomen.mgt.hawaii.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

2016-10-05 Thread Dan Roque

Actually, I understand now... You mean the environment variables you are 
using within your POM file for maven. Which variables are you using? I can 
look for the corresponding gradle ones.

Dan

On Wednesday, October 5, 2016 at 3:16:12 PM UTC-4, Dan Roque wrote:
>
> Do you mean the cas.properties? If so then yes it is identical. The only 
> difference between gradle and maven is the build process. The instructions 
> for building the war file can be found here
>
> https://github.com/apereo/cas-gradle-overlay-template/blob/master/README.md
>
> Make sure you replaced the default deployerConfigContext.xml and 
> cas.properties before you attempt to build.
>
> As for LDAPS, It is up to you really. We use LDAPS to secure LDAP traffic 
> over SSL but you can start with LDAP for now and move to LDAPS when you 
> have time to configure everything required for it.
>
> Dan
>
> On Wednesday, October 5, 2016 at 1:38:11 PM UTC-4, Hank Foss wrote:
>>
>> Hi Dan,
>>
>> I'm  hoping the environmental variables are identical with gradle as with 
>> maven, because it's looking like we'll have to recompile.
>>
>> Question, does CAS need to be running over LDAPS or is LDAP fine?
>>
>> Thanks,
>> Hank
>>
>>
>> On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote:
>>>
>>> Thanks to the documentation, I've been able to get far with the CAS 
>>> build so far, but LDAP has been a bit of a challenge so far.
>>>
>>> I followed this link to the letter:
>>> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html 
>>>  Then I re-ran maven by running* mvn install package*, reloaded WAR 
>>> file, and restarted Tomcat - not much luck so far.
>>>
>>> What is good is that the log file cas.log has shown the source IP and 
>>> attempting logon username. So that's a step in the right direction: at 
>>> least it's showing the failure!
>>>
>>> The local user casuser / Mellon logons are successful, and the cas.log 
>>> shows that too. 
>>>
>>> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated.
>>>
>>>
>>> Thanks,
>>> Hank
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/48911d67-0202-4d27-bfcc-ccf9f26dff9f%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

2016-10-05 Thread Dan Roque

Do you mean the cas.properties? If so then yes it is identical. The only 
difference between gradle and maven is the build process. The instructions 
for building the war file can be found here

https://github.com/apereo/cas-gradle-overlay-template/blob/master/README.md

Make sure you replaced the default deployerConfigContext.xml and 
cas.properties before you attempt to build.

As for LDAPS, It is up to you really. We use LDAPS to secure LDAP traffic 
over SSL but you can start with LDAP for now and move to LDAPS when you 
have time to configure everything required for it.

Dan

On Wednesday, October 5, 2016 at 1:38:11 PM UTC-4, Hank Foss wrote:
>
> Hi Dan,
>
> I'm  hoping the environmental variables are identical with gradle as with 
> maven, because it's looking like we'll have to recompile.
>
> Question, does CAS need to be running over LDAPS or is LDAP fine?
>
> Thanks,
> Hank
>
>
> On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote:
>>
>> Thanks to the documentation, I've been able to get far with the CAS build 
>> so far, but LDAP has been a bit of a challenge so far.
>>
>> I followed this link to the letter:
>> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html 
>>  Then I re-ran maven by running* mvn install package*, reloaded WAR 
>> file, and restarted Tomcat - not much luck so far.
>>
>> What is good is that the log file cas.log has shown the source IP and 
>> attempting logon username. So that's a step in the right direction: at 
>> least it's showing the failure!
>>
>> The local user casuser / Mellon logons are successful, and the cas.log 
>> shows that too. 
>>
>> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated.
>>
>>
>> Thanks,
>> Hank
>>
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ced2c5a3-fe69-4c6a-ae52-62043b56030f%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Issue with json service registry between CASv5 RC3-SNAP and RC4-SNAP

2016-10-05 Thread Philippe MARASSE

Hello,

My today's build fails : although I've mentioned

${cas.groupId}

cas-server-support-json-service-registry
${cas.version}
runtime

in my pom.xml, Service registry used to work, The log shows :

2016-10-05 17:26:06,164 INFO
[org.apereo.cas.services.AbstractResourceBasedServiceRegistryDao] -

perfect, but :

2016-10-05 17:26:15,845 WARN
[org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext]
-

it seems that embeddedJsonServiceRegistry (looking services in
classpath:/services) is instantiated instead of jsonServiceRegistry
found in cas-server-support-json-service-registry module.

Environment is the same as last week (Tomcat 8.5.4 / java 8u101).

Regards.

--
Philippe MARASSE

Responsable pôle Infrastructures - DSIO
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Cœur
86021 Poitiers Cedex
Tel : 05.49.44.57.19

--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6683d22-fd8d-4fab-461d-36aef4202524%40ch-poitiers.fr.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

smime.p7s
Description: Signature cryptographique S/MIME

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

2016-10-05 Thread Hank Foss

Thanks, Dan.

I've been using Maven all along. I'll go with the Gradle overlay.

-Hank


On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote:
>
> Thanks to the documentation, I've been able to get far with the CAS build 
> so far, but LDAP has been a bit of a challenge so far.
>
> I followed this link to the letter:
> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html 
>  Then I re-ran maven by running* mvn install package*, reloaded WAR file, 
> and restarted Tomcat - not much luck so far.
>
> What is good is that the log file cas.log has shown the source IP and 
> attempting logon username. So that's a step in the right direction: at 
> least it's showing the failure!
>
> The local user casuser / Mellon logons are successful, and the cas.log 
> shows that too. 
>
> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated.
>
>
> Thanks,
> Hank
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3835546b-9153-4120-839d-32101dc25083%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

2016-10-05 Thread Dan Roque

Hi Hank,

For the CAS login page, we only use username/password (no Domain 
required). As for 'casuser', this is the user that will search the 
directory for the login user.

As for the POM, I generated the war file using the gradle overlay template 
instead of maven. In order to run correctly, you need to add the following 
dependencies to the build.gradle file

runtime 'org.jasig.cas:cas-server-support-ldap:4.2.6'
runtime 'org.ldaptive:ldaptive:1.2.0'

Here is the complete build.gradle just in case
http://pastebin.com/RtwrpLjm

Note: This is not the overlay build.gradle file, it's the main CAS one.

If you still want to use maven then you would need to add the following to 
the CAS POM file (untested)

  org.ldaptive 
ldaptive 1.2.0  

  org.jasig.cas 
cas-server-support-ldap 4.2.6  


To verify it worked properly, the libraries should show up under 
WEB-INF/lib within the war file.

Hope that helps,

Dan

On Wednesday, October 5, 2016 at 9:05:41 AM UTC-4, Hank Foss wrote:
>
> Dan,
>
> Can you provide a copy of your POM also?
>
> Also, when logins are made to the CAS server (
> https://cas-server:8443/cas/login) I'm guessing it's only username / 
> password, and then it takes you in like 'casuser' and 'Mellon'. Is this 
> correct? In other words, there is no need to type 'domain\sAMAccountName' 
> and 'password.'
>
> Thanks,
> Hank
>
>
>
> On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote:
>>
>> Thanks to the documentation, I've been able to get far with the CAS build 
>> so far, but LDAP has been a bit of a challenge so far.
>>
>> I followed this link to the letter:
>> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html 
>>  Then I re-ran maven by running* mvn install package*, reloaded WAR 
>> file, and restarted Tomcat - not much luck so far.
>>
>> What is good is that the log file cas.log has shown the source IP and 
>> attempting logon username. So that's a step in the right direction: at 
>> least it's showing the failure!
>>
>> The local user casuser / Mellon logons are successful, and the cas.log 
>> shows that too. 
>>
>> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated.
>>
>>
>> Thanks,
>> Hank
>>
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f7c0bb4-3dd7-4b8c-ad8e-b5c79dc690f9%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Oauth2.0 not redirecting back to app

2016-10-05 Thread Xavier Rodríguez

¡Thanks Jérôme and Marina for your responses!

The problems is in theme. As says Marina I put de cas.js and it works 
perfect!!! The redirect in the file not found causes the second call.

Thanks a lot++

Best regards,

- Xavier -

El dimecres, 5 octubre de 2016 14:50:52 UTC+2, Marina Batet va escriure:
>
> Hi Jérôme,
>
> Thanks for your answer!
>
> Yes, I tested it with firebug and there are two calls to the /cas/login. 
> The first with the service url and the second without.
>
> The thing is, I have a custom theme defined for my service. If I use the 
> default theme, then I have just one call and everything works fine.
>
> But If I define a custom theme (that in itself it just contains some 
> images and a css file, it have no calls whatsoever), then, I see two calls 
> to  /cas/login in firebug.
>
> And the culprit is the file 
> WEB-INF/view/jsp/default/ui/includes/bottom.jsp:
>
>  src="">
>
> That it's translated in:
>
>  src="/cas/themes/mytheme/js/cas.js">
>
> As this file (/mytheme/js/cas.js) does not exist  (in the default theme 
> /cas/js/cas.js *does* exists), this call it's redirected to /cas/login
>
> I copied the cas/js/cas.js file to my js theme directory and problem 
> solved! L¡Just one call to the method and the service it's not null.
>
> Thanks so much for your help, much appreciated! :-)
>
>
> El dimecres, 5 octubre de 2016 13:45:01 UTC+2, leleuj va escriure:
>>
>> Hi,
>>
>> Indeed, the double call to prepareForLoginPage is the culprit. Is there 
>> any resource on your login page somehow calling the /login URL again?
>>
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> 2016-10-05 13:28 GMT+02:00 Marina Batet :
>>
>>> Hi Jérôme and everyone, 
>>>
>>> This is happening to me in CAS 4.2.3.
>>>
>>> I'm trying it in localhost, with two CAS servers installed, one acting 
>>> as the oauth client (/cas) an the other as the oauth server 
>>> (/cas-pac4j-oauth-server-demo). And a test app (/test-client-app) that it's 
>>> acting as the client of the first cas (the service). There are no Apaches 
>>> nor rewrites in this scenario...
>>>
>>> What I'm seeing is that before the login page it's loaded in the 
>>> browser, I have two calls to the "prepareForLoginPage" method. In the first 
>>> call, the service is stored in session OK. In the second call, the service 
>>> is null (?) and the service attribute is overwrited in the session. 
>>> Thereafter, when we try to retrieve the service after de oauth delegation, 
>>> etc... the service attribute it's null.
>>>
>>> I have put some more traces in the ClientAction class and compiled it in 
>>> order to try to understand what it's happening. I have attached the traces 
>>> (just the ones before the login page) , but basically, what it's bugging me 
>>> is:
>>>
>>> 2016-10-05 12:53:19,412 DEBUG 
>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] 
>>> save service: 
>>> https://localhost:8443/test-client-app/j_spring_cas_security_check
>>> ...
>>> 2016-10-05 12:53:22,880 DEBUG 
>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] 
>>> save service: null
>>>
>>> Why it's this second call overwriting the service as null when it was 
>>> previously stored?  What I'm doing wrong? 
>>>
>>> Thanks in advanced for any response!
>>>
>>>
>>> Best regards,
>>>
>>> El dimecres, 5 octubre de 2016 10:43:05 UTC+2, leleuj va escriure:

 Hi,

 In the ClientAction, the service has been saved: 

 2016-10-03 16:32:17,094 DEBUG 
 [org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service: 
 https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check

 But, indeed, the service is not retrieved during the authentication 
 (thus no redirect back to the application):

 2016-10-03 16:32:27,930 DEBUG 
 [org.jasig.cas.support.pac4j.web.flow.ClientAction] - retrieve service: 
 null

 The service is saved into and restored from the web session: anything 
 special in your case?

 Thanks.
 Best regards,
 Jérôme



 2016-10-04 12:26 GMT+02:00 Xavier Rodríguez :

> Hi,
>
> I've the same problem. We have installed CAS-4.2.3 with Client-Oauth 2 
> implementation. But we are not able to come back to the service-app.
>
> When the user is autenticated in Server-Oauth it returns to the 
> CAS-Server-client but it stops in login page showing that the user is 
> authenticated, it seems that the service(app) in this point is lost, and 
> it 
> doesn't return to the app.
>
> We have defined in Pac4jContext:
>
>  class="cat.dipta.pac4j.oauth.client.ValidCasOAuthWrapperClient">
> 
> 
> https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0; />
> 
> 
>

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

2016-10-05 Thread Hank Foss

Dan,

Can you provide a copy of your POM also?

Also, when logins are made to the CAS server 
(https://cas-server:8443/cas/login) I'm guessing it's only username / 
password, and then it takes you in like 'casuser' and 'Mellon'. Is this 
correct? In other words, there is no need to type 'domain\sAMAccountName' 
and 'password.'

Thanks,
Hank



On Friday, September 30, 2016 at 4:17:24 PM UTC-4, Hank Foss wrote:
>
> Thanks to the documentation, I've been able to get far with the CAS build 
> so far, but LDAP has been a bit of a challenge so far.
>
> I followed this link to the letter:
> https://apereo.github.io/cas/4.2.x/installation/LDAP-Authentication.html 
>  Then I re-ran maven by running* mvn install package*, reloaded WAR file, 
> and restarted Tomcat - not much luck so far.
>
> What is good is that the log file cas.log has shown the source IP and 
> attempting logon username. So that's a step in the right direction: at 
> least it's showing the failure!
>
> The local user casuser / Mellon logons are successful, and the cas.log 
> shows that too. 
>
> Any advice on LDAP configuration on CAS 4.2.5 is greatly appreciated.
>
>
> Thanks,
> Hank
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8cd8b0af-5717-4b2a-a168-25edf21b3916%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Oauth2.0 not redirecting back to app

2016-10-05 Thread Marina Batet

Hi Jérôme,

Thanks for your answer!

Yes, I tested it with firebug and there are two calls to the /cas/login. 
The first with the service url and the second without.

The thing is, I have a custom theme defined for my service. If I use the 
default theme, then I have just one call and everything works fine.

But If I define a custom theme (that in itself it just contains some images 
and a css file, it have no calls whatsoever), then, I see two calls 
to  /cas/login in firebug.

And the culprit is the file WEB-INF/view/jsp/default/ui/includes/bottom.jsp:

">

That it's translated in:



As this file (/mytheme/js/cas.js) does not exist  (in the default theme 
/cas/js/cas.js *does* exists), this call it's redirected to /cas/login

I copied the cas/js/cas.js file to my js theme directory and problem 
solved! L¡Just one call to the method and the service it's not null.

Thanks so much for your help, much appreciated! :-)


El dimecres, 5 octubre de 2016 13:45:01 UTC+2, leleuj va escriure:
>
> Hi,
>
> Indeed, the double call to prepareForLoginPage is the culprit. Is there 
> any resource on your login page somehow calling the /login URL again?
>
> Thanks.
> Best regards,
> Jérôme
>
>
> 2016-10-05 13:28 GMT+02:00 Marina Batet :
>
>> Hi Jérôme and everyone, 
>>
>> This is happening to me in CAS 4.2.3.
>>
>> I'm trying it in localhost, with two CAS servers installed, one acting as 
>> the oauth client (/cas) an the other as the oauth server 
>> (/cas-pac4j-oauth-server-demo). And a test app (/test-client-app) that it's 
>> acting as the client of the first cas (the service). There are no Apaches 
>> nor rewrites in this scenario...
>>
>> What I'm seeing is that before the login page it's loaded in the browser, 
>> I have two calls to the "prepareForLoginPage" method. In the first call, 
>> the service is stored in session OK. In the second call, the service is 
>> null (?) and the service attribute is overwrited in the session. 
>> Thereafter, when we try to retrieve the service after de oauth delegation, 
>> etc... the service attribute it's null.
>>
>> I have put some more traces in the ClientAction class and compiled it in 
>> order to try to understand what it's happening. I have attached the traces 
>> (just the ones before the login page) , but basically, what it's bugging me 
>> is:
>>
>> 2016-10-05 12:53:19,412 DEBUG 
>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] 
>> save service: 
>> https://localhost:8443/test-client-app/j_spring_cas_security_check
>> ...
>> 2016-10-05 12:53:22,880 DEBUG 
>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] 
>> save service: null
>>
>> Why it's this second call overwriting the service as null when it was 
>> previously stored?  What I'm doing wrong? 
>>
>> Thanks in advanced for any response!
>>
>>
>> Best regards,
>>
>> El dimecres, 5 octubre de 2016 10:43:05 UTC+2, leleuj va escriure:
>>>
>>> Hi,
>>>
>>> In the ClientAction, the service has been saved: 
>>>
>>> 2016-10-03 16:32:17,094 DEBUG 
>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service: 
>>> https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check
>>>
>>> But, indeed, the service is not retrieved during the authentication 
>>> (thus no redirect back to the application):
>>>
>>> 2016-10-03 16:32:27,930 DEBUG 
>>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - retrieve service: null
>>>
>>> The service is saved into and restored from the web session: anything 
>>> special in your case?
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>>
>>> 2016-10-04 12:26 GMT+02:00 Xavier Rodríguez :
>>>
 Hi,

 I've the same problem. We have installed CAS-4.2.3 with Client-Oauth 2 
 implementation. But we are not able to come back to the service-app.

 When the user is autenticated in Server-Oauth it returns to the 
 CAS-Server-client but it stops in login page showing that the user is 
 authenticated, it seems that the service(app) in this point is lost, and 
 it 
 doesn't return to the app.

 We have defined in Pac4jContext:

 >>> class="cat.dipta.pac4j.oauth.client.ValidCasOAuthWrapperClient">
 
 
 https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0; />
 
 
 >>> class="org.pac4j.oauth.client.CasOAuthWrapperClient">
 
 
 https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0; />
 

 When CAS receives the data from de Oauth-Server its log shows:

 2016-10-03 16:32:27,999 DEBUG 
 [org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - 
 Building an authentication context for authentication 
 org.jasig.cas.authentication.ImmutableAuthentication@75b86cb and service 
 null

 I understand that this service must have the url of the client-app but 
 it is null.

Re: [cas-user] Level of identity assurance implementation in CAS 5.0

2016-10-05 Thread Philippe MARASSE

No idea, really ?

It's mentioned in section MFA of
https://apereo.github.io/cas/4.2.x/planning/Security-Guide.html

but not anymore on v5
https://apereo.github.io/cas/development/planning/Security-Guide.html ??

Regards.

Le 29/09/2016 à 14:43, Philippe MARASSE a écrit :
> Hello,
>
> I'm wondering if CAS is able to do service-based LOA, eg, internal users
> use SPNEGO and external users use Login/Password, and if requested by
> service : MFA with Yubikey or other not yet implemented mean (OTP via
> SMS, OTP via FreeOTP, etc.). Ideally, I would set a level by service :
>   - access to Webmail with required level of 15 points
>   - access to Personal informations with required level of 20 points
>
> And successful authentication would be granted by handler :
>   - SPNEGO : 25 points
>   - Login/Password : 15 points
>   - MFA yubikey : 10 points
>   - ...
>
> So internal users would always gain access with SPNEGO, and external
> users will be requested login/password only for Webmail, and
> login/password + MFA for Personal Informations.
>
> Is it already possible with CASv5 ?
>
> I think it will need some development though, in this case, I'll need
> directions :-)
>
> Regards.
>

-- 
Philippe MARASSE

Responsable pôle Infrastructures - DSIO
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Cœur 
86021 Poitiers Cedex
Tel : 05.49.44.57.19


-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0a2a19d6-5d9d-a453-c953-156eb585da03%40ch-poitiers.fr.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.


smime.p7s
Description: Signature cryptographique S/MIME

Re: [cas-user] Oauth2.0 not redirecting back to app

2016-10-05 Thread Marina Batet

Hi Jérôme and everyone, 

This is happening to me in CAS 4.2.3.

I'm trying it in localhost, with two CAS servers installed, one acting as 
the oauth client (/cas) an the other as the oauth server 
(/cas-pac4j-oauth-server-demo). And a test app (/test-client-app) that it's 
acting as the client of the first cas (the service). There are no Apaches 
nor rewrites in this scenario...

What I'm seeing is that before the login page it's loaded in the browser, I 
have two calls to the "prepareForLoginPage" method. In the first call, the 
service is stored in session OK. In the second call, the service is null 
(?) and the service attribute is overwrited in the session. Thereafter, 
when we try to retrieve the service after de oauth delegation, etc... the 
service attribute it's null.

I have put some more traces in the ClientAction class and compiled it in 
order to try to understand what it's happening. I have attached the traces 
(just the ones before the login page) , but basically, what it's bugging me 
is:

2016-10-05 12:53:19,412 DEBUG 
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] 
save service: 
https://localhost:8443/test-client-app/j_spring_cas_security_check
...
2016-10-05 12:53:22,880 DEBUG 
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] 
save service: null

Why it's this second call overwriting the service as null when it was 
previously stored?  What I'm doing wrong? 

Thanks in advanced for any response!


Best regards,

El dimecres, 5 octubre de 2016 10:43:05 UTC+2, leleuj va escriure:
>
> Hi,
>
> In the ClientAction, the service has been saved: 
>
> 2016-10-03 16:32:17,094 DEBUG 
> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service: 
> https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check
>
> But, indeed, the service is not retrieved during the authentication (thus 
> no redirect back to the application):
>
> 2016-10-03 16:32:27,930 DEBUG 
> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - retrieve service: null
>
> The service is saved into and restored from the web session: anything 
> special in your case?
>
> Thanks.
> Best regards,
> Jérôme
>
>
>
> 2016-10-04 12:26 GMT+02:00 Xavier Rodríguez  >:
>
>> Hi,
>>
>> I've the same problem. We have installed CAS-4.2.3 with Client-Oauth 2 
>> implementation. But we are not able to come back to the service-app.
>>
>> When the user is autenticated in Server-Oauth it returns to the 
>> CAS-Server-client but it stops in login page showing that the user is 
>> authenticated, it seems that the service(app) in this point is lost, and it 
>> doesn't return to the app.
>>
>> We have defined in Pac4jContext:
>>
>> > class="cat.dipta.pac4j.oauth.client.ValidCasOAuthWrapperClient">
>> 
>> 
>> https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0; />
>> 
>> 
>> > class="org.pac4j.oauth.client.CasOAuthWrapperClient">
>> 
>> 
>> https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0; />
>> 
>>
>> When CAS receives the data from de Oauth-Server its log shows:
>>
>> 2016-10-03 16:32:27,999 DEBUG 
>> [org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - 
>> Building an authentication context for authentication 
>> org.jasig.cas.authentication.ImmutableAuthentication@75b86cb and service 
>> null
>>
>> I understand that this service must have the url of the client-app but it 
>> is null. ¿Do We have to define some extra variable?
>>
>> Best regards,
>>
>> - Xavier -
>>
>> El divendres, 30 setembre de 2016 8:12:06 UTC+2, leleuj va escriure:
>>>
>>> Hi,
>>>
>>> Which CAS version do you use? Any error in your logs?
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To post to this group, send email to cas-...@apereo.org .
>> Visit this group at 
>> https://groups.google.com/a/apereo.org/group/cas-user/.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3c65f13-e58d-4159-8573-32b17e290eaf%40apereo.org
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit

Re: [cas-user] Oauth2.0 not redirecting back to app

2016-10-05 Thread Jérôme LELEU

Hi,

Indeed, the double call to prepareForLoginPage is the culprit. Is there any
resource on your login page somehow calling the /login URL again?

Thanks.
Best regards,
Jérôme


2016-10-05 13:28 GMT+02:00 Marina Batet :

> Hi Jérôme and everyone,
>
> This is happening to me in CAS 4.2.3.
>
> I'm trying it in localhost, with two CAS servers installed, one acting as
> the oauth client (/cas) an the other as the oauth server
> (/cas-pac4j-oauth-server-demo). And a test app (/test-client-app) that
> it's acting as the client of the first cas (the service). There are no
> Apaches nor rewrites in this scenario...
>
> What I'm seeing is that before the login page it's loaded in the browser,
> I have two calls to the "prepareForLoginPage" method. In the first call,
> the service is stored in session OK. In the second call, the service is
> null (?) and the service attribute is overwrited in the session.
> Thereafter, when we try to retrieve the service after de oauth delegation,
> etc... the service attribute it's null.
>
> I have put some more traces in the ClientAction class and compiled it in
> order to try to understand what it's happening. I have attached the traces
> (just the ones before the login page) , but basically, what it's bugging me
> is:
>
> 2016-10-05 12:53:19,412 DEBUG 
> [org.jasig.cas.support.pac4j.web.flow.ClientAction]
> - [prepareForLoginPage] save service: https://localhost:8443/test-
> client-app/j_spring_cas_security_check
> ...
> 2016-10-05 12:53:22,880 DEBUG 
> [org.jasig.cas.support.pac4j.web.flow.ClientAction]
> - [prepareForLoginPage] save service: null
>
> Why it's this second call overwriting the service as null when it was
> previously stored?  What I'm doing wrong?
>
> Thanks in advanced for any response!
>
>
> Best regards,
>
> El dimecres, 5 octubre de 2016 10:43:05 UTC+2, leleuj va escriure:
>>
>> Hi,
>>
>> In the ClientAction, the service has been saved:
>>
>> 2016-10-03 16:32:17,094 DEBUG 
>> [org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service: 
>> https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check
>>
>> But, indeed, the service is not retrieved during the authentication (thus
>> no redirect back to the application):
>>
>> 2016-10-03 16:32:27,930 DEBUG 
>> [org.jasig.cas.support.pac4j.web.flow.ClientAction]
>> - retrieve service: null
>>
>> The service is saved into and restored from the web session: anything
>> special in your case?
>>
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>>
>> 2016-10-04 12:26 GMT+02:00 Xavier Rodríguez :
>>
>>> Hi,
>>>
>>> I've the same problem. We have installed CAS-4.2.3 with Client-Oauth 2
>>> implementation. But we are not able to come back to the service-app.
>>>
>>> When the user is autenticated in Server-Oauth it returns to the
>>> CAS-Server-client but it stops in login page showing that the user is
>>> authenticated, it seems that the service(app) in this point is lost, and it
>>> doesn't return to the app.
>>>
>>> We have defined in Pac4jContext:
>>>
>>> 
>>> 
>>> 
>>> https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0; />
>>> 
>>>
>>> 
>>> 
>>> 
>>> https://localhost:8444/
>>> cas-pac4j-oauth-server-demo/oauth2.0" />
>>> 
>>>
>>> When CAS receives the data from de Oauth-Server its log shows:
>>>
>>> 2016-10-03 16:32:27,999 DEBUG [org.jasig.cas.authentication.
>>> DefaultAuthenticationContextBuilder] - Building an authentication
>>> context for authentication org.jasig.cas.authentication.I
>>> mmutableAuthentication@75b86cb and service null
>>>
>>> I understand that this service must have the url of the client-app but
>>> it is null. ¿Do We have to define some extra variable?
>>>
>>> Best regards,
>>>
>>> - Xavier -
>>>
>>> El divendres, 30 setembre de 2016 8:12:06 UTC+2, leleuj va escriure:

 Hi,

 Which CAS version do you use? Any error in your logs?

 Thanks.
 Best regards,
 Jérôme


 --
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To post to this group, send email to cas-...@apereo.org.
>>> Visit this group at https://groups.google.com/a/ap
>>> ereo.org/group/cas-user/.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/e3c65f13-e58d-4159-8573-32b17e290e
>>> af%40apereo.org
>>> 
>>> .
>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

[cas-user] Workflow for SPNEGO partly broken with 5.0.0-RC3

2016-10-05 Thread Felix Schumacher


Hi all,

I have updated my test environment from 5.0.0-RC2 to 5.0.0-RC3 and 
noticed, that the SPNEGO workflow is broken, when a wrong kerberos 
ticket is send.


With RC2 I got the LDAP backed Login form, while RC3 shows me an error 
page with the following error snippet on it:


Error: No transition was matched on the event(s) signaled by the [1] 
action(s) that executed in this action state 'spnego' of flow 'login'; 
transitions must be defined to handle action result outcomes -- possible 
flow configuration error? Note: the eventIds signaled were: 
'array['authenticationFailure']', while the supported set of 
transitional criteria for this action state is 
'array[success, error]'


The browser gets the first 401 response as it should and responds with a 
request containing the Negotiate header. That triggers the 500 response 
with the snippet above.


If I call the login webflow with a browser, that is not issuing kerberos 
tickets, I can use the login form successfully.


If I call the login webflow with a correct kerberos ticket, I get logged 
in OK, too.


My workflows only modification is:

@@ -25,7 +25,7 @@

 
 
-
+
 

 model="credential">



Any ideas?

 Felix

--
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/948e4e1ab287629d7c095bb0ea310caa%40www.internetallee.de.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] Oauth2.0 not redirecting back to app

2016-10-05 Thread Jérôme LELEU

Hi,

In the ClientAction, the service has been saved:

2016-10-03 16:32:17,094 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service:
https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check

But, indeed, the service is not retrieved during the authentication (thus
no redirect back to the application):

2016-10-03 16:32:27,930 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - retrieve service: null

The service is saved into and restored from the web session: anything
special in your case?

Thanks.
Best regards,
Jérôme



2016-10-04 12:26 GMT+02:00 Xavier Rodríguez :

> Hi,
>
> I've the same problem. We have installed CAS-4.2.3 with Client-Oauth 2
> implementation. But we are not able to come back to the service-app.
>
> When the user is autenticated in Server-Oauth it returns to the
> CAS-Server-client but it stops in login page showing that the user is
> authenticated, it seems that the service(app) in this point is lost, and it
> doesn't return to the app.
>
> We have defined in Pac4jContext:
>
> 
> 
> 
> https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0; />
> 
>
> 
> 
> 
> https://localhost:8444/
> cas-pac4j-oauth-server-demo/oauth2.0" />
> 
>
> When CAS receives the data from de Oauth-Server its log shows:
>
> 2016-10-03 16:32:27,999 DEBUG [org.jasig.cas.authentication.
> DefaultAuthenticationContextBuilder] - Building an authentication context
> for authentication 
> org.jasig.cas.authentication.ImmutableAuthentication@75b86cb
> and service null
>
> I understand that this service must have the url of the client-app but it
> is null. ¿Do We have to define some extra variable?
>
> Best regards,
>
> - Xavier -
>
> El divendres, 30 setembre de 2016 8:12:06 UTC+2, leleuj va escriure:
>>
>> Hi,
>>
>> Which CAS version do you use? Any error in your logs?
>>
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/e3c65f13-e58d-4159-8573-
> 32b17e290eaf%40apereo.org
> 
> .
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lx3Bt%3DHA2BsT3ADh0-NE1CNBijDajML9iRq7NYy%2B5hXkw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Google reCAPTCHA - CAS 5 RC4

[cas-user] CAS 5 RC3: redirect to /login on 404?

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

[cas-user] Issue with json service registry between CASv5 RC3-SNAP and RC4-SNAP

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

Re: [cas-user] Oauth2.0 not redirecting back to app

[cas-user] Re: Issues getting LDAP going - CAS 4.2.5

Re: [cas-user] Oauth2.0 not redirecting back to app

Re: [cas-user] Level of identity assurance implementation in CAS 5.0

Re: [cas-user] Oauth2.0 not redirecting back to app

Re: [cas-user] Oauth2.0 not redirecting back to app

[cas-user] Workflow for SPNEGO partly broken with 5.0.0-RC3

Re: [cas-user] Oauth2.0 not redirecting back to app

15 matches

Site Navigation

Mail list logo

Footer information