[cas-user] Install Cas 5.2.1 Support SAMLv2 Hostname cannot be null or empty

2018-01-30 Thread Bergner, Arnold 
Hi,

do you have cas.server.prefix and cas.server.name?
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#cas-server

Arnold


Von: cas-user@apereo.org [mailto:cas-user@apereo.org] Im Auftrag von jabang 
konate
Gesendet: Mittwoch, 31. Januar 2018 07:45
An: cas-user@apereo.org
Betreff: Re: [cas-user] Install Cas 5.2.1 Support SAMLv2 Hostname cannot be 
null or empty

hi. any advice for this problem?

On Sat, Jan 27, 2018 at 5:03 PM, jabang konate 
> wrote:
hi all.

im trying to configure cas 5.2.1 to act as ane identity provider. i have follow 
this site to configure samlv2.
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_saml_overview.html,
 .

but im having troubles when i deploy cas, heres the following error.
27-Jan-2018 16:44:22.760 INFO [localahost-startStop-1] 
org.apache.catalina.core.ApplicationContext.log 2 Spring 
WebApplicationInitializers detected on classpath
27-Jan-2018 16:44:44.508 SEVERE [localahost-startStop-1] 
org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: 
start:
 org.apache.catalina.LifecycleException: Failed to start component 
[StandardEngine[Catalina].StandardHost[localahost].StandardContext[/cas]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
at 
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1141)
at 
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1875)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: 
Error creating bean with name 'samlIdPConfiguration': Unsatisfied dependency 
expressed through field 'casSamlIdPMetadataResolver'; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'shibbolethIdpMetadataAndCertificatesGenerationService': Invocation 
of init method failed; nested exception is java.lang.RuntimeException: Hostname 
cannot be null or empty
at 
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:588)
at 
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
at 
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1264)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553)
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
at 
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at 
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at 
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at 
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
at 
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
at 
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
at 
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at 
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at 
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at 
org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at 
org.springframework.boot.web.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:154)
at

Re: [cas-user] Install Cas 5.2.1 Support SAMLv2 Hostname cannot be null or empty

2018-01-30 Thread jabang konate 
hi. any advice for this problem?

On Sat, Jan 27, 2018 at 5:03 PM, jabang konate 
wrote:

> hi all.
>
> im trying to configure cas 5.2.1 to act as ane identity provider. i have
> follow this site to configure samlv2.
> https://dacurry-tns.github.io/deploying-apereo-cas/building_
> server_saml_overview.html, .
>
> but im having troubles when i deploy cas, heres the following error.
>
> 27-Jan-2018 16:44:22.760 INFO [localahost-startStop-1]
> org.apache.catalina.core.ApplicationContext.log 2 Spring
> WebApplicationInitializers detected on classpath
> 27-Jan-2018 16:44:44.508 SEVERE [localahost-startStop-1]
> org.apache.catalina.core.ContainerBase.addChildInternal
> ContainerBase.addChild: start:
>  org.apache.catalina.LifecycleException: Failed to start component
> [StandardEngine[Catalina].StandardHost[localahost].StandardContext[/cas]]
> at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:167)
> at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:752)
> at org.apache.catalina.core.ContainerBase.addChild(
> ContainerBase.java:728)
> at org.apache.catalina.core.StandardHost.addChild(
> StandardHost.java:734)
> at org.apache.catalina.startup.HostConfig.deployDirectory(
> HostConfig.java:1141)
> at org.apache.catalina.startup.HostConfig$DeployDirectory.
> run(HostConfig.java:1875)
> at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: org.springframework.beans.factory.
> UnsatisfiedDependencyException: Error creating bean with name
> 'samlIdPConfiguration': Unsatisfied dependency expressed through field
> 'casSamlIdPMetadataResolver'; nested exception is 
> org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 
> 'shibbolethIdpMetadataAndCertificatesGenerationService':
> Invocation of init method failed; nested exception is
> java.lang.RuntimeException: Hostname cannot be null or empty
> at org.springframework.beans.factory.annotation.
> AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(
> AutowiredAnnotationBeanPostProcessor.java:588)
> at org.springframework.beans.factory.annotation.
> InjectionMetadata.inject(InjectionMetadata.java:88)
> at org.springframework.beans.factory.annotation.
> AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(
> AutowiredAnnotationBeanPostProcessor.java:366)
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.populateBean(
> AbstractAutowireCapableBeanFactory.java:1264)
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.doCreateBean(
> AbstractAutowireCapableBeanFactory.java:553)
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.createBean(
> AbstractAutowireCapableBeanFactory.java:483)
> at org.springframework.beans.factory.support.
> AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
> at org.springframework.beans.factory.support.
> DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.
> java:230)
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> at org.springframework.beans.factory.support.
> DefaultListableBeanFactory.preInstantiateSingletons(
> DefaultListableBeanFactory.java:761)
> at org.springframework.context.support.AbstractApplicationContext.
> finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
> at org.springframework.context.support.AbstractApplicationContext.
> refresh(AbstractApplicationContext.java:543)
> at org.springframework.boot.context.embedded.
> EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.
> java:122)
> at org.springframework.boot.SpringApplication.refresh(
> SpringApplication.java:693)
> at org.springframework.boot.SpringApplication.refreshContext(
> SpringApplication.java:360)
> at org.springframework.boot.SpringApplication.run(
> SpringApplication.java:303)
> at org.springframework.boot.web.support.
> SpringBootServletInitializer.run(SpringBootServletInitializer.java:154)
> at org.springframework.boot.web.support.
> SpringBootServletInitializer.createRootApplicationContext(
> SpringBootServletInitializer.java:134)
> at org.springframework.boot.web.support.
> SpringBootServletInitializer.onStartup(SpringBootServletInitializer.
>

[cas-user] Re: Custom Authentication Handler

2018-01-30 Thread Ramakrishna G 
Ignore previous mail.

I need to write a for Custom Authentication Handler for CAS which takes
userId, password and pancard number. All 3 parameters will be sent to
custom server(My other server, Not in CAS) and validated and response is
returned back.

How can I achieve this is CAS overlay?


Thanks
Ramakrishna G

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_ti65_GVjsBmNkSd1CnnRmnWX%2BY%2B%3DsOYQtg3Xdz1yHDQ%40mail.gmail.com.

[cas-user] Custom Authentication Handler

2018-01-30 Thread Ramakrishna G 
Hi Team,

I need to write a for CAS which takes userId, password and pancard number.
All 3 parameters will be sent to custom server(My other server, Not in CAS)
and validated and response is returned back.

How can I achieve this is CAS overlay?

Thanks
Ramakrishna G

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P85v2eMSDZnQXXPTXZmn51Zr3%2Bo8Mpi0oGmZajd2Pp-MA%40mail.gmail.com.

Re: [cas-user] Blackboard Ultra

2018-01-30 Thread Bryan Wooten 
"I certainly hope that Bb is not sending a logout request to CAS when 'its'
session expires (not user initiated). That would single logout the user out
of all services (that participate in SLO) regardless of CAS settings ==>
unhappy users & confused administrators."

This topic begs the question: What does logout mean in an SSO world? Logout
of a single app or logout of SSO (all apps in the SSO session).

In an SSO environment if you logout of a single app but not the SSO
session, then if you go back to the app you get straight in because the SSO
session is still valid.

Now individual apps a can mitigate this by setting "renew = true", but that
somewhat defeats the purpose of SSO does it not?

We have 500 servers in our CAS service registry and 90 using Shib (using
CAS for authentication). CAS includes on prem apps and cloud apps (off prem)

As the CAS / Shib admin I cannot control how all the servers will react.
They may or not listen/respond to logout messages, heck they even maintain
their own session cookies for SLO/timeout.

It is a mess and has been since as long as my first IAM conference.

What does SLO/Logout even mean? Is it even possible to enforce any policy?
Let's not even address aggressive caching by browsers across tabs / windows
/ instances.

I gave up trying years ago, it is what it is.

Logout to me means the following steps:

1. Click logout.
2. Clear cache/cookies
3. Power off computer
4. Shoot computer with 12 gauge shotgun
5. Throw computer into nearest lake/ocean/river.

Without all those steps I don't believe you are "logged out".

On Tue, Jan 30, 2018 at 4:27 PM, Richard Frovarp 
wrote:

> I think that they are. From my recollection that was what came up on the
> Bb admin list a couple of years ago. You have to specify a logout URL, and
> it sends the user to it after it kills its own session. People are
> providing the IdP logout URL, so that kicks it off. My suggestion would be
> to provide a different logout URL other than the IdP.
>
>
> On 01/30/2018 11:38 AM, Ray Bon wrote:
>
> I certainly hope that Bb is not sending a logout request to CAS when 'its'
> session expires (not user initiated). That would single logout the user out
> of all services (that participate in SLO) regardless of CAS settings ==>
> unhappy users & confused administrators.
>
> Ray
>
> On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote:
>
> Do you have a logout URL configured? Best I know is that when a session
> expires in Bb, it kills the Bb session, then sends the browser to the IdP
> logout URL, which would kill your TGT.
>
> On 01/30/2018 07:08 AM, Michael O Holstein wrote:
>
> We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random
> users are telling us it times out of them. While I suspect this is an issue
> of opening the app, letting it sit for 2 hours, and then noticing their
> session went away (which should re-auth as the TGT is still valid on our
> end).
>
>
> Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are
> as-delivered default.
>
>
> Thanks,
>
>
> Michael Holstein CISSP
>
> Mgr. Network  & Data Security
>
> Cleveland State University
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CO2PR0801MB6478C3DA610FAD823AD
> 852283E40%40CO2PR0801MB647.namprd08.prod.outlook.com
> 
> .
>
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems2507218831 <(250)%20721-8831> | CLE 
> 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1517333882.1782.42.camel%40uvic.ca
> 
> .
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you

Re: [cas-user] Blackboard Ultra

2018-01-30 Thread Richard Frovarp 
I think that they are. From my recollection that was what came up on the 
Bb admin list a couple of years ago. You have to specify a logout URL, 
and it sends the user to it after it kills its own session. People are 
providing the IdP logout URL, so that kicks it off. My suggestion would 
be to provide a different logout URL other than the IdP.


On 01/30/2018 11:38 AM, Ray Bon wrote:
I certainly hope that Bb is not sending a logout request to CAS when 
'its' session expires (not user initiated). That would single logout 
the user out of all services (that participate in SLO) regardless of 
CAS settings ==> unhappy users & confused administrators.


Ray

On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote:
Do you have a logout URL configured? Best I know is that when a 
session expires in Bb, it kills the Bb session, then sends the 
browser to the IdP logout URL, which would kill your TGT.


On 01/30/2018 07:08 AM, Michael O Holstein wrote:


We recently moved onto Blackboard's SaaS offering (aka "Ultra") and 
random users are telling us it times out of them. While I suspect 
this is an issue of opening the app, letting it sit for 2 hours, and 
then noticing their session went away (which should re-auth as the 
TGT is still valid on our end).



Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are 
as-delivered default.



Thanks,


Michael Holstein CISSP

Mgr. Network  & Data Security

Cleveland State University

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas 


- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6478C3DA610FAD823AD852283E40%40CO2PR0801MB647.namprd08.prod.outlook.com 
.




--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1517333882.1782.42.camel%40uvic.ca 
.



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c1d401af-137b-a078-60b0-9cf13f95132d%40ndsu.edu.

Re: [cas-user] Blackboard Ultra

2018-01-30 Thread Ray Bon 
I certainly hope that Bb is not sending a logout request to CAS when 'its' 
session expires (not user initiated). That would single logout the user out of 
all services (that participate in SLO) regardless of CAS settings ==> unhappy 
users & confused administrators.

Ray

On Tue, 2018-01-30 at 09:42 -0600, Richard Frovarp wrote:
Do you have a logout URL configured? Best I know is that when a session expires 
in Bb, it kills the Bb session, then sends the browser to the IdP logout URL, 
which would kill your TGT.

On 01/30/2018 07:08 AM, Michael O Holstein wrote:

We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random 
users are telling us it times out of them. While I suspect this is an issue of 
opening the app, letting it sit for 2 hours, and then noticing their session 
went away (which should re-auth as the TGT is still valid on our end).


Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are as-delivered 
default.


Thanks,


Michael Holstein CISSP

Mgr. Network  & Data Security

Cleveland State University

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6478C3DA610FAD823AD852283E40%40CO2PR0801MB647.namprd08.prod.outlook.com.


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1517333882.1782.42.camel%40uvic.ca.

Re: [cas-user] Blackboard Ultra

2018-01-30 Thread Ray Bon 
Michael,

Default lifetime of a TGT is 2h. See 
https://apereo.github.io/cas/5.2.x/installation/Configuring-Ticket-Expiration-Policy.html
The TGT may still be present in the ticket store, depends on the storage 
mechanism.

Ray

On Tue, 2018-01-30 at 13:08 +, Michael O Holstein wrote:

We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random 
users are telling us it times out of them. While I suspect this is an issue of 
opening the app, letting it sit for 2 hours, and then noticing their session 
went away (which should re-auth as the TGT is still valid on our end).


Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are as-delivered 
default.


Thanks,


Michael Holstein CISSP

Mgr. Network  & Data Security

Cleveland State University

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1517333864.1782.41.camel%40uvic.ca.

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ray Bon 
Ramakrishna,

Perhaps there is something not right with your client application config? Is it 
running on https://192.168.111.118:8443 or is that CAS?

Multiple service tickets in the URL suggests that the request is being 
redirected to CAS multiple times.

Ray

On Fri, 2018-01-26 at 16:49 +0530, Ramakrishna G wrote:
Hi ,

Now I think I resolved certificate issue. But I am getting this error


[Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878] 
mod_authz_core.c(809): [client 
192.168.111.118:62974] AH01626: authorization 
result of Require valid-user : denied (no authenticated user yet)

[Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878] 
mod_authz_core.c(809): [client 
192.168.111.118:62974] AH01626: authorization 
result of : denied (no authenticated user yet)

[Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(2076): [client 
192.168.111.118:62974] Entering cas_authenticate()

[Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(656): [client 
192.168.111.118:62974] Modified r->args (now 
'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client')

[Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1779): [client 
192.168.111.118:62974] entering 
getResponseFromServer()

[Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(584): [client 
192.168.111.118:62974] CAS Service 
'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client'

[Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1856): [client 
192.168.111.118:62974] Validation response: 
HTTP Status 406 \xe2\x80\x93 Not 
Acceptableh1 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
 h2 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
 h3 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
 body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} 
b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p 
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
 a {color:black;} a.name<http://a.name> {color:black;} .line 
{height:1px;background-color:#525D76;border:none;}HTTP 
Status 406 \xe2\x80\x93 Not AcceptableType 
Status ReportDescription The target resource does not have a 
current representation that would be acceptable to the user agent, according to 
the proactive negotiation header fields received in the request, and the server 
is unwilling to supply a default representation.Apache Tomcat/8.5.24

[Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1440): [client 
192.168.111.118:62974] entering isValidCASTicket()

[Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1446): [client 
192.168.111.118:62974] MOD_AUTH_CAS: response = 
HTTP Status 406 \xe2\x80\x93 Not 
Acceptableh1 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
 h2 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
 h3 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
 body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} 
b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p 
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
 a {color:black;} a.name<http://a.name> {color:black;} .line 
{height:1px;background-color:#525D76;border:none;}HTTP 
Status 406 \xe2\x80\x93 Not AcceptableType 
Status ReportDescription The target resource does not have a 
current representation that would be acceptable to the user agent, according to 
the proactive negotiation header fields received in the request, and the server 
is unwilling to supply a default representation.Apache Tomcat/8.5.24

[Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client 
192.168.111.118:62974] MOD_AUTH_CAS: error 
parsing CASv2 response: XML parser error code: syntax error (2)

[Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205] 
mod_authz_core.c(809): [client 
192.168.111.118:62976] AH01626: authorization 
result of Require valid-user : denied (no authenticated user yet), referer:

Re: [cas-user] Blackboard Ultra

2018-01-30 Thread Richard Frovarp 
Do you have a logout URL configured? Best I know is that when a session 
expires in Bb, it kills the Bb session, then sends the browser to the 
IdP logout URL, which would kill your TGT.


On 01/30/2018 07:08 AM, Michael O Holstein wrote:


We recently moved onto Blackboard's SaaS offering (aka "Ultra") and 
random users are telling us it times out of them. While I suspect this 
is an issue of opening the app, letting it sit for 2 hours, and then 
noticing their session went away (which should re-auth as the TGT is 
still valid on our end).



Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are 
as-delivered default.



Thanks,


Michael Holstein CISSP

Mgr. Network  & Data Security

Cleveland State University

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6478C3DA610FAD823AD852283E40%40CO2PR0801MB647.namprd08.prod.outlook.com 
.



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a194b20f-76cc-5909-b36c-1c74b4fa352d%40ndsu.edu.

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread David Hawes 
It looks like you're using a serviceValidate endpoint with SAML
validation. Comment out the CASValidateSAML lines and try again.

Alternatively, keep the setting on and use a samlValidate endpoint.

On Fri, Jan 26, 2018 at 6:19 AM, Ramakrishna G  wrote:
> Hi ,
>
> Now I think I resolved certificate issue. But I am getting this error
>
> [Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878]
> mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
>
> [Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878]
> mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626: authorization
> result of : denied (no authenticated user yet)
>
> [Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(2076): [client 192.168.111.118:62974] Entering
> cas_authenticate()
>
> [Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(656): [client 192.168.111.118:62974] Modified r->args (now
> 'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client')
>
> [Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1779): [client 192.168.111.118:62974] entering
> getResponseFromServer()
>
> [Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(584): [client 192.168.111.118:62974] CAS Service
> 'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client'
>
> [Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1856): [client 192.168.111.118:62974] Validation response:
> HTTP Status 406 \xe2\x80\x93 Not
> Acceptableh1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> h2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> h3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> body
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> p
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
> a {color:black;} a.name {color:black;} .line
> {height:1px;background-color:#525D76;border:none;}HTTP
> Status 406 \xe2\x80\x93 Not AcceptableType
> Status ReportDescription The target resource does not have a
> current representation that would be acceptable to the user agent, according
> to the proactive negotiation header fields received in the request, and the
> server is unwilling to supply a default representation. />Apache Tomcat/8.5.24
>
> [Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1440): [client 192.168.111.118:62974] entering
> isValidCASTicket()
>
> [Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1446): [client 192.168.111.118:62974] MOD_AUTH_CAS: response
> = HTTP Status 406 \xe2\x80\x93
> Not Acceptableh1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> h2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> h3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> body
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> p
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
> a {color:black;} a.name {color:black;} .line
> {height:1px;background-color:#525D76;border:none;}HTTP
> Status 406 \xe2\x80\x93 Not AcceptableType
> Status ReportDescription The target resource does not have a
> current representation that would be acceptable to the user agent, according
> to the proactive negotiation header fields received in the request, and the
> server is unwilling to supply a default representation. />Apache Tomcat/8.5.24
>
> [Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client
> 192.168.111.118:62974] MOD_AUTH_CAS: error parsing CASv2 response: XML
> parser error code: syntax error (2)
>
> [Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205]
> mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet), referer:
> https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client
>
> [Fri Jan 26 16:22:24.524008 2018] [authz_core:debug] [pid 19205]
> mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626: authorization
> result of : denied (no authenticated user yet), referer:
>

[cas-user] Re: CAS documentation for a new user is terrible

2018-01-30 Thread Martin Bohun 
“And so, my fellow cas-user-s: ask not what your cas can do for you—ask 
what you can do for your cas.”

martin

On Tuesday, October 31, 2017 at 12:50:43 AM UTC+11, Jan wrote:
>
> Hello,
>
> As a new user of CAS, I'd like to voice my opinion that the official 
> documentation of how one can get started with CAS is just awful. By this I 
> mean not the lack of it, but rather how indirect, not step-by-step it is. 
> Clarity could often be improved too.
>
> In the end I managed to do what I hoped for, ie investigate CAS locally as 
> an SSO solution, for which I needed to (1) run CAS server locally, (2) 
> connect and authenticate using a simple CAS client locally, (3) run the 
> service management app. However, the difficulty I had at most steps of 
> getting it all to work make me really want to use something else even if I 
> have to implement parts of it from scratch..
>
> Only now, when wanting to post this message, did I find this helpful 
> guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the CAS 
> team incorporate some step-by-step tutorial like this into the official 
> documentation?
>
> These threads seem to voice a similar concern:
>
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ
>
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ
>
> I'm also posting the notes I made for myself during the process. I 
> wouldn't have written them if there was something like this available in 
> official docs, or I had found the unofficial guide earlier. I'm adding  
> to points that took me particularly long to figure out.
>
> *Building*
> - Described here: 
> https://apereo.github.io/cas/developer/Build-Process.html
> - git clone --depth=1 --single-branch --branch=master 
> g...@github.com:apereo/cas.git cas-server
> - cd cas-server
> - git checkout master
> - ./gradlew build install --parallel -x test -x javadoc -x check
>
> *Config*
> - Default config dir is /etc/cas/config (may need to be created, given 
> permissions) If you create application.properties in there, CAS seems to 
> pick them up. 
> - You can override in there any properties listed on 
> https://apereo.github.io/cas/development/installation/Configuration-Properties.html
>
> *Keys*
> - keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore 
> /etc/cas/thekeystore -ext san=dns:cas-sso.local
> - Add 127.0.0.1 cas-sso.local to /etc/hosts
> - keytool -export -file /etc/cas/config/cas.crt -keystore 
> /etc/cas/thekeystore -alias cas
> - sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore 
> $JAVA_HOME/jre/lib/security/cacerts (default password to cacerts is 
> changeit)
> - Add the following lines to application.properties in CAS config dir 
> (with whatever password you set up for /etc/cas/thekeystore) 
> server.ssl.keyStorePassword=qwer1234
> server.ssl.keyPassword=qwer1234
>
> *Adding JSON service registry (to get a sample client registered)*
> - Add line >>compile 
> "org.apereo.cas:cas-server-support-json-service-registry:5.2.0-SNAPSHOT"<< 
> to the file cas-server/webapp/cas-server-webapp-tomcat/build.gradle, 
> replacing 5.2.0-SNAPSHOT with whatever version of CAS you have. The version 
> can be figured out after starting CAS (is displayed). 
> - Recompile the whole thing as above.
> - Add the following lines to application.properties in CAS config dir: 
> cas.serviceRegistry.watcherEnabled=true
> cas.serviceRegistry.repeatInterval=10
> cas.serviceRegistry.startDelay=1
> cas.serviceRegistry.initFromJson=true
> - Add json file with service defs in directory 
> cas-server/webapp/resources/services (the server seems to display which 
> directory it watches after start).
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "http://localhost/.*;, 
>   "name" : "testId",
>   "id" : 1,
>   "accessStrategy" : {
>   "@class" : 
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>   "enabled" : true,
>   "ssoEnabled" : true
>   }
> }
>
> *Getting access to /status/dashboard endpoint *
> - Add the following lines to application.properties in CAS config dir:
> cas.adminPagesSecurity.ip=127\.0\.0\.1
> cas.monitor.endpoints.enabled=true
> cas.monitor.endpoints.sensitive=false
>
> *Running*
> - cd webapp/cas-server-webapp-tomcat
> - ../../gradlew build bootRun --parallel
>
> *Simple client*
> - git clone g...@github.com:apereo/phpCAS.git
> - cd phpCAS
> - Copy docs/examples/config.example.php to docs/examples/config.php and 
> edit:
> // Full Hostname of your CAS Server
> $cas_host = 'cas-sso.local';
> // Context of the CAS Server
> $cas_context = '/cas';
> // Port of your CAS server. Normally for a https server it's 443
> $cas_port = 8443;
> - Make the file docs/examples/example_simple.php accessible by www.
> - Navigate to http://localhost/phpCAS/docs/examples/example_simple.php
>
> *Service management

Re: [cas-user] Re: CAS documentation for a new user is terrible

2018-01-30 Thread David Curry 
Yesterday, I said: "...in addition to Carl's task list (for lack of a
better word)..."

My mistake, it was Jan's task list; I didn't scroll back far enough in the
thread.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Mon, Jan 29, 2018 at 2:52 PM, David Curry 
wrote:

> For those of you who are new to CAS and looking for some help, in addition
> to Carl's task list (for lack of a better word), I have been making this
> available for anyone who wants it:
>
> https://dacurry-tns.github.io/deploying-apereo-cas/
> introduction_overview.html
>
> It's NOT official, and it's not the only way to do things, but it's pretty
> verbose and step-by-step.
>
> I just updated it the other day with my initial work on doing some high
> availability stuff with MongoDb, so it's up-to-date with CAS 5.2.2-SNAPSHOT.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Mon, Jan 29, 2018 at 2:08 PM, Matthew Uribe 
> wrote:
>
>> Jan,
>>
>> I have to say, as another new arrival to the CAS world, that I agree with
>> your statements, and wish I would have encountered your post several weeks
>> ago. I appreciate the link to guide, and hope that others will find it
>> earlier in their journey than I did.
>>
>> Also, I want to thank all who have contributed directly to the project,
>> as well as here in the group.
>>
>>
>> On Monday, October 30, 2017 at 7:50:43 AM UTC-6, Jan wrote:
>>>
>>> Hello,
>>>
>>> As a new user of CAS, I'd like to voice my opinion that the official
>>> documentation of how one can get started with CAS is just awful. By this I
>>> mean not the lack of it, but rather how indirect, not step-by-step it is.
>>> Clarity could often be improved too.
>>>
>>> In the end I managed to do what I hoped for, ie investigate CAS locally
>>> as an SSO solution, for which I needed to (1) run CAS server locally, (2)
>>> connect and authenticate using a simple CAS client locally, (3) run the
>>> service management app. However, the difficulty I had at most steps of
>>> getting it all to work make me really want to use something else even if I
>>> have to implement parts of it from scratch..
>>>
>>> Only now, when wanting to post this message, did I find this helpful
>>> guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the
>>> CAS team incorporate some step-by-step tutorial like this into the official
>>> documentation?
>>>
>>> These threads seem to voice a similar concern:
>>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-
>>> user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ
>>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-
>>> user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ
>>>
>>> I'm also posting the notes I made for myself during the process. I
>>> wouldn't have written them if there was something like this available in
>>> official docs, or I had found the unofficial guide earlier. I'm adding 
>>> to points that took me particularly long to figure out.
>>>
>>> *Building*
>>> - Described here: https://apereo.github.io/cas/d
>>> eveloper/Build-Process.html
>>> - git clone --depth=1 --single-branch --branch=master 
>>> g...@github.com:apereo/cas.git
>>> cas-server
>>> - cd cas-server
>>> - git checkout master
>>> - ./gradlew build install --parallel -x test -x javadoc -x check
>>>
>>> *Config*
>>> - Default config dir is /etc/cas/config (may need to be created, given
>>> permissions) If you create application.properties in there, CAS seems to
>>> pick them up. 
>>> - You can override in there any properties listed on
>>> https://apereo.github.io/cas/development/installation/Config
>>> uration-Properties.html
>>>
>>> *Keys*
>>> - keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore
>>> /etc/cas/thekeystore -ext san=dns:cas-sso.local
>>> - Add 127.0.0.1 cas-sso.local to /etc/hosts
>>> - keytool -export -file /etc/cas/config/cas.crt -keystore
>>> /etc/cas/thekeystore -alias cas
>>> - sudo keytool -import -file /etc/cas/config/cas.crt -alias cas
>>> -keystore $JAVA_HOME/jre/lib/security/cacerts (default password to
>>> cacerts is changeit)
>>> - Add the following lines to application.properties in CAS config dir
>>> (with whatever password you set up for /etc/cas/thekeystore) 
>>> server.ssl.keyStorePassword=qwer1234
>>> server.ssl.keyPassword=qwer1234
>>>
>>> *Adding JSON service registry (to get a sample client registered)*
>>> - Add line >>compile "org.apereo.cas:cas-server-sup
>>> port-json-service-registry:5.2.0-SNAPSHOT"<< to the file
>>> cas-server/webapp/cas-server-webapp-tomcat/build.gradle, replacing
>>> 5.2.0-SNAPSHOT with whatever version of CAS

Re: [cas-user] Re: CAS documentation for a new user is terrible

2018-01-30 Thread Waldbieser, Carl 

While it is true that CAS is not a turnkey solution, and it is also true that 
the documentation has vastly improved since the early days of CAS, I think it 
is fair to say there is room for improvement in the CAS documentation.

The criticism that the documentation is somewhat lacking in terms of reliable 
tutorials seems to be fairly accurate.  The documentation is mainly organized 
as reference material, with a bit of HOWTO documentation mixed in.  

Daniele Procida (of the Django project) gave a really great discussion on what 
makes documentation successful[1], and why people won't use your project if you 
don't have good documentation.  Based on his categorizations, I'd conclude that 
CAS documentation would benefit most from improvements to its tutorial and 
discussion documentation, followed by beefing up its HOWTO documentation.

While I think the subject "CAS documentation for a new user is terrible" may be 
somewhat provocative, I believe the message that CAS documentation could be 
improved to help new users come to grips with it more easily is a valid 
criticism.  I can think of another open source project in the web SSO space 
that has essentially rejected this kind of criticism entirely much to the 
detriment of its community.  I believe the CAS community can do better in this 
area.

Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College

[1] 
https://www.google.com/url?sa=t=j==s=web=1=rja=8=0ahUKEwi4tryv7v_YAhVB21MKHarEB14QtwIIJzAA=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dazf6yzuJt54=AOvVaw2GPsIKe4Ur91Zx9ASL2rsu

- Original Message -
From: "Michael O Holstein" 
To: "cas-user" 
Sent: Monday, January 29, 2018 4:18:32 PM
Subject: Re: [cas-user] Re: CAS documentation for a new user is terrible

CAS is an open-source project. It is not plug-and-play.


If you want a turnkey implementation, I'd recommend contacting Unicon (the 
principal architects) who offer it as a hosted solution, various support 
contracts, and implementation consulting.


From: cas-user@apereo.org  on behalf of David Curry 

Sent: Monday, January 29, 2018 2:52:29 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] Re: CAS documentation for a new user is terrible

For those of you who are new to CAS and looking for some help, in addition to 
Carl's task list (for lack of a better word), I have been making this available 
for anyone who wants it:

https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html

It's NOT official, and it's not the only way to do things, but it's pretty 
verbose and step-by-step.

I just updated it the other day with my initial work on doing some high 
availability stuff with MongoDb, so it's up-to-date with CAS 5.2.2-SNAPSHOT.

--Dave



--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • 
david.cu...@newschool.edu

[The New School]

On Mon, Jan 29, 2018 at 2:08 PM, Matthew Uribe 
> wrote:
Jan,

I have to say, as another new arrival to the CAS world, that I agree with your 
statements, and wish I would have encountered your post several weeks ago. I 
appreciate the link to guide, and hope that others will find it earlier in 
their journey than I did.

Also, I want to thank all who have contributed directly to the project, as well 
as here in the group.


On Monday, October 30, 2017 at 7:50:43 AM UTC-6, Jan wrote:
Hello,

As a new user of CAS, I'd like to voice my opinion that the official 
documentation of how one can get started with CAS is just awful. By this I mean 
not the lack of it, but rather how indirect, not step-by-step it is. Clarity 
could often be improved too.

In the end I managed to do what I hoped for, ie investigate CAS locally as an 
SSO solution, for which I needed to (1) run CAS server locally, (2) connect and 
authenticate using a simple CAS client locally, (3) run the service management 
app. However, the difficulty I had at most steps of getting it all to work make 
me really want to use something else even if I have to implement parts of it 
from scratch..

Only now, when wanting to post this message, did I find this helpful guide: 
https://dacurry-tns.github.io/deploying-apereo-cas/ Could the CAS team 
incorporate some step-by-step tutorial like this into the official 
documentation?

These threads seem to voice a similar concern:
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ

I'm also posting the notes I made for myself during the process. I wouldn't 
have written them if there was something like this available in official docs, 
or I had

[cas-user] Blackboard Ultra

2018-01-30 Thread Michael O Holstein 
We recently moved onto Blackboard's SaaS offering (aka "Ultra") and random 
users are telling us it times out of them. While I suspect this is an issue of 
opening the app, letting it sit for 2 hours, and then noticing their session 
went away (which should re-auth as the TGT is still valid on our end).


Anyone else seen this? How'd you fix it? Our TGT/ST lifetimes are as-delivered 
default.


Thanks,


Michael Holstein CISSP

Mgr. Network  & Data Security

Cleveland State University

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6478C3DA610FAD823AD852283E40%40CO2PR0801MB647.namprd08.prod.outlook.com.

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

2018-01-30 Thread Neha Gupta 
Hello  Jérôme,

Thanks a lot for update. I tried making changes in the file you suggested
but always not able to access CAS login page after that as CAS is throwing
some error. Traces(CASTraces.txt) attached.
Request you to please help me on this.

Also when i tried to package the complete pac4j package i am getting error
in JWT. Traces attached(Pac4jTraces.txt) for the same.


Also i had a talk with ORCID support team and here is the extract from mail
regarding the version: -



*By March 1st, all calls made to the Public API (using the pub.orcid.org
 domain) must use version 2.0 or 2.1; calls made
using version 1.2 will return an error.If you are still using version 1.2
you need to be planning your upgrade to version 2.0. On this page you can
find the necessary changes to
implement: https://members.orcid.org/api/news/xsd-20-update
 *


I don't know which version of ORCID API CAS is using so just thought of
sharing this information with you.


Thanks and Regards
Neha Gupta

On Tue, Jan 23, 2018 at 11:28 AM, Jérôme LELEU  wrote:

> Hi,
>
> In pac4j, you can set the scope of the Orcid client. It doesn't seem
> possible within the CAS server: https://apereo.github.
> io/cas/5.2.x/installation/Configuration-Properties.html#orcid
>
> That said, this is easy to change: don't hesitate to submit a PR for that
> in the CAS project.
>
> What would be the right default scope to change that in pac4j:
> https://github.com/pac4j/pac4j/blob/master/pac4j-
> oauth/src/main/java/org/pac4j/oauth/client/OrcidClient.java#L18 ?
>
> Thanks.
> Best regards,
> Jérôme
>
>
> On Mon, Jan 22, 2018 at 3:19 PM, Neha Gupta 
> wrote:
>
>> Hello Jérôme,
>>
>> I posted the reply last week but seems it lost somewhere. So posting it
>> again: -
>>
>> *ORCID: -*
>> Problem seems to be with scope. Please see the URL where new scopes are
>> described and also had a talk with ORCID support and according to them the
>> scope /orcid-profile belongs to an older version of API. Current 2.1 API
>> only supports scopes mentioned in the link.
>>
>> https://members.orcid.org/api/oauth/orcid-scopes
>>
>> FACEBOOK: -
>> After defining correctly the "App Domain" and "Site URL" delegation to
>> facebook started working.
>>
>>
>> Thanks a lot for your support.
>>
>> Regards
>> Neha Gupta
>>
>> On Tuesday, January 16, 2018 at 10:55:11 AM UTC+1, leleuj wrote:
>>>
>>> Hi,
>>>
>>> 1) Orcid
>>>
>>> The URL looks good: I would try another value for the scope. Have you
>>> taken a look at the documentation?
>>>
>>> 2) Facebook
>>>
>>> I opened the Facebook console, and I see a "Facebook login" item in the
>>> left menu with a "Parameters" submenu, in which you have several flags to
>>> enable, especially "web OAuth connection": is this checked? There is also a
>>> "redirection URL" input field you may need to fill, depending on the
>>> version of your FB app.
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> On Mon, Jan 15, 2018 at 2:43 PM, Neha Gupta  wrote:
>>>
 Hello Jérôme,

 Below is the update

 *ORCID: -*

 The URL which is getting called before is "
 http://www.orcid.org/oauth/authorize/?client_id=xxx=%
 2Forcid-profile%2Fread-limited_type=code_u
 ri=https%3A%2F%2Fdesktop-d8r3ca4%3A8443%2Fcas%2Flogin%3Fclie
 nt_name%3Dorcid"

 After seeing the Network calls it seems that 301 and 302 status code
 are being thrown in response of the above URL.

 *FACEBOOK:- *
 In facebook app console i don't see any place for callback URL.Fields
 as shown in attached snapshot are only available.


 Thanks a lot for your support.


 Regards
 Neha Gupta




 On Friday, January 12, 2018 at 3:03:22 PM UTC+1, leleuj wrote:
>
> Hi,
>
> Please don't output your id and secret in your emails!
>
> - Orcid:
>
> I think there is an URL called before the one given in the error
> message, it should be something like http://www.orcid.org/oaut
> h/authorize/xxx (https://github.com/pac4j/pac4j/blob/master/
> pac4j-oauth/src/main/java/org/pac4j/scribe/builder/api/Orcid
> Api20.java#L20)
>
> Can you post it here?
>
> - Facebook:
>
> Are you sure you defined the callback URL: https://desktop-d8r3ca4:8
> 443/cas/login?client_name=Facebook in your Facebook app console?
>
> Thanks.
> Best regards,
> Jérôme
>
>
> On Fri, Jan 12, 2018 at 10:57 AM, Neha Gupta 
> wrote:
>
>> Dear CAS people,
>>
>> Good morning!
>>
>> I am trying to delegate CAS authentication to Orcid and Facebook and
>> as such created war file after updating "pom.xml" and "cas.properties" as
>> follows: -
>>
>> *pom.xml*
>>
>> 
>> org.apereo.cas
>>

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ramakrishna G 
Hi David,

As suggested I enabled Debug Mode. Error what I got to..


[Thu Jan 25 17:53:01.512443 2018] [ssl:info] [pid 28180] SSL Library Error:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking
HTTP to HTTPS port!?

[Thu Jan 25 17:53:01.940036 2018] [ssl:info] [pid 28181] [client
192.168.111.84:62057] AH01964: Connection to child 1 established (server
192.168.111.12:443)

[Thu Jan 25 17:53:01.940406 2018] [ssl:info] [pid 28181] [client
192.168.111.84:62057] AH01996: SSL handshake failed: HTTP spoken on HTTPS
port; trying to send HTML error page

[Thu Jan 25 17:53:01.940458 2018] [ssl:info] [pid 28181] SSL Library Error:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking
HTTP to HTTPS port!?

[Thu Jan 25 17:53:13.796431 2018] [ssl:info] [pid 28182] [client
192.168.111.84:62058] AH01964: Connection to child 2 established (server
192.168.111.12:443)

[Thu Jan 25 17:53:13.796782 2018] [ssl:debug] [pid 28182]
ssl_engine_io.c(1202): (70014)End of file found: [client
192.168.111.84:62058] AH02007: SSL handshake interrupted by system [Hint:
Stop button pressed in browser?!]

[Thu Jan 25 17:53:13.796815 2018] [ssl:info] [pid 28182] [client
192.168.111.84:62058] AH01998: Connection closed to child 2 with abortive
shutdown (server 192.168.111.12:443)

~


LoadModule auth_cas_module modules/mod_auth_cas.so

CASCookiePath /var/cache/mod_auth_cas/

CASCertificatePath  /etc/ssl/certs/

CASLoginURL https://192.168.111.12:9443/cas/login

CASRootProxiedAs https://192.168.111.12

CASValidateURL https://192.168.111.12:9443/cas/serviceValidate

#CASProxyValidateURL https://192.168.111.12:9443/cas/proxyValidate

CASDebug On

LogLevel debug

CASValidateSAML On

CASVersion 2

#CASValidateServer off

#CASAllowWildcardCert off

CASTimeout 86400

CASIdleTimeout 7200

CASSSOEnabled On

#LogLevel debug




DocumentRoot "/var/www/html/"

ServerName 192.168.111.12

CASValidateSAML On

LogLevel debug

ErrorLog /var/log/cas_error_log

CustomLog /var/log/cas_access_log combined

# Other directives here

#AuthType CAS

#require valid-user






 AllowOverride

 Order allow,deny

 Allow from all

 Authtype CAS

 require valid-user

 Allow from env=no_cas_use

 #Satisfy Any

   # require cas-attribute edupersonaffiliation:staff




What am I missing?


Thankyou

Ramakrishna



On Thu, Jan 25, 2018 at 10:45 PM, David Hawes  wrote:

> On 23 January 2018 at 08:52, Ramakrishna G 
> wrote:
> > Unauthorized
> >
> > This server could not verify that you are authorized to access the
> document
> > requested. Either you supplied the wrong credentials (e.g., bad
> password),
> > or your browser doesn't understand how to supply the credentials
> required.
> >
> >
> > Ticket is generated but says the above error. I am using mod_auth_cas in
> > Apache server.
>
> Set:
>
> LogLevel debug
> CASDebug On
>
> and check your error logs. You should have information as to why you
> get this error.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAAgu-wCcoYC-Sg4V3dE6hOxi-
> 0QqiaJWm44xo9PuDhAt%2Br8wxA%40mail.gmail.com.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P8tnG9M%2BJH%2B3UJpMYmpTNMK11qyBs_tb9crh_-76jpZ8A%40mail.gmail.com.

[cas-user] CAS 5.2.1 Inspeckr jdbc mysql database not being populated.

2018-01-30 Thread 'Mallory, Erik' via CAS Community 
Inspektr or jdbc does not seem to be working properly. The database tables are 
not getting created on start, so there is nothing for Inspektr to write to.
The error:
PreparedStatementCallback; bad SQL grammar [SELECT AUD_DATE FROM 
COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = ? AND AUD_USER = ? AND AUD_ACTION = ? AND 
APPLIC_CD = ? AND AUD_DATE >= ? ORDER BY AUD_DATE DESC]; nested exception is 
java.sql.SQLSyntaxErrorException: Table 'casdb.COM_AUDIT_TRAIL' doesn't exist]>
org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad 
SQL grammar [SELECT AUD_DATE FROM COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = ? AND 
AUD_USER = ? AND AUD_ACTION = ? AND APPLIC_CD = ? AND AUD_DATE >= ? ORDER BY 
AUD_DATE DESC]; nested exception is java.sql.SQLSyntaxErrorException: Table 
'casdb.COM_AUDIT_TRAIL' doesn't exist

Relevant configuration information.

cas.authn.throttle.jdbc.ddlAuto=create-drop
cas.authn.throttle.jdbc.driverClass=com.mysql.jdbc.Driver
cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL5Dialect

I am able to create a table as the cas user in the database.

Any help would be appreciated.
Thanks,
Erik Mallory
Server Analyst
Wichita State University
316.978.3502

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/AFDFBB13-AD53-4CB2-9002-99B33069D47C%40wichita.edu.

[cas-user] CAS 5.2.1 Inspeckr jdbc mysql database not being populated.

2018-01-30 Thread 'Mallory, Erik' via CAS Community 
Hello,

Inspektr or jdbc does not seem to be working properly. The database tables are 
not getting created on start, so there is nothing for Inspektr to write to.
The error:
PreparedStatementCallback; bad SQL grammar [SELECT AUD_DATE FROM 
COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = ? AND AUD_USER = ? AND AUD_ACTION = ? AND 
APPLIC_CD = ? AND AUD_DATE >= ? ORDER BY AUD_DATE DESC]; nested exception is 
java.sql.SQLSyntaxErrorException: Table 'casdb.COM_AUDIT_TRAIL' doesn't exist]>
org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad 
SQL grammar [SELECT AUD_DATE FROM COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = ? AND 
AUD_USER = ? AND AUD_ACTION = ? AND APPLIC_CD = ? AND AUD_DATE >= ? ORDER BY 
AUD_DATE DESC]; nested exception is java.sql.SQLSyntaxErrorException: Table 
'casdb.COM_AUDIT_TRAIL' doesn't exist

Relevant configuration information.

cas.authn.throttle.jdbc.ddlAuto=create-drop
cas.authn.throttle.jdbc.driverClass=com.mysql.jdbc.Driver
cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL5Dialect

I am able to create a table as the cas user in the database.

Any help would be appreciated.
Thanks,
Erik Mallory
Server Analyst
Wichita State University

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5E1A07A4-C7F3-4E2B-814D-885709DAF270%40wichita.edu.

[cas-user] CAS 5.2.1 Inspeckr jdbc mysql database not being populated.

2018-01-30 Thread 'Mallory, Erik' via CAS Community 
Hello,

Inspektr or jdbc does not seem to be working properly. The database tables are 
not getting created on start, so there is nothing for Inspektr to write to.
The error:
PreparedStatementCallback; bad SQL grammar [SELECT AUD_DATE FROM 
COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = ? AND AUD_USER = ? AND AUD_ACTION = ? AND 
APPLIC_CD = ? AND AUD_DATE >= ? ORDER BY AUD_DATE DESC]; nested exception is 
java.sql.SQLSyntaxErrorException: Table 'casdb.COM_AUDIT_TRAIL' doesn't exist]>
org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad 
SQL grammar [SELECT AUD_DATE FROM COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = ? AND 
AUD_USER = ? AND AUD_ACTION = ? AND APPLIC_CD = ? AND AUD_DATE >= ? ORDER BY 
AUD_DATE DESC]; nested exception is java.sql.SQLSyntaxErrorException: Table 
'casdb.COM_AUDIT_TRAIL' doesn't exist

Relevant configuration information.

cas.authn.throttle.jdbc.ddlAuto=create-drop
cas.authn.throttle.jdbc.driverClass=com.mysql.jdbc.Driver
cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL5Dialect

I am able to create a table as the cas user in the database.

Any help would be appreciated.
Thanks,
Erik Mallory
Server Analyst
Wichita State University
316.978.3502

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6C5860DF-ADE8-4629-AE28-13F293108E63%40wichita.edu.

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ramakrishna G 
Hi ,

Now I think I resolved certificate issue. But I am getting this error

[Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878]
mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626:
authorization result of Require valid-user : denied (no authenticated user
yet)

[Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878]
mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626:
authorization result of : denied (no authenticated user yet)

[Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(2076): [client 192.168.111.118:62974] Entering
cas_authenticate()

[Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(656): [client 192.168.111.118:62974] Modified r->args (now
'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client')

[Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1779): [client 192.168.111.118:62974] entering
getResponseFromServer()

[Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(584): [client 192.168.111.118:62974] CAS Service
'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client'

[Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1856): [client 192.168.111.118:62974] Validation response:
HTTP Status 406 \xe2\x80\x93
Not Acceptableh1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}HTTP
Status 406 \xe2\x80\x93 Not AcceptableType Status ReportDescription The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.Apache
Tomcat/8.5.24

[Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1440): [client 192.168.111.118:62974] entering
isValidCASTicket()

[Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1446): [client 192.168.111.118:62974] MOD_AUTH_CAS: response
= HTTP Status 406 \xe2\x80\x93
Not Acceptableh1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}HTTP
Status 406 \xe2\x80\x93 Not AcceptableType Status ReportDescription The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.Apache
Tomcat/8.5.24

[Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client
192.168.111.118:62974] MOD_AUTH_CAS: error parsing CASv2 response: XML
parser error code: syntax error (2)

[Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205]
mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626:
authorization result of Require valid-user : denied (no authenticated user
yet), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524008 2018] [authz_core:debug] [pid 19205]
mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626:
authorization result of : denied (no authenticated user yet),
referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524022 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(2076): [client 192.168.111.118:62976] Entering
cas_authenticate(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524042 2018] [auth_cas:debug] [pid 19205]

[cas-user] CAS 5.2.1 Inspecktr jdbc mysql database not being populated.

2018-01-30 Thread Erik Mallory 


Hello,

 

Inspektr or jdbc does not seem to be working properly. The database tables 
are not getting created on start, so there is nothing for Inspektr to write 
to.

The error:

PreparedStatementCallback; bad SQL grammar [SELECT AUD_DATE FROM 
COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = ? AND AUD_USER = ? AND AUD_ACTION = ? 
AND APPLIC_CD = ? AND AUD_DATE >= ? ORDER BY AUD_DATE DESC]; nested 
exception is java.sql.SQLSyntaxErrorException: Table 
'casdb.COM_AUDIT_TRAIL' doesn't exist]>

org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; 
bad SQL grammar [SELECT AUD_DATE FROM COM_AUDIT_TRAIL WHERE AUD_CLIENT_IP = 
? AND AUD_USER = ? AND AUD_ACTION = ? AND APPLIC_CD = ? AND AUD_DATE >= ? 
ORDER BY AUD_DATE DESC]; nested exception is 
java.sql.SQLSyntaxErrorException: Table 'casdb.COM_AUDIT_TRAIL' doesn't 
exist

 

Relevant configuration information.

 

cas.authn.throttle.jdbc.ddlAuto=create-drop

cas.authn.throttle.jdbc.driverClass=com.mysql.jdbc.Driver

cas.authn.throttle.jdbc.dialect=org.hibernate.dialect.MySQL5Dialect

 

I am able to create a table as the cas user in the database.

 

Any help would be appreciated.

Thanks,

Erik Mallory

Server Analyst 

Wichita State University

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0fe0876-b8c6-4b44-8e16-85ea72574d5a%40apereo.org.