Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

Thank you for the recommendation. Currently this is the existing system we have. We will try to follow your recommendation but for that we need some time, Right now if there is a way to configure CAS server to listen to HTTP? On Thursday, December 14, 2017 at 3:37:35 PM UTC+8, robertoschwald

Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

Thanks Doug for the reply, I have tried this configuration but I am still getting the same warning "You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK." server.port=8080 server.ssl.enabled=false *FAZLA* On Thursday, December 14, 2017 at 3:31:03 PM

Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

I strongly recommend to not use the approach you try to configure. Connection between the LB and CAS Servers should be encrypted as well. > Am 14.12.2017 um 08:13 schrieb casuser : > > Thank you Cristina, > > Actually what I meant was lets say https://example.com

RE: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

This may not be what you are working for or it might be different in 5.2.0 or it is possible I am forgetting something else but I believe all I did is the following: Configure CAS to only listen on port 8080 Edit cas.properties and add the following lines: # configure CAS to only

Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

Thank you Cristina, Actually what I meant was lets say https://example.com will go to a load balancer and it will check the ssl and provide the ssl certificate then it will go to CAS. I want to configure CAS in a way so that it doesn't need to check for the ssl because from the load balancer

Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

Hello, I had configured https on the application server. I had nothing to configure in CAS properties. Thank you, Cristina On Dec 14, 2017 6:51 AM, "casuser" wrote: There is a load balancer in between the user and the CAS . The load balancer will check allow the

[cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

There is a load balancer in between the user and the CAS . The load balancer will check allow the SSL certificate. But from the load balancer to the CAS the connection will be HTTP. How to configure cas in that way so that it listen to HTTP? I have tried this in my cas.properties but didn't

[cas-user] How can I set scope in OAuth service?

hello. How can I set scope in OAuth service? I found that OAuth20ProfileScopeToAttributeFilter. Is it concern OAuth scope? then can I register OAuth service's scope usijg attribute field? please give me a answer.. thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom:

[cas-user] CAS 5.2.0 How to configure cas server in that way so that it listens to HTTP?

There is a load balancer in between the user and the CAS server. The load balancer will check allow the SSL certificate. But from the load balancer to the CAS server the connection will be HTTP. How to configure cas server in that way so that it listen to HTTP? I have tried this in my

[cas-user] CAS 5.2.0 Non-secure Connection warning

How to remove the warning "Non-secure Connection" from the log in page? I want to get rid of it because from the load balancer to the CAS server the connection will be HTTP. I have tried the following configurations to remove the warning: "In the event that you decide to run CAS without any

Re: [cas-user] CAS 5 alternativeIpAddressHeader

https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html Look up Audits. --Misagh > From: "Adam Causey" > To: cas-user@apereo.org > Sent: Wednesday, December 13, 2017 1:45:55 PM > Subject: [cas-user] CAS 5 alternativeIpAddressHeader > We are upgrading

Re: [cas-user] CAS ldap against AD?

We use SSL as startTLS tends to complain, saying it has already occurred, so SSL. You will want the cert from the server you are connecting to, which you can pull with openssl like so: echo -n | openssl s_client -connect 192.168.1.225:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >

Re: [cas-user] CAS ldap against AD?

You might find this link helpful. It's a work in progress and not "official" documentation, but it does include, among other things, an example and step-by-step instructions for how to configure for AD, both authentication and attributes. https://dacurry-tns.github.io/deploying-apereo-cas/

[cas-user] CAS ldap against AD?

I am a newbie to CAS. I just installed 5.2 using Maven. I successfully logged in via the test account of causer. But now I want to get ldap against active directory working. I successfully installed the dependencies and that seems ok. My issue is with configuring cas.properties. I read

[cas-user] CAS 5 alternativeIpAddressHeader

We are upgrading from CAS 3.x to CAS 5.1.4 . Currently we log the originating IP (X-Forwarded-For) with this configuration in the web.xml in CAS 3: CAS Client Info Logging Filter com.github.inspektr.common.web.ClientInfoThreadLocalFilter

Re: [cas-user] CAS 5.1.5 Login View Title

Hi Pavlos, That worked! I appreciate the help. Thanks, Mac Reid -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed

Re: [cas-user] CAS 5.1.5 Login View Title

Hi Mac, I think that you have to change the title element in classes/templates/layout.html... Cheers, Pavlos On 13/12/2017 06:43 μμ, Mac Reid wrote: Hi all, I am trying to modify the HTML title of the default theme. I have added a custom messages file

[cas-user] CAS 5.1.5 Login View Title

Hi all, I am trying to modify the HTML title of the default theme. I have added a custom messages file (src/main/resources/custom_messages.properties) with a modified cas.login.pagetitle, but the title of the page shows up as My String - CAS - Central Authentication Service. I then modified

[cas-user] Re: How to specify landing page (url) in json file for a service when accessStrategy requiredAttributes results in "Service Access Denied"

Just a quick update. I have not yet been able to verify Jeremy's idea about v5.2 fixing the "unauthorizedRedirectUrl" property. I have had difficulties with the maven update relating to unresolved dependencies, and subsequently created a separate post at

Re: [cas-user] Restrincting service access based on uid

You were right, the documentation show a bad way to write multiple values. The good way is : "user1", "user2", "user3" I found the problem. uid need to be explicitely defined in cas.authn.ldap[0].principalAttributeList so it can be released and then used in service access strategy. --

Re: [cas-user] Re: having difficulty with dependencies when upgrading to CAS 5.2.0

I did have one issue where the warn/error-level messages in the logs were more confusing than helpful, but setting the global log level to "debug" gave me enough additional insight to figure it out. Line 11 or so in *etc/cas/config/log4j2.xml*: debug Might help... can't hurt... good luck.

Re: [cas-user] Re: having difficulty with dependencies when upgrading to CAS 5.2.0

I updated from the repo. My guess is that I missed something in doing so, but I have not been able to figure out what I missed. Thanks Dave. On Tuesday, December 12, 2017 at 11:29:24 AM UTC-5, David Curry wrote: > > Just a thought... > > When you went from 5.1.4 to 5.2.0, did you update the

Re: [cas-user] Restrincting service access based on uid

Seems it is actually a problem with attributes resolution : 2017-12-13 10:56:45,286 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 2017-12-13 10:56:45,287 DEBUG [org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository] -

Re: [cas-user] Restrincting service access based on uid

Hi, Syntax is based on the documentation example : https://apereo.github.io/cas/5.1.x/installation/Configuring-Service-Access-Strategy.html (Enforce Attributes) -- Sébastien BEAUDLOT Administrateur réseaux, téléphonie et flotte mobile Direction Opérationnelle des Systèmes d'Information

Re: [cas-user] Restrincting service access based on uid

Is that a suspicious population of a list with comma separated values in string containing an implicit list instead of with an explicit list of strings? Or is it really meant to be comma separated values in string? Sent from my iPhone > On 13 Dec 2017, at 10:00, Sebastien BEAUDLOT >

[cas-user] Restrincting service access based on uid

Hi, I'm using LDAP with CAS 5.1.5 and want to try restricting access to a service for some users. What i did in the service definition : "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, "accessStrategy" : { "@class" :