[cas-user] CAS 5.2.2 and properties

Is the following structure correct cas-overlaytemplate/ | |---etc/cas/config/cas.properties | | --overlays/org.ap.tomcat-5.2.2 when I run from c:\cas-overlaytemplate/ java -jar target\cas.war it is not picking up the cas.properties in the etc\ directory >From what I have read

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

I meant to add, our pom.xml has the following dependencies (in case we’re missing something): org.apereo.cas cas-server-webapp-${app.server} ${cas.version} war runtime org.apereo.cas

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

Added cas-server-core-authentication dependency. Still getting the same exception. I do get: 2018-02-09 23:31:04,841 DEBUG [org.apereo.cas.authentication.GroovyMultifactorAuthenticationProviderBypass] - We’ve had that working since adding the bypass.type=GROOVY and bypass.groovy.location

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

Sorry, there's a bit of a history to the problem that involved several other ticket registries. On CAS 3.5 we where using PostgreSQL, but when I upgraded to CAS 5.x I switched to Hazelcast. Which work okay except that after three days pinciple ID's start to become null after successful

[cas-user] LDAP failing Silently

The following page https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 Says bad confugurations disable cas ldap silently!! How do I go about stopping it from failing silently? --Matt -- - Website: https://apereo.github.io/cas - Gitter

Re: [cas-user] Re: Upgrade CAS 3.5.2 to CAS 5.x

So, few points. On the class names between 3 and 5 - you don’t have to worry about it anymore (well, as long as you don’t need to extend CAS and program against its internals and extension points). The general theme of CAS

Re: [cas-user] Re: Upgrade CAS 3.5.2 to CAS 5.x

Any one has ideas on this? 2) I also want to support multiple IDPs vendors and use CAS as IDP , this should be based on customer? Do I need to customize login web flow to use different IDP based on customer? This means one customer is using CAS login back end oracle db.and another customer

Re: [cas-user] Issues with service registry on 5.2.2

For CAS versions 5.2+ use cas.serviceRegistry.json.location property:  https://apereo.github.io/cas/development/installation/Configuration-Properties.html#json-service-registry Cheers, D. From: Christopher Myers Reply: cas-user@apereo.org Date: 

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

On Fri, Feb 9, 2018 at 4:00 PM, Mukunthini Jeyakumar wrote: > Hi > > I'm seeing the same error even If I use /serviceValidate endpoint. As soon > as I turn on CASValidateSAML, I'm getting the error > > Here is my mod_auth_cas. (I've used David Curry's Guide ) > > LoadModule

Re: [cas-user] inspektr

This is for creating your own audit entry points. Cas already defined them, so you just use it. 2018-02-09 17:30 GMT-03:00 Cheltenham, Chris : > Does anyone have better documentation for inspektr? > > > > > > I just read this > > > >

Re: [cas-user] Issues with service registry on 5.2.2

if you edit build.sh youl see function copy() { echo -e "Creating configuration directory under /etc/cas" mkdir -p /etc/cas/config echo -e "Copying configuration files from etc/cas to /etc/cas" cp -rfv etc/cas/* /etc/cas } instead run mvn clean package 2018-02-09 16:29

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

add org.apereo.cas cas-server-core-authentication ${cas.version} with: cas.authn.mfa.duo[0].bypass.type=GROOVY cas.authn.mfa.duo[0].bypass.groovy.location=file:/etc/cas/config/mfaGroovyTrigger.groovy you should get 2018-02-09

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

I’m a little lost now. Are you sure you need to waste that much energy investigating so many ticket registry alternatives? Shouldn’t you be trying to just assess the feasibility of using that data base with which you feel more comfortable? To be more clear, let’s say it works better using

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

Hi I'm seeing the same error even If I use /serviceValidate endpoint. As soon as I turn on CASValidateSAML, I'm getting the error Here is my mod_auth_cas. (I've used David Curry's Guide ) LoadModule auth_cas_module modules/mod_auth_cas.so AuthType CAS CASAuthNHeader On

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

Are you sure your server supports /samlValidate? Are you able to use /serviceValidate? Post your full mod_auth_cas config here. The 406 you see is from the CAS server. Do you have any logs on the CAS server that indicate why the request failed? On Fri, Feb 9, 2018 at 2:09 PM, Mukunthini

[cas-user] inspektr

Does anyone have better documentation for inspektr? I just read this https://github.com/apereo/inspektr/blob/master/README.md and I have NO clue what any of it means. === Thank You; Chris Cheltenham Technology Services The School District of

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

Just to add a bit to what Brian M. provided (I’m also a Brian, and a co-worker of Brian M’s): We have Duo MFA working if we comment out: cas.authn.mfa.duo[0].bypass.type=GROOVY cas.authn.mfa.duo[0].bypass.groovy.location=file:///etc/cas/selectiveDuo.groovy We did find that CAS was unable to

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

So it turns out I already had the driver turned to debug, so no new information there. But I did up the verbosity level of MongoDB log to 5 and noticed that a write attempt for the TGT ticket wasn't even made (subsequent fetches where made though). I decided to try pulling down the latest maven

[cas-user] Issues with service registry on 5.2.2

I apologize in advance, I didn't realize that the jasig-cas-user list wasn't the current one because that's the list that showed up in my Google searches, and it appears to still be active based on others posting out there. So I'm cross-posting to this list, which I guess is the current one?

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

Hi dhawes, With the debug on, [Thu Feb 08 16:07:44 2018] [debug] mod_auth_cas.c(2076): [client 129.100.6.30] Entering cas_authenticate(), referer: https://:8443/cas/login?service=https%3a%2f%2f%2freturn-mapped%2findex.php [Thu Feb 08 16:07:44 2018] [debug] mod_auth_cas.c(654): [client

Re: [cas-user] how do I capture audit log trail for unauthorized users who are denied access to a service in an accessStrategy configuration of one of my JSON files?

Thanks! :) On Friday, February 9, 2018 at 11:57:07 AM UTC-5, Dmitriy Kopylenko wrote: > > I’m not sure that’s possible. > > One other option would be for you to implement Inspektr’s audit log at > that audit point and contribute back to CAS project :-) > > D. > > > > > On Fri, Feb 9, 2018 at

RE: [cas-user] cas 5 management

Thanks David, I really appreciate your help. Its saved me tons of time. I almost forgot about your documentation but it has helped me a lot. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell #

Re: [cas-user] cas 5 management

Chris, In my setup, I did not configure the management webapp to use LDAP directly. Rather, I set it up to authenticate against the CAS server, and just use the userPropertiesFile to control who can actually log into it. I used the same "admusers.properties" file that I used to control access to

Re: [cas-user] how do I capture audit log trail for unauthorized users who are denied access to a service in an accessStrategy configuration of one of my JSON files?

I’m not sure that’s possible. One other option would be for you to implement Inspektr’s audit log at that audit point and contribute back to CAS project :-) D.

RE: [cas-user] cas 5 management

Thanks Travis, I am using David Curry’s docs. I don’t understand the CAS docs from Apereo. I think they document with the thinking of a developer, which I am not. Therefore, I have a lot of trouble understanding them. I appreciate your help. === Thank You;

Re: [cas-user] how do I capture audit log trail for unauthorized users who are denied access to a service in an accessStrategy configuration of one of my JSON files?

Thanks for the quick response Dmitriy. As a workaround, might it be possible for me to replace the following: "unauthorizedRedirectUrl" : "https://ssohost.mydomain.edu/cas_nowayjose/;, ...with something like the following: "unauthorizedRedirectUrl" : "

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

Set: LogLevel debug CASDebug On and check your error logs. You should have information as to why you get this error. On Thu, Feb 8, 2018 at 1:13 PM, Mukunthini Jeyakumar wrote: > Hi David, > > I'm using mod_auth_cas configured to use the "samlValidate" endpoint. When I >

Re: [cas-user] cas 5 management

Here is a link to getting started with CAS Management with 5.2.x https://apereo.github.io/cas/5.2.x/installation/Installing-ServicesMgmt-Webapp.html As far as LDAP is concerned, it is mostly a preference. The management app will contact a CAS Server for authenticating a user in whichever way

RE: [cas-user] Re: cas 5 management

Yes, great thank you. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of William E. Sent: Friday, February 9, 2018

[cas-user] Re: cas 5 management

Exactly. cas-management-overlay/target/cas-management.war Since we use json registry, and ldap, we add the below. org.apereo.cas cas-server-support-json-service-registry ${cas.version} org.apereo.cas cas-server-support-ldap ${cas.version} On Friday, February

[cas-user] cas 5 management

Hello , I have embarked on building cas-management via the overlay. I am assuming you build a totally separate war file with the ldapp dependency is you use ldap. Is that correct? === Thank You; Chris Cheltenham Technology Services The School District

Re: [cas-user] how do I capture audit log trail for unauthorized users who are denied access to a service in an accessStrategy configuration of one of my JSON files?

The short answer is - there is currently no audit trail advice weaved at the audit point you are after. Best, D. From: crdaudt Reply: cas-user@apereo.org Date: February 9, 2018 at 10:00:18 AM To: CAS Community Subject:  Re:

Re: [cas-user] how do I capture audit log trail for unauthorized users who are denied access to a service in an accessStrategy configuration of one of my JSON files?

Yes, the configuration is there in log4j2 but the audit log is only providing entries for users who are authorized, not for those who are denied access. I am attaching an annotated copy of my cas_audit.log, and also copies of my service's JSON file and log4j2.xml file. My goals: - To log

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

What do you mean by REMOVED in properties . El viernes, 9 de febrero de 2018, brian mancuso escribió: > Hey all, > > I was originally trying to setup some custom triggers to determine who > should use MFA and who is allowed to bypass. I have since been directed > towards

[cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

Hey all, I was originally trying to setup some custom triggers to determine who should use MFA and who is allowed to bypass. I have since been directed towards Groovy to simplify things, but I'm still having some trouble. At this point, the Groovy script's purpose is strictly to test if a