Re: [cas-user] Can I make use of XML attributes in a serviceValidate response for authorization control?

On Thu, Feb 22, 2018 at 4:14 PM, Bryan K. Walton wrote: > We have a mod_auth_cas installation where the CAS server on the other > end is sending us XML attributes in their response. I don't have any > details on their CAS server version. What I do know is that we are >

[cas-user] CAS 5.1.6 cluster with ehcache hang

Hi, we are running CAS 5.1.6 with a two host ehcache cluster. When we shutdown one of the two hosts, then the remaining host hangs and stops processing CAS login requests. Then when we start the down host back up, all of the CAS login requests work fine. Any ideas what might be going on here?

Re: [cas-user] Re: CAS5.2 Connect to LDAP

My guess would be you don't have enough privileges to see everything you need to see, but that's just a guess. Your question goes beyond my level of AD/LDAP knowledge, but I've always been under the impression that everything has to have a DN. David A. Curry, CISSP Director of Information

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

My thanks to all who have responded. I finally spotted the issue. In the logs, I found this: https://testssbxe.aims.edu:8444/Ba nnerGeneralSsb/j_spring_cas_security_check] does not match supplied service

Re: [cas-user] Re: CAS5.2 Connect to LDAP

Correct me if I'm wrong but looking at the directory, not everyone has a DN. Some users are only members of a group it looks like. Is this because my account doesn't have high enough priveledge to see everyone? But at the very least I should be able to see myself right? Or is possible for not

Re: [cas-user] Re: CAS5.2 Connect to LDAP

If you look up a user in your directory, what does the DN for that user look like? That's what the dnFormat should look like, except that you replace the username with a "%s" for CAS to fill in. So, for example, the DN for our accounts looks like this:

Re: [cas-user] Re: CAS5.2 Connect to LDAP

So it looks like it's because I'm missing a dnFormat value? I'm not exactly sure how I should format my dnFormat? Could I get some help? On Thursday, February 22, 2018 at 2:47:47 PM UTC-6, David Curry wrote: > > I don't see an error there? Did your copy and paste not capture everything. > >

Re: [cas-user] Re: CAS5.2 Connect to LDAP

I don't see an error there? Did your copy and paste not capture everything. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Thu,

Re: [cas-user] Re: CAS5.2 Connect to LDAP

I tried following that but this is my error still: 2018-02-22 14:40:41,986 DEBUG [org.apereo.cas.configuration.support.CasConfigurationJasyptDecryptor] - 2018-02-22 14:40:41,995 DEBUG [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] - 2018-02-22 14:40:41,996

Re: [cas-user] Re: CAS5.2 Connect to LDAP

You might find the examples here helpful: https://dacurry-tns.github.io/deploying-apereo-cas/building_server_ldap_overview.html There's an Active Directory configuration (two, actually) and an LDAP configuration. Authentication and attribute retrieval. If those don't help, then please post the

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

The main “bug tracker” for CAS project is an open pull request ;-) May I suggest you first try 5.3.0-RC3-SNAPSHOT… D. From: Brian Davidson Reply: cas-user@apereo.org Date: February 22, 2018 at 3:03:46 PM To: cas-user@apereo.org

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

Do we need to open an issue in a bug tracker? If so, where? Any suggestions where to start poking in the code to try to debug this some more? As best we can tell it’s throwing an exception in Spring web flow (which unfortunately we haven’t used so we’ve got a learning curve there). And it

[cas-user] Re: CAS5.2 Connect to LDAP

I've now changed it to this: #AD Configurations cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://alpha.beta.gamma:389 #cas.authn.ldap[0].connectionStrategy= cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000

[cas-user] CAS5.2 Connect to LDAP

Hello, I can't seem to make heads or tailed of getting CAS to talk to LDAP I know my LDAP is working because using the following command, I can see all LDAP entries: ldapsearch -x -h alpha.beta.gamma -D user@beta.gamma -W -b "dc=beta,dc=gamma" My assumption is that since these credentials

[cas-user] Moodle and CAS double login

Hi, I am having a double login issue with Moodle and CAS (v4.0.1). You can reproduce the error by logging out of moodle, and try to immediately login back. The first login does nothing, and you are prompted for a login page again. The scenario and resolution was also described in this blog

[cas-user] Re: OAuth Client Credentials Grant

Hi Martin, if you read the documentation you should use /oauth2.0/accessToken endpoint, not the authorization one. Hope it helps. Agustín. > -- - Website: https://apereo.github.io/cas

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

Matthew, Here is our service definition: { @class: org.apereo.cas.services.RegexRegisteredService id: name: Banner description: Self-Service logo: https://www.mtu.edu/images/mtu-logo.png serviceId: https://(www\.)?bannerweb.mtu.edu(:443)?/.* attributeReleasePolicy: {

[cas-user] [CAS 5.X] Proxy Mode and 5.2.x

Hello CAS' Experts, We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x. SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME configuration (except json-service-registry dependency and json location directory : different names). SAME Json files. 5.1.7 / 5.1.8 : NO

Re: [cas-user] Re: CAS 5.2 and Ellucian Banner 9 (XE)

Looking for Java Developers with CAS experience in Torrance, California! If you know anyone please contact me directly at m...@docmagic.com On Thu, Feb 22, 2018 at 6:47 AM, William E. wrote: > We are on cas 5.2.2, banner 8 via ssomanager and banner 9 admin apps. > Seems to work

Re: [cas-user] Re: CAS Client Location (PKIX path building failed)

Did you try to import the server's certificate into the jre cacerts keystore? On Thu, Feb 22, 2018 at 9:32 AM, Kevin Liu wrote: > Double checked and even reimported the certs to all keystores. Still same > issue. I'm at a total loss. I might try localhosts as the host

Re: [cas-user] CAS5.2 LDAP Types

Thank you! I somehow completely missed that on that page. On Thursday, February 22, 2018 at 8:40:27 AM UTC-6, David Curry wrote: > > The descriptions are here: > > > https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 > > There's also some more

[cas-user] Re: CAS 5.2 and Ellucian Banner 9 (XE)

We are on cas 5.2.2, banner 8 via ssomanager and banner 9 admin apps. Seems to work fine since we upgraded to cas 5.2.2 in late December. We populate the udcid in ldap from banner, then map it in cas as: cas.authn.attributeRepository.ldap[0].attributes.uahUDCID=UDC_IDENTIFIER Please note,

Re: [cas-user] CAS5.2 LDAP Types

The descriptions are here: https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 There's also some more detailed stuff about each method in the ldaptive documentation, but you have to kind of hunt for it. I found it once about a year ago, but of

[cas-user] CAS5.2 LDAP Types

Can someone explain to me the different LDAP types? I don't exactly understand the purpose of AD, Authenticated, Anonymous, or DIrect. If there is documentation somewhere, that would be appreciated too. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas

Re: [cas-user] Re: CAS Client Location (PKIX path building failed)

Double checked and even reimported the certs to all keystores. Still same issue. I'm at a total loss. I might try localhosts as the host name to see if that'll work. On Wednesday, February 21, 2018 at 7:07:44 PM UTC-6, rbon wrote: > > Kevin, > > Could it be a problem with the certificate?

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

Thanks Greg. I've got all the following attributes listed in by cas.properties. When I look in /cas/status/ssosessions I see all of these attributes in the TGT. That's why I was thinking it must be something to do with the way the attributes are released in the service definition.

[cas-user] Re: CAS installation

Strongly recommend following this: https://dacurry-tns.github.io/deploying-apereo-cas/building_server_ldap_authentication_config-ad-auth-properties.html On Thursday, February 22, 2018 at 8:02:01 AM UTC-6, Hippolyte wrote: > > Hello everyone, > > I would like to install the latest version of the

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

Thanks Travis. That's the track I've been on. Can you tell me whether this service definition looks anything like what you ended up with? { @class: org.apereo.cas.services.RegexRegisteredService serviceId:

[cas-user] CAS installation

Hello everyone, I would like to install the latest version of the CAS but I can not find any documentation indicating the procedure to follow. Can you help me ? Thanks you ! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines:

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

Hello Jérôme, I have written a mail to ORCID support and below is the reply from them: - *When do you get that error message? Is it when you try to exchange the 6 digit code for an access token? (I tried the link you sent and I'm able to authorize and see the 6 digit authorization code) If so,