[cas-user] 5.1.2 to 5.2 CAS migration

2017-12-14 Thread Maxwell, Gary
We initialized our database by setting “cas.serviceRegistry.jpa.ddlAuto=create” in the CAS 5.2 cas.properties file however the following table was created. It appears a lot of columns were removed between 5.1.2 and 5.2. Can this be correct? CAS 5.2.0 CREATE TABLE

Re: [cas-user] having difficulty with dependencies when upgrading to CAS 5.2.0

2017-12-14 Thread David Curry
Adam's advice reminded me that you can ask Maven (even without an IDE) to give you a dependency tree: ./mvnw dependency:tree -Dverbose Redirect the output to a file; there'll be a lot of it. It's not real easy to read, but when you're really stuck...

Re: [cas-user] having difficulty with dependencies when upgrading to CAS 5.2.0

2017-12-14 Thread Adam Causey
Most of the unsatisfied dependency problems that I have encountered with Maven have dealt with thinking that I am using a newer version of a dependency when in fact it is getting overridden by an older dependency. If you're using Eclipse or other IDE that has a Dependency Hierarchy view when

Re: [cas-user] having difficulty with dependencies when upgrading to CAS 5.2.0

2017-12-14 Thread David Curry
This is PURE speculation, but I see this dependency in your 5.2 pom.xml: org.ldaptive ldaptive-unboundid 1.0 What is that? I cannot find any mention of it in the CAS documentation searching for "ldaptive-unboundid", which makes me think it

[cas-user] OpenId Connect and JWT Access Tokens

2017-12-14 Thread Rémi Alvergnat
With CAS 5.2.0, how to implement OpenId Connect with JWT access_token ? Currently, id_token are JWT, but access_token are not. I would like the access_token be a JWT for the resource server to validate it without performing an HTTP query to CAS userinfo endpoint. (It seems possible by

Re: [cas-user] CAS 5 alternativeIpAddressHeader

2017-12-14 Thread Adam Causey
I got this working. The CAS documentation implies that X-Forwarded-For is the default value for the 'cas.audit.alternateClientAddrHeaderName' property, which it is not. You have to specifically define this in your properties file and set it to X-Forwarded-For. The documentation could be clearer

Re: [cas-user] CAS 5 alternativeIpAddressHeader

2017-12-14 Thread Adam Causey
Thanks. I saw that but am not getting back the IPs. It's probably another configuration issue on the networking side. Adam On Wed, Dec 13, 2017 at 5:35 PM, Misagh Moayyed wrote: > https://apereo.github.io/cas/5.1.x/installation/ > Configuration-Properties.html >

Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

2017-12-14 Thread casuser
Yeah well I wish there was another way though. Will keep on looking for an alternative, if not then I will have to do something like this. On Thursday, December 14, 2017 at 5:17:43 PM UTC+8, Doug C wrote: > > Yeah. So in my cas I had to change this to match my Nginx proxy so I am > guessing

Re: [cas-user] CAS 5.2.0 Non-secure Connection warning

2017-12-14 Thread casuser
Hi Jerome, Thanks for your reply, I have changed it back to true cas.server.httpProxy.secure=true Still have the same warning: "You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK." FAZLA On Thursday, December 14, 2017 at 4:36:51 PM UTC+8, leleuj

RE: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

2017-12-14 Thread Doug Campbell
Yeah. So in my cas I had to change this to match my Nginx proxy so I am guessing in your case if you change these to your load balancer that will help things a little bit. Doug From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of casuser Sent: Thursday, December 14, 2017

Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

2017-12-14 Thread casuser
Yes Right now I have : cas.server.name: http://localhost:8080 cas.server.prefix: http://localhost:8080/cas in the cas.properties. FAZLA On Thursday, December 14, 2017 at 4:21:58 PM UTC+8, Doug C wrote: > > I’m curious what you have for your cas.server.name and cas.server.prefix >

Re: [cas-user] CAS 5.2.0 Non-secure Connection warning

2017-12-14 Thread Jérôme LELEU
Hi, I would try: cas.server.httpProxy.secure=true Thanks. Best regards, Jérôme On Thu, Dec 14, 2017 at 1:46 AM, casuser wrote: > How to remove the warning "Non-secure Connection" from the log in page? I > want to get rid of it because from the load balancer to the

RE: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

2017-12-14 Thread Doug Campbell
I’m curious what you have for your cas.server.name and cas.server.prefix properties. They are the https address of your load balancer, right? Another thing I realize that might be different is that I am not currently using a load balance but just using Nginx to proxy all web requests