Re: [cas-user] authentication throttling and temporary account lockout

2018-01-11 Thread Fabio Martelli
Il 11/01/2018 19:49, Ray Bon ha scritto: Fabio, The threshold throttle is a rate. In your example it works out to 1 failed attempt in 100 seconds. Any user will try a second time within that 100 seconds. Set the numbers to a reasonable user action time - how long does it take for a user to

Re: [cas-user] Extending CAS 5 Webflows - build instructions?

2018-01-11 Thread Pablo Vidaurri
Just to confirm, in CAS 5.1.x and 5.2.x there is no absolute requirement to have classes in org/apereo/cas package ... correct? On Friday, May 12, 2017 at 10:25:41 AM UTC-5, Dmitriy Kopylenko wrote: > > Try this one for the info on configuration mechanism: >

[cas-user] Re: Extends LdapAuthenticationHandler in cas 5.2

2018-01-11 Thread Pablo Vidaurri
Are you trying to map/release attributes? If so try to define a mapping in your service config: "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy", "allowedAttributes" : { "@class" : "java.util.TreeMap", "mail" : "Email",

[cas-user] Extends LdapAuthenticationHandler in cas 5.2

2018-01-11 Thread satnam
Hello, We are trying to upgrade CAS from 4.2.7 to 5.2.x. In 4.2, we extended LdapAuthenticationHandler to make our customization (to convert GUID to databaseUserID.. we use LDAP to verifty password, then return database mapped ID to application, which application use latter in the process).

[cas-user] /oauth2.0/authorize not redirect to callbackurl (CAS Version: 5.1.4)

2018-01-11 Thread Leo Pintos
Hi, I'm trying to redirect the authorize to h ttps://localhost:8443/clienteoauth/recepcionCode but doesn't work and I can se the follow in the log: 2018-01-11 16:42:34,287 DEBUG [org.apereo.cas.support.oauth.web.OAuth20CasCallbackUrlResolver]

[cas-user] Setting up google authenticator

2018-01-11 Thread Pablo Vidaurri
I reviewed https://apereo.github.io/cas/5.0.x/installation/GoogleAuthenticator-Authentication.html and the configuration options to setup 2FA via google authenticator but the config options are not clear. Has anyone attempted to use Google Auth? Can anyone provide clarification on what the

Re: [cas-user] authentication throttling and temporary account lockout

2018-01-11 Thread Ray Bon
Fabio, The threshold throttle is a rate. In your example it works out to 1 failed attempt in 100 seconds. Any user will try a second time within that 100 seconds. Set the numbers to a reasonable user action time - how long does it take for a user to type and press enter, maybe 5 seconds. Set

[cas-user] CAS 5.0.6, VersionResourceResolver and Cache-Busting

2018-01-11 Thread John Sampson
Hello, I'm currently upgrading a highly customized 4.X CAS version to 5.0.6 and running into a problem with cached assets on our F5 Appliance. The problem is that many of the customized assets have the same name (ex. cas.js) but different content, and while we can clear the F5 Ram Cache, this

[cas-user] Steam OpenId2 auth

2018-01-11 Thread FritzTheWonderMutt
I need to add Steam auth to our CAS 5.1.7 implementation, but Steam only offers OpenId2. I see that the Pac4j code has an older Yahoo OpenId client that I could use as a template:

[cas-user]

2018-01-11 Thread Jeffrey Ramsay
All - I need some help getting a somewhat crazy idea I have started. We use CAS with Ellucian Banner and those of you familiar with the application and support multiple instances will probably understand why I'm attempting to do this. We have around nine instances of Banner and each requires a

Re: [cas-user] Re: Webflow error in CAS 5.1.4

2018-01-11 Thread Adam Causey
Misagh, I discovered that our app vulnerability scanner is creating the 500 errors with a bad request; however, I believe a better practice would be for CAS to handle these errors and return a 400 (Bad Request) HTTP response code instead of 500, which indicates there is an unhandled exception in

[cas-user] authentication throttling and temporary account lockout

2018-01-11 Thread Fabio Martelli
Hi All, is there someone that can give me some tips to implement *temporary account lockout after 3 consecutive failed login attempts*? It seems that authentication throttling is something really different. If I got it, authentication throttling is used to temporary inhibit successful

[cas-user] SAML FriendlyName and Name using same value

2018-01-11 Thread Bergner, Arnold
Hi William, I think we trying to do the same, and I have to confirm the only I solution I found was exactly mapping the attributes to the uri name. We want to use the consent module along with it and really don’t want those uri’s appear in the consent view for our users. It would be great if

[cas-user] Re: JSON registered services infos not appearing in the login page!!

2018-01-11 Thread noumann.f
Got it, thanks a lot. Best regards, On Thursday, January 11, 2018 at 4:56:04 AM UTC+2, Andy Ng wrote: > > Are you directly accessing your site like this: > https://www.example.com/cas > > Instead of giving it a service param > https://www.example.com/cas?service=https://www.yourpage.com > > > If