Is the following structure correct
cas-overlaytemplate/
|
|---etc/cas/config/cas.properties
|
| --overlays/org.ap.tomcat-5.2.2
when I run from c:\cas-overlaytemplate/
java -jar target\cas.war
it is not picking up the cas.properties in the etc\ directory
>From what I have read
I meant to add, our pom.xml has the following dependencies (in case we’re
missing something):
org.apereo.cas
cas-server-webapp-${app.server}
${cas.version}
war
runtime
org.apereo.cas
Added cas-server-core-authentication dependency. Still getting the same
exception.
I do get:
2018-02-09 23:31:04,841 DEBUG
[org.apereo.cas.authentication.GroovyMultifactorAuthenticationProviderBypass] -
We’ve had that working since adding the bypass.type=GROOVY and
bypass.groovy.location
Sorry, there's a bit of a history to the problem that involved several
other ticket registries.
On CAS 3.5 we where using PostgreSQL, but when I upgraded to CAS 5.x I
switched to Hazelcast. Which work okay except that after three days
pinciple ID's start to become null after successful
The following page
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1
Says bad confugurations disable cas ldap silently!!
How do I go about stopping it from failing silently?
--Matt
--
- Website: https://apereo.github.io/cas
- Gitter
So, few points. On the class names between 3 and 5 - you don’t
have to worry about it anymore (well, as long as you don’t need to extend CAS
and program against its internals and extension points). The general theme of
CAS
Any one has ideas on this?
2) I also want to support multiple IDPs vendors and use CAS as IDP , this
should be based on customer? Do I need to customize login web flow to use
different IDP based on customer? This means one customer is using CAS
login back end oracle db.and another customer
For CAS versions 5.2+ use cas.serviceRegistry.json.location property:
https://apereo.github.io/cas/development/installation/Configuration-Properties.html#json-service-registry
Cheers,
D.
From: Christopher Myers
Reply: cas-user@apereo.org
Date:
On Fri, Feb 9, 2018 at 4:00 PM, Mukunthini Jeyakumar
wrote:
> Hi
>
> I'm seeing the same error even If I use /serviceValidate endpoint. As soon
> as I turn on CASValidateSAML, I'm getting the error
>
> Here is my mod_auth_cas. (I've used David Curry's Guide )
>
> LoadModule
This is for creating your own audit entry points.
Cas already defined them, so you just use it.
2018-02-09 17:30 GMT-03:00 Cheltenham, Chris :
> Does anyone have better documentation for inspektr?
>
>
>
>
>
> I just read this
>
>
>
>
if you edit build.sh youl see
function copy() {
echo -e "Creating configuration directory under /etc/cas"
mkdir -p /etc/cas/config
echo -e "Copying configuration files from etc/cas to /etc/cas"
cp -rfv etc/cas/* /etc/cas
}
instead run mvn clean package
2018-02-09 16:29
add
org.apereo.cas
cas-server-core-authentication
${cas.version}
with:
cas.authn.mfa.duo[0].bypass.type=GROOVY
cas.authn.mfa.duo[0].bypass.groovy.location=file:/etc/cas/config/mfaGroovyTrigger.groovy
you should get
2018-02-09
I’m a little lost now.
Are you sure you need to waste that much energy investigating so many ticket
registry alternatives? Shouldn’t you be trying to just assess the feasibility
of using that data base with which you feel more comfortable?
To be more clear, let’s say it works better using
Hi
I'm seeing the same error even If I use /serviceValidate endpoint. As soon
as I turn on CASValidateSAML, I'm getting the error
Here is my mod_auth_cas. (I've used David Curry's Guide )
LoadModule auth_cas_module modules/mod_auth_cas.so
AuthType CAS
CASAuthNHeader On
Are you sure your server supports /samlValidate? Are you able to use
/serviceValidate?
Post your full mod_auth_cas config here.
The 406 you see is from the CAS server. Do you have any logs on the
CAS server that indicate why the request failed?
On Fri, Feb 9, 2018 at 2:09 PM, Mukunthini
Does anyone have better documentation for inspektr?
I just read this
https://github.com/apereo/inspektr/blob/master/README.md
and I have NO clue what any of it means.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of
Just to add a bit to what Brian M. provided (I’m also a Brian, and a co-worker
of Brian M’s):
We have Duo MFA working if we comment out:
cas.authn.mfa.duo[0].bypass.type=GROOVY
cas.authn.mfa.duo[0].bypass.groovy.location=file:///etc/cas/selectiveDuo.groovy
We did find that CAS was unable to
So it turns out I already had the driver turned to debug, so no new
information there. But I did up the verbosity level of MongoDB log to 5
and noticed that a write attempt for the TGT ticket wasn't even made
(subsequent fetches where made though).
I decided to try pulling down the latest maven
I apologize in advance, I didn't realize that the jasig-cas-user list
wasn't the current one because that's the list that showed up in my Google
searches, and it appears to still be active based on others posting out
there.
So I'm cross-posting to this list, which I guess is the current one?
Hi dhawes,
With the debug on,
[Thu Feb 08 16:07:44 2018] [debug] mod_auth_cas.c(2076): [client
129.100.6.30] Entering cas_authenticate(), referer:
https://:8443/cas/login?service=https%3a%2f%2f%2freturn-mapped%2findex.php
[Thu Feb 08 16:07:44 2018] [debug] mod_auth_cas.c(654): [client
Thanks! :)
On Friday, February 9, 2018 at 11:57:07 AM UTC-5, Dmitriy Kopylenko wrote:
>
> I’m not sure that’s possible.
>
> One other option would be for you to implement Inspektr’s audit log at
> that audit point and contribute back to CAS project :-)
>
> D.
>
>
>
>
> On Fri, Feb 9, 2018 at
Thanks David, I really appreciate your help.
Its saved me tons of time.
I almost forgot about your documentation but it has helped me a lot.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell #
Chris,
In my setup, I did not configure the management webapp to use LDAP
directly. Rather, I set it up to authenticate against the CAS server, and
just use the userPropertiesFile to control who can actually log into it. I
used the same "admusers.properties" file that I used to control access to
I’m not sure that’s possible.
One other option would be for you to implement Inspektr’s audit log at that
audit point and contribute back to CAS project :-)
D.
Thanks Travis,
I am using David Curry’s docs.
I don’t understand the CAS docs from Apereo.
I think they document with the thinking of a developer, which I am not.
Therefore, I have a lot of trouble understanding them.
I appreciate your help.
===
Thank You;
Thanks for the quick response Dmitriy.
As a workaround, might it be possible for me to replace the following:
"unauthorizedRedirectUrl" : "https://ssohost.mydomain.edu/cas_nowayjose/;,
...with something like the following:
"unauthorizedRedirectUrl" : "
Set:
LogLevel debug
CASDebug On
and check your error logs. You should have information as to why you
get this error.
On Thu, Feb 8, 2018 at 1:13 PM, Mukunthini Jeyakumar
wrote:
> Hi David,
>
> I'm using mod_auth_cas configured to use the "samlValidate" endpoint. When I
>
Here is a link to getting started with CAS Management with 5.2.x
https://apereo.github.io/cas/5.2.x/installation/Installing-ServicesMgmt-Webapp.html
As far as LDAP is concerned, it is mostly a preference. The management app
will contact a CAS Server for authenticating a user in whichever way
Yes, great thank you.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of William
E.
Sent: Friday, February 9, 2018
Exactly. cas-management-overlay/target/cas-management.war
Since we use json registry, and ldap, we add the below.
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
org.apereo.cas
cas-server-support-ldap
${cas.version}
On Friday, February
Hello ,
I have embarked on building cas-management via the overlay.
I am assuming you build a totally separate war file with the ldapp
dependency is you use ldap.
Is that correct?
===
Thank You;
Chris Cheltenham
Technology Services
The School District
The short answer is - there is currently no audit trail advice weaved at the
audit point you are after.
Best,
D.
From: crdaudt
Reply: cas-user@apereo.org
Date: February 9, 2018 at 10:00:18 AM
To: CAS Community
Subject: Re:
Yes, the configuration is there in log4j2 but the audit log is only
providing entries for users who are authorized, not for those who are
denied access.
I am attaching an annotated copy of my cas_audit.log, and also copies of my
service's JSON file and log4j2.xml file.
My goals:
- To log
What do you mean by REMOVED in properties .
El viernes, 9 de febrero de 2018, brian mancuso
escribió:
> Hey all,
>
> I was originally trying to setup some custom triggers to determine who
> should use MFA and who is allowed to bypass. I have since been directed
> towards
Hey all,
I was originally trying to setup some custom triggers to determine who
should use MFA and who is allowed to bypass. I have since been directed
towards Groovy to simplify things, but I'm still having some trouble.
At this point, the Groovy script's purpose is strictly to test if a
35 matches
Mail list logo