date:20170523

[cas-user] HTTPSandIMAPS-10000001.json keeps coming back

2017-05-23 Thread RJ

Guys,

In the latest version 5.0.5 or 5.1.0-RC4, the default
service,HTTPSandIMAPS-1001.json, gets auto created during the startup.
We kept deleting it but it comes back. It wasn't the case in the past. How
to turn the auto creation off ?

HTTPSandIMAPS-1001.json
Apereo-1002.json

Thanks

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiM%2BaigyqPB30YPwM6OaYtw9jdr4UX9%2BFgFatThyRx4E%2BmQ%40mail.gmail.com.

Re: [cas-user] Redirect loop

2017-05-23 Thread Pooya Eslami

Where would I find mod_auth_cas logs?
The full apache conf is here: https://pastebin.com/cyrp9nbJ
version of apache is 2.4.7
libapache2-mod-auth-cas version 1.0.9.1-4
I only have plone installed, it creates a virtual host at 8080.
Rewrite rule was per plone 
docs... https://docs.plone.org/manage/deploying/front-end/apache.html


On Monday, May 22, 2017 at 5:49:09 PM UTC-4, David Hawes wrote:
>
> What do the mod_auth_cas debug logs show? 
>
> Can you post your full Apache configuration? 
>
> What version of Apache? 
>
> What version of mod_auth_cas? 
>
> On 22 May 2017 at 07:56, Pooya Eslami  
> wrote: 
> > Logs show going back and forth between site and cas... 
> > 
> > $ tail -f access.log 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490389-1QQZghQr4Mq4Y1d0DWtX-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490390-gdcqMZ4hYqannRw4WZRr-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490391-dEHGGYgNNknusb4XBwFl-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490392-tJUb7ZHBoE3UQeLBxIe4-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490393-4oRlIYjdA9civwc149Nf-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 
> > This goes on forever 
> > 
> > On Friday, May 19, 2017 at 10:36:25 PM UTC-4, David Hawes wrote: 
> >> 
> >> On 18 May 2017 at 17:40, Pooya Eslami  wrote: 
> >> > Same if that line is deleted or set to / 
> >> > I keep getting sent to cas and redirected back to site. 
> >> > I would like to try RewriteCond, but where would I stop?! If I stop 
> at 
> >> > cas 
> >> > it will not redirect to cas, if stop after site, it will not redirect 
> to 
> >> > cas... 
> >> > See my dilemma? 
> >> 
> >> Do you have another VirtualHost for 8080? 
> >> 
> >> Your config works fine for me on Apache 2.4.17 and mod_auth_cas master 
> >> provided I have a separate VirtualHost for 8080. 
> >> 
> >> What do your logs show? 
> >> 
> >> -- 
> >> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> >> - CAS mailing list guidelines: 
> >> https://apereo.github.io/cas/Mailing-Lists.html 
> >> - CAS documentation website: https://apereo.github.io/cas 
> >> - CAS project website: https://github.com/apereo/cas 
> >> --- 
> >> You received this message because you are subscribed to the Google 
> Groups 
> >> "CAS Community" group. 
> >> To unsubscribe from this group and stop receiving emails from it, send 
> an 
> >> email to cas-user+u...@apereo.org. 
> >> To view this discussion on the web visit 
> >> 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wBDn-eWAt7f2o1tNQvpTBc%2B1xghVnE1Mf7xuoc9N-kNtg%40mail.gmail.com.
>  
>
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html 
> - CAS documentation website: https://apereo.github.io/cas 
> - CAS project website: https://github.com/apereo/cas 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org . 
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wA-GN6gjcfbUsqfOm2t3MBGZF48sw8iN639TyTbvG%2BTBg%40mail.gmail.com.
>  
>
>

-- 
- CAS gitter chatroom:

Re: [cas-user] Redirect loop

2017-05-23 Thread Pooya Eslami

Part of the error log...
https://pastebin.com/dhRnyfWB


On Monday, May 22, 2017 at 5:49:09 PM UTC-4, David Hawes wrote:
>
> What do the mod_auth_cas debug logs show? 
>
> Can you post your full Apache configuration? 
>
> What version of Apache? 
>
> What version of mod_auth_cas? 
>
> On 22 May 2017 at 07:56, Pooya Eslami  
> wrote: 
> > Logs show going back and forth between site and cas... 
> > 
> > $ tail -f access.log 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490389-1QQZghQr4Mq4Y1d0DWtX-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490390-gdcqMZ4hYqannRw4WZRr-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490391-dEHGGYgNNknusb4XBwFl-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490392-tJUb7ZHBoE3UQeLBxIe4-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490393-4oRlIYjdA9civwc149Nf-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 
> > This goes on forever 
> > 
> > On Friday, May 19, 2017 at 10:36:25 PM UTC-4, David Hawes wrote: 
> >> 
> >> On 18 May 2017 at 17:40, Pooya Eslami  wrote: 
> >> > Same if that line is deleted or set to / 
> >> > I keep getting sent to cas and redirected back to site. 
> >> > I would like to try RewriteCond, but where would I stop?! If I stop 
> at 
> >> > cas 
> >> > it will not redirect to cas, if stop after site, it will not redirect 
> to 
> >> > cas... 
> >> > See my dilemma? 
> >> 
> >> Do you have another VirtualHost for 8080? 
> >> 
> >> Your config works fine for me on Apache 2.4.17 and mod_auth_cas master 
> >> provided I have a separate VirtualHost for 8080. 
> >> 
> >> What do your logs show? 
> >> 
> >> -- 
> >> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> >> - CAS mailing list guidelines: 
> >> https://apereo.github.io/cas/Mailing-Lists.html 
> >> - CAS documentation website: https://apereo.github.io/cas 
> >> - CAS project website: https://github.com/apereo/cas 
> >> --- 
> >> You received this message because you are subscribed to the Google 
> Groups 
> >> "CAS Community" group. 
> >> To unsubscribe from this group and stop receiving emails from it, send 
> an 
> >> email to cas-user+u...@apereo.org. 
> >> To view this discussion on the web visit 
> >> 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wBDn-eWAt7f2o1tNQvpTBc%2B1xghVnE1Mf7xuoc9N-kNtg%40mail.gmail.com.
>  
>
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html 
> - CAS documentation website: https://apereo.github.io/cas 
> - CAS project website: https://github.com/apereo/cas 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org . 
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wA-GN6gjcfbUsqfOm2t3MBGZF48sw8iN639TyTbvG%2BTBg%40mail.gmail.com.
>  
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the

Re: [cas-user] Redirect loop

2017-05-23 Thread Pooya E

I think I know where the problem is... I need a ProxyPassReverse for the 
rewrite rule I have since it is redirecting with an address that has 8080 
appended.
What do you think? If so, how would you write the ProxyPassReverse for that 
rewrite rule?

On Monday, May 22, 2017 at 5:49:09 PM UTC-4, David Hawes wrote:
>
> What do the mod_auth_cas debug logs show? 
>
> Can you post your full Apache configuration? 
>
> What version of Apache? 
>
> What version of mod_auth_cas? 
>
> On 22 May 2017 at 07:56, Pooya Eslami  
> wrote: 
> > Logs show going back and forth between site and cas... 
> > 
> > $ tail -f access.log 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490389-1QQZghQr4Mq4Y1d0DWtX-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490390-gdcqMZ4hYqannRw4WZRr-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490391-dEHGGYgNNknusb4XBwFl-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490392-tJUb7ZHBoE3UQeLBxIe4-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 
> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) 
> > Gecko/20100101 Firefox/52.0" 
> > 
> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET 
> > /?ticket=ST-8490393-4oRlIYjdA9civwc149Nf-cas HTTP/1.1" 302 587 "-" 
> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 
> > Firefox/52.0" 
> > 
> > 
> > This goes on forever 
> > 
> > On Friday, May 19, 2017 at 10:36:25 PM UTC-4, David Hawes wrote: 
> >> 
> >> On 18 May 2017 at 17:40, Pooya Eslami  wrote: 
> >> > Same if that line is deleted or set to / 
> >> > I keep getting sent to cas and redirected back to site. 
> >> > I would like to try RewriteCond, but where would I stop?! If I stop 
> at 
> >> > cas 
> >> > it will not redirect to cas, if stop after site, it will not redirect 
> to 
> >> > cas... 
> >> > See my dilemma? 
> >> 
> >> Do you have another VirtualHost for 8080? 
> >> 
> >> Your config works fine for me on Apache 2.4.17 and mod_auth_cas master 
> >> provided I have a separate VirtualHost for 8080. 
> >> 
> >> What do your logs show? 
> >> 
> >> -- 
> >> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> >> - CAS mailing list guidelines: 
> >> https://apereo.github.io/cas/Mailing-Lists.html 
> >> - CAS documentation website: https://apereo.github.io/cas 
> >> - CAS project website: https://github.com/apereo/cas 
> >> --- 
> >> You received this message because you are subscribed to the Google 
> Groups 
> >> "CAS Community" group. 
> >> To unsubscribe from this group and stop receiving emails from it, send 
> an 
> >> email to cas-user+u...@apereo.org. 
> >> To view this discussion on the web visit 
> >> 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wBDn-eWAt7f2o1tNQvpTBc%2B1xghVnE1Mf7xuoc9N-kNtg%40mail.gmail.com.
>  
>
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html 
> - CAS documentation website: https://apereo.github.io/cas 
> - CAS project website: https://github.com/apereo/cas 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group. 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org . 
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wA-GN6gjcfbUsqfOm2t3MBGZF48sw8iN639TyTbvG%2BTBg%40mail.gmail.com.
>  
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines:

Re: [cas-user] Redirect loop

2017-05-23 Thread David Hawes

I don't see that you have the following in your config (from the Plone docs):


ServerAlias   *
ServerRoot/var/www
ServerSignature On


Have you tried adding something like this? Without it, I'd expect the
proxy to just keep looping. This happens on my test machine.

You may still have some mod_auth_cas issues (I'd recommend upgrading
to v1.1), but this needs to work first. It may be useful to comment
out all the mod_auth_cas directives and make sure it works without
auth as expected.


On 23 May 2017 at 17:03, Pooya E  wrote:
> I think I know where the problem is... I need a ProxyPassReverse for the
> rewrite rule I have since it is redirecting with an address that has 8080
> appended.
> What do you think? If so, how would you write the ProxyPassReverse for that
> rewrite rule?
>
> On Monday, May 22, 2017 at 5:49:09 PM UTC-4, David Hawes wrote:
>>
>> What do the mod_auth_cas debug logs show?
>>
>> Can you post your full Apache configuration?
>>
>> What version of Apache?
>>
>> What version of mod_auth_cas?
>>
>> On 22 May 2017 at 07:56, Pooya Eslami  wrote:
>> > Logs show going back and forth between site and cas...
>> >
>> > $ tail -f access.log
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302
>> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
>> > Gecko/20100101 Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET
>> > /?ticket=ST-8490389-1QQZghQr4Mq4Y1d0DWtX-cas HTTP/1.1" 302 587 "-"
>> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101
>> > Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302
>> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
>> > Gecko/20100101 Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET
>> > /?ticket=ST-8490390-gdcqMZ4hYqannRw4WZRr-cas HTTP/1.1" 302 587 "-"
>> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101
>> > Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302
>> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
>> > Gecko/20100101 Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET
>> > /?ticket=ST-8490391-dEHGGYgNNknusb4XBwFl-cas HTTP/1.1" 302 587 "-"
>> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101
>> > Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302
>> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
>> > Gecko/20100101 Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET
>> > /?ticket=ST-8490392-tJUb7ZHBoE3UQeLBxIe4-cas HTTP/1.1" 302 587 "-"
>> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101
>> > Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302
>> > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
>> > Gecko/20100101 Firefox/52.0"
>> >
>> > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET
>> > /?ticket=ST-8490393-4oRlIYjdA9civwc149Nf-cas HTTP/1.1" 302 587 "-"
>> > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101
>> > Firefox/52.0"
>> >
>> >
>> > This goes on forever
>> >
>> > On Friday, May 19, 2017 at 10:36:25 PM UTC-4, David Hawes wrote:
>> >>
>> >> On 18 May 2017 at 17:40, Pooya Eslami  wrote:
>> >> > Same if that line is deleted or set to /
>> >> > I keep getting sent to cas and redirected back to site.
>> >> > I would like to try RewriteCond, but where would I stop?! If I stop
>> >> > at
>> >> > cas
>> >> > it will not redirect to cas, if stop after site, it will not redirect
>> >> > to
>> >> > cas...
>> >> > See my dilemma?
>> >>
>> >> Do you have another VirtualHost for 8080?
>> >>
>> >> Your config works fine for me on Apache 2.4.17 and mod_auth_cas master
>> >> provided I have a separate VirtualHost for 8080.
>> >>
>> >> What do your logs show?
>> >>
>> >> --
>> >> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> >> - CAS mailing list guidelines:
>> >> https://apereo.github.io/cas/Mailing-Lists.html
>> >> - CAS documentation website: https://apereo.github.io/cas
>> >> - CAS project website: https://github.com/apereo/cas
>> >> ---
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "CAS Community" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> email to cas-user+u...@apereo.org.
>> >> To view this discussion on the web visit
>> >>
>> >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wBDn-eWAt7f2o1tNQvpTBc%2B1xghVnE1Mf7xuoc9N-kNtg%40mail.gmail.com.
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website:

[cas-user] Re: CAS Management App not Connecting to JPA

2017-05-23 Thread atilling

The tables are all there and the CAS service is connecting. I have added a 
service by hand in the tables and CAS is recognizing it, service management 
app is not.

On Friday, May 19, 2017 at 10:06:29 AM UTC-4, atilling wrote:
>
> I have configured CAS to use a JPA service registry and the logs show that 
> CAS is connecting and using the JPA service registry correctly.
>
> I have attempted to configure cas-management the same way, both by 
> pointing at the cas.properties and by copying the service registry 
> properties into cas-management.properties.
>
> Despite all my attempts the management app is still running the in memory 
> registry and not the JPA registry. Attached are my property files, pom 
> files and logs.
>
> Any help would be appreciated,  
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7205457-bbfd-4072-99c3-121228571cfd%40apereo.org.

Re: [cas-user] Strange mod_auth_cas behavior (no cookies created in CASCookiePath)

2017-05-23 Thread Neil Sabol

Hi Matt,

Thank you for the quick reply and information - I had not considered file 
handles as a culprit. If the issue recurs, I will dig into that.

We did find some anomalies on the virtual machine where the mod_auth_cas 
behavior manifested (outdated VMware tools and really old VM hardware 
version). Not sure if those were related but we've since updated both. Will 
keep this list posted with our findings and experience going forward.

Thank you again for your time, suggestion, and expertise - it is 
appreciated!
-Neil



On Monday, May 22, 2017 at 10:07:44 AM UTC-6, matt wrote:
>
> Hi Neil,
>
> Without the logs, it is difficult to tell.  It /could/ be related to time 
> drift, but I'd find it unlikely that that would prevent writing to disk.
>
> More likely, I'd investigate number of open file handles.  Did some httpd 
> sub-process (e.g., a CGI or PHP) possibly create an egregious number of 
> handles?  This would likely show in error messages printed to the logs. 
>  lsof could also be your friend here.
>
> Matt
>
>
> On May 19, 2017 11:15 AM, "Neil Sabol"  
> wrote:
>
> Hello CAS Community,
>
> I hope this message finds you all well.
>
> As time permits, I am hoping to pick your brains about a mysterious issue 
> we experienced recently with mod_auth_cas (suspect it was not mod_auth_cas 
> itself but something related).
>
> We have been running mod_auth_cas (version 1.1) in production for a long 
> time without incident. Yesterday, we began to experience a strange behavior 
> on one of our production servers:
>
>
>- mod_auth_cas stopped creating cookies in the defined CASCookiePath 
>(no users were able to login to the application - all requests for 
>CAS-protected resources resulted in a redirect back to the CAS login page 
>and a 401 error upon return to the application)
>
>- Debug logs did not reveal anything interesting - the only related 
>entries I noticed were the following
>
>
> *[debug] mod_auth_cas.c(930): [client X.X.X.X] Cache entry 
>'ae0aa61bf431d62b9e4be00089e87df8' could not be opened, referer: 
>http://something.unm.edu  [debug] 
>mod_auth_cas.c(1676): [client X.X.X.X] Cookie 
>'ae0aa61bf431d62b9e4be00089e87df8' is corrupt or invalid, referer: 
>http://something.unm.edu *
>
>- Permissions, file system status, etc. were all good - from all 
>appearances, mod_auth_cas was not attempting to create cookies in the 
>CASCookiePath (confirmed apache could write to the path, etc.)
>
>- The CASCookiePath directory contained only a .metadata file about 
>2-3 hours after this issue started occurring
>
>
> We ended up using the IT hammer to restore the affected VM from snapshot, 
> so I no longer have the specific logs or state of the system available. The 
> restore did the trick (mod_auth_cas resumed normal operation and began 
> creating cookies in the CASCookiePath), but I am concerned this issue may 
> recur.
>
> The only possible explanation for this that I can think of (in hindsight) 
> is time drift between the application server/clients/cas server. Does that 
> sound possible? If yes, would something like that be logged with debug 
> logging enabled?
>
> If you have any insight or guidance into what could cause this sort of 
> situation with mod_auth_cas, please let me know.
>
> Thank you in advance for your time and expertise!
> -Neil
>
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b0635b6-657c-4b2e-a091-3acd4b0fec1c%40apereo.org
>  
> 
> .
>
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ffd07c74-3657-4072-961b-94539cfcd01c%40apereo.org.

[cas-user] Re: CAS 5.0 and 5.1 - Nested Proxies Causing Problems with @Scheduled

2017-05-23 Thread Petr Strnad

Forgot to add the attachments

Dne úterý 23. května 2017 15:53:15 UTC+2 Petr Strnad napsal(a):
>
> Hello,
>
> For some reason, there is a DefaultAdvisorAutoProxyCreator bean being 
> created in CasApplicationContextConfiguration 
> .
>  
> However, Spring also automatically registers an 
> AnnotationAwareAspectJAutoProxyCreator. Is there any reason for the 
> DefaultAdvisorAutoProxyCreator 
> bean to exist? Right now, it only causes issues:
>
> It leads to the creation of nested proxies (com.sun.proxy.Proxy which 
> contains a CGLIB proxy). This can cause 
> ScheduledAnnotationBeanPostProcessor to fail to detect @Scheduled 
> annotation, because the use of AopUtils.getTargetClass(bean) 
> 
>  
> only resolves the first proxy (so instead of returning the class of the 
> actual bean, it returns the class of the CGLIB proxy, which doesn't have 
> the @Scheduled annotation).
>
> This does not happen every time, because the order of BeanPostProcessors 
> seems to be partially random - it only happens when both 
> AnnotationAwareAspectJAutoProxyCreator 
> and DefaultAdvisorAutoProxyCreator are registered before 
> ScheduledAnnotationBeanPostProcessor. For example, on my local machine, the 
> order of the BeanPostProcessors pretty much always 'aligns' and therefore 
> @Scheduled works, but on our servers, about 80% of our packaged WARs fail.
>
> However, if you put a breakpoint to where DefaultTicketRegistryCleaner 
> bean is created 
> 
>  
> and debug your way towards the post processors 
> ,
>  
> you will always see that there are two ProxyCreators, even if the order of 
> BeanPostProcessors is 'aligned' for @Scheduled to work (see the attachments)
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fda4c14d-1621-4408-bf36-29304286fa22%40apereo.org.

[cas-user] Inspektr audit - Failed authentication treated like throttling?

2017-05-23 Thread Jaroslav Kačer

Dear CAS user/developers,

We are using CAS 5.0.4 with the Inspektr library for storing audit logs 
into a database. We are using it together with login throttling, which 
depends on the data in the audit table.

Everything works just fine, I just spotted a little surprising thing: It 
seems that authentication failures (i.e. input data for the throttling 
mechanism) are reported as actual throttling.  CAS works fine, no actual 
throttling occurs (yet), just the audit log contains little misleading 
information.

In a text log file, it looks like this:

2017-05-23T10:05:02,992 [http-nio-8443-exec-7] DEBUG org.apereo.cas.web.
support.
InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter - 
Recording submission failure for /cas/login
2017-05-23T10:05:02,992 [http-nio-8443-exec-7] WARN org.apereo.cas.web.
support.
InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter - 
Throttling submission from 0:0:0:0:0:0:0:1. More than 5 failed login 
attempts within 60 seconds. Authentication attempt exceeds the failure 
threshold 5


The first line looks OK to me, while the second one does not; no actual 
throttling occurred and this was the 1st failed login attempt.

In the database, it looks like this:
xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 Supplied credentials: [
xx...@xxx.com] AUTHENTICATION_FAILED CAS 22-MAY-17 05.15.13.08600 PM
xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 xx...@xxx.com 
THROTTLED_LOGIN_ATTEMPT CAS 22-MAY-17 05.15.35.07900 PM


(The time difference results from debugging, please ignore it.) Again, the 
first row looks OK, the 2nd one is misleading.

When I look into the source code, 
class 
InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter, 
I can see this method:
@Override
public void recordSubmissionFailure(final HttpServletRequest request) {
recordThrottle(request);
}



Calling recordThrottle(record) here is probably the source of the behavior 
I've just described. I think something else should be called instead. Do 
you agree? Or do I understand it wrong and this behavior is OK?

Thank you!

Best Regards,
Jarda


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/faf74be0-eaba-4db1-bce8-85060159fcd8%40apereo.org.

[cas-user] CAS 5. Which version cas I use in production?

2017-05-23 Thread Marco Osorio

Hello everyone.
First of all excuse my English.

Can someone tell me what version I can use in production? I have currently 
deployed version 4.2.7 and it goes perfectly, but now there is a new 
requirement to integrate JIRA with CAS + LDAP AD and SAML2, so my interest 
in testing overlay and so far I have not been very successful.

I have tried with the settings that Sesharaju has kindly passed me 
https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/yBEp-OgqYkk 
but I notice that custom properties are not overwritten. The tests I'm 
doing with version 5.0.5 in standalone mode since the configuration of the 
Spring-cloud-config-server is another additional requirement that we have 
not planned and for the moment would be deployed in standalone mode.
The Undertow 5.1.0.RC4 version 
https://maven2repo.com/org.apereo.cas/cas-server-webapp-undertow/5.1.0-RC4/war 
does not work either, it generates some errors when deploying it in Wildfly 
9.0.2 .

Apparently the "standalone" configuration option is not official or only 
some standard configuration has been checked. With the overlay, I have 
tried several things, but still does not load the properties correctly, 
boot, but always takes the internal and not the external, the property to 
load the external services that are already configured in version 4.2.7 
also does not load, I know you have to do some package changes, but at 
least you should load and generate any type of error.

Thank you all again

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3844ef31-e7e1-4b60-8d07-19b22b915ce8%40apereo.org.

[cas-user] Re: can't get jdbc attribute query after facebook delegated authentication

2017-05-23 Thread Sandy Lelarge

Ho yes, I did not understood.
This is what I have in mind.

I'm to young to cas. I'll try to make this on version 5
I've to understand the structure of it and of pac4j

Thanks a lot


Le mardi 23 mai 2017 09:46:53 UTC+2, Martin Bohun a écrit :
>
> Hi Sandy,
>
> I am not entirely sure what you mean by "BTW I still wonder if CAS 5 can 
> do it by chaining something somewhere.", one place in our code where one 
> can kinda "chain" something is currently hardcoded "null" (taken/followed 
> from pac4j examples) in:
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L65
>
> Clean/flexible approach is to create a proper "secondaryPrincipalResolver" 
> (class and bean, instead of the hardcoded null :-) obviously) - i have 
> already a refactoring task/branch for that - but that is one nice "chaining 
> point" right there.
>
> regards,
>
> martin
>
> On Tuesday, May 23, 2017 at 5:17:49 PM UTC+10, Sandy Lelarge wrote:
>>
>> Thank you for your response Martin.
>>
>> I will take a look into your code.
>>
>> BTW I still wonder if CAS 5 can do it by chaining something somewhere.
>>
>> It can already do everthing but not the way I want to.
>>
>> Perhaps I can make something similar to what you've done by chaining 
>> social networks auth with cas.authn.attributeRepository.jdbc on CAS 5
>>
>> cheers
>>
>> Le mardi 23 mai 2017 02:16:51 UTC+2, Martin Bohun a écrit :
>>>
>>> This is very similar to what we (ALA) are doing in our cas-4.0.x: 
>>> previously user could SignUp/SignIn with username/password stored in sql DB 
>>> (mysql); I added/extended the project with "one click" SignUp/SignIn via 
>>> "social media" (Facebook/Google/Twitter/LinkedIn/WindozeLive/GitHub):
>>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0
>>>
>>> You can have look at our:
>>>
>>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml
>>> (I intentionally try to keep it clean and "intuitively" ordered)
>>>
>>> First we do the Delegated Authentication exactly as you mentioned; that 
>>> does verify the user via (Facebook/Google/Twitter), and each of these sends 
>>> back some profile info (email, firstName, lastName); I wrote a custom 
>>> cas/pac4j Authenticator:
>>>
>>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L139-L144
>>>
>>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L146-L158
>>>
>>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L97
>>> That takes the email address returned by the social media, and (reusing 
>>> the old sql username/password code/components) tries to retrieve the user 
>>> from the DB:
>>>
>>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L130-L139
>>>
>>> if an user with such email address does not exist, it will use a create 
>>> new user sql query to create the user in the DB first and then resume the 
>>> login process:
>>>
>>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L142-L154
>>>   
>>>
>>> regards,
>>>
>>> martin
>>>
>>> On Tuesday, May 23, 2017 at 2:39:48 AM UTC+10, Sandy Lelarge wrote:

 Hi all, 

 and firstly, thanks for your great job on cas.

 I'm pretty new to it and I'm working with cas 5.0.3.1

 I can succesfully logon with login/password via a rest service and once 
 logged succesfully get attribute form an other database via jdbc.

 Now, I'm trying to get authenticate by facebook. I successfully get 
 logged it.


 The problem is that I'm trying to make a request on my sql server where 
 I'm looking for the 'email' field that facebook gave me.
 (the same email get as username on login form and that gave me result.

 I can event get a request to the sqlsever.
 No error, simply no request.

 Is it possible with a delegate authentication ?
 I hopped to like some authentification mecanism by email address...

 Thanks for your help

 facebook throw this list of attribute : 
 access_token  [masked]
 email [masked]
 first_name [masked]
 gender MALE
 last_name [masked]
 link [masked]
 locale fr_FR
 name [masked]
 third_party_id [masked]
 timezone 2
 updated_time 1409185943000
 verified false




-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas

[cas-user] Re: can't get jdbc attribute query after facebook delegated authentication

2017-05-23 Thread Martin Bohun

Hi Sandy,

I am not entirely sure what you mean by "BTW I still wonder if CAS 5 can do 
it by chaining something somewhere.", one place in our code where one can 
kinda "chain" something is currently hardcoded "null" (taken/followed from 
pac4j examples) in:
https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L65

Clean/flexible approach is to create a proper "secondaryPrincipalResolver" 
(class 
and bean, instead of the hardcoded null :-) obviously) - i have already a 
refactoring task/branch for that - but that is one nice "chaining point" 
right there.

regards,

martin

On Tuesday, May 23, 2017 at 5:17:49 PM UTC+10, Sandy Lelarge wrote:
>
> Thank you for your response Martin.
>
> I will take a look into your code.
>
> BTW I still wonder if CAS 5 can do it by chaining something somewhere.
>
> It can already do everthing but not the way I want to.
>
> Perhaps I can make something similar to what you've done by chaining 
> social networks auth with cas.authn.attributeRepository.jdbc on CAS 5
>
> cheers
>
> Le mardi 23 mai 2017 02:16:51 UTC+2, Martin Bohun a écrit :
>>
>> This is very similar to what we (ALA) are doing in our cas-4.0.x: 
>> previously user could SignUp/SignIn with username/password stored in sql DB 
>> (mysql); I added/extended the project with "one click" SignUp/SignIn via 
>> "social media" (Facebook/Google/Twitter/LinkedIn/WindozeLive/GitHub):
>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0
>>
>> You can have look at our:
>>
>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml
>> (I intentionally try to keep it clean and "intuitively" ordered)
>>
>> First we do the Delegated Authentication exactly as you mentioned; that 
>> does verify the user via (Facebook/Google/Twitter), and each of these sends 
>> back some profile info (email, firstName, lastName); I wrote a custom 
>> cas/pac4j Authenticator:
>>
>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L139-L144
>>
>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L146-L158
>>
>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L97
>> That takes the email address returned by the social media, and (reusing 
>> the old sql username/password code/components) tries to retrieve the user 
>> from the DB:
>>
>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L130-L139
>>
>> if an user with such email address does not exist, it will use a create 
>> new user sql query to create the user in the DB first and then resume the 
>> login process:
>>
>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L142-L154
>>   
>>
>> regards,
>>
>> martin
>>
>> On Tuesday, May 23, 2017 at 2:39:48 AM UTC+10, Sandy Lelarge wrote:
>>>
>>> Hi all, 
>>>
>>> and firstly, thanks for your great job on cas.
>>>
>>> I'm pretty new to it and I'm working with cas 5.0.3.1
>>>
>>> I can succesfully logon with login/password via a rest service and once 
>>> logged succesfully get attribute form an other database via jdbc.
>>>
>>> Now, I'm trying to get authenticate by facebook. I successfully get 
>>> logged it.
>>>
>>>
>>> The problem is that I'm trying to make a request on my sql server where 
>>> I'm looking for the 'email' field that facebook gave me.
>>> (the same email get as username on login form and that gave me result.
>>>
>>> I can event get a request to the sqlsever.
>>> No error, simply no request.
>>>
>>> Is it possible with a delegate authentication ?
>>> I hopped to like some authentification mecanism by email address...
>>>
>>> Thanks for your help
>>>
>>> facebook throw this list of attribute : 
>>> access_token  [masked]
>>> email [masked]
>>> first_name [masked]
>>> gender MALE
>>> last_name [masked]
>>> link [masked]
>>> locale fr_FR
>>> name [masked]
>>> third_party_id [masked]
>>> timezone 2
>>> updated_time 1409185943000
>>> verified false
>>>
>>>
>>>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit

[cas-user] Re: can't get jdbc attribute query after facebook delegated authentication

2017-05-23 Thread Sandy Lelarge

Thank you for your response Martin.

I will take a look into your code.

BTW I still wonder if CAS 5 can do it by chaining something somewhere.

It can already do everthing but not the way I want to.

Perhaps I can make something similar to what you've done by chaining social 
networks auth with cas.authn.attributeRepository.jdbc on CAS 5

cheers

Le mardi 23 mai 2017 02:16:51 UTC+2, Martin Bohun a écrit :
>
> This is very similar to what we (ALA) are doing in our cas-4.0.x: 
> previously user could SignUp/SignIn with username/password stored in sql DB 
> (mysql); I added/extended the project with "one click" SignUp/SignIn via 
> "social media" (Facebook/Google/Twitter/LinkedIn/WindozeLive/GitHub):
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0
>
> You can have look at our:
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml
> (I intentionally try to keep it clean and "intuitively" ordered)
>
> First we do the Delegated Authentication exactly as you mentioned; that 
> does verify the user via (Facebook/Google/Twitter), and each of these sends 
> back some profile info (email, firstName, lastName); I wrote a custom 
> cas/pac4j Authenticator:
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L139-L144
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L146-L158
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L97
> That takes the email address returned by the social media, and (reusing 
> the old sql username/password code/components) tries to retrieve the user 
> from the DB:
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L130-L139
>
> if an user with such email address does not exist, it will use a create 
> new user sql query to create the user in the DB first and then resume the 
> login process:
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L142-L154
>   
>
> regards,
>
> martin
>
> On Tuesday, May 23, 2017 at 2:39:48 AM UTC+10, Sandy Lelarge wrote:
>>
>> Hi all, 
>>
>> and firstly, thanks for your great job on cas.
>>
>> I'm pretty new to it and I'm working with cas 5.0.3.1
>>
>> I can succesfully logon with login/password via a rest service and once 
>> logged succesfully get attribute form an other database via jdbc.
>>
>> Now, I'm trying to get authenticate by facebook. I successfully get 
>> logged it.
>>
>>
>> The problem is that I'm trying to make a request on my sql server where 
>> I'm looking for the 'email' field that facebook gave me.
>> (the same email get as username on login form and that gave me result.
>>
>> I can event get a request to the sqlsever.
>> No error, simply no request.
>>
>> Is it possible with a delegate authentication ?
>> I hopped to like some authentification mecanism by email address...
>>
>> Thanks for your help
>>
>> facebook throw this list of attribute : 
>> access_token  [masked]
>> email [masked]
>> first_name [masked]
>> gender MALE
>> last_name [masked]
>> link [masked]
>> locale fr_FR
>> name [masked]
>> third_party_id [masked]
>> timezone 2
>> updated_time 1409185943000
>> verified false
>>
>>
>>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6ed021c4-af35-4c20-859c-5ddae757dd8f%40apereo.org.

[cas-user] HTTPSandIMAPS-10000001.json keeps coming back

Re: [cas-user] Redirect loop

Re: [cas-user] Redirect loop

Re: [cas-user] Redirect loop

Re: [cas-user] Redirect loop

[cas-user] Re: CAS Management App not Connecting to JPA

Re: [cas-user] Strange mod_auth_cas behavior (no cookies created in CASCookiePath)

[cas-user] Re: CAS 5.0 and 5.1 - Nested Proxies Causing Problems with @Scheduled

[cas-user] Inspektr audit - Failed authentication treated like throttling?

[cas-user] CAS 5. Which version cas I use in production?

[cas-user] Re: can't get jdbc attribute query after facebook delegated authentication

[cas-user] Re: can't get jdbc attribute query after facebook delegated authentication

[cas-user] Re: can't get jdbc attribute query after facebook delegated authentication

13 matches

Site Navigation

Mail list logo

Footer information