If nobody else considered your kind offer I suppose cas multitenancy wins!!
El lunes, 26 de febrero de 2018, Cheltenham, Chris <
ccheltenham-...@philasd.org> escribió:
> Hello Michael,
>
>
>
>
>
> I work for Philadelphia School District K thru 12.
>
>
>
> We may be interested in the hours of
send cas startup log
2018-02-26 21:04 GMT-03:00 :
> It has to be reading my properties or else I could never switch between
> MySQL and Oracle which I do all day long. It has to be something else.
>
> Bill
>
> Sent from a device.
>
> On Feb 26, 2018, at 7:59 AM, Man H
It has to be reading my properties or else I could never switch between MySQL
and Oracle which I do all day long. It has to be something else.
Bill
Sent from a device.
> On Feb 26, 2018, at 7:59 AM, Man H wrote:
>
> Cas is not reading your properties. Check where
So I've included an extra ldap index to get around multiple OUs. I can now
authenticate users but only with their full name and not their
sAMAccountName. For example, on the cas login screen, if I put my
sAMAccountName kliu as the username and the associated password, I get
denied but if I put
Can you post your logs, cas.properties and pom.xml
And I can have a look.
Also try installing http://www.ldapadmin.org/
to do some testing
--Matt
On Friday, 23 February 2018 05:32:54 UTC+10, Kevin Liu wrote:
>
> Hello,
>
> I can't seem to make heads or tailed of getting CAS to talk to LDAP
>
Send me your POM and cas.properties
In the mean time install ldapadmin
http://www.ldapadmin.org/
I can help with working out your config.
--Matt
On 23 February 2018 at 05:32, Kevin Liu wrote:
> Hello,
>
> I can't seem to make heads or tailed of getting CAS to talk to
Send me your POM and cas.properties
In the mean time install ldapadmin
http://www.ldapadmin.org/
I can help with working out your config.
--Matt
On 23 February 2018 at 05:32, Kevin Liu wrote:
> Hello,
>
> I can't seem to make heads or tailed of getting CAS to talk to
Since my DN is not fixed as I authenticate users at the Forest level, I
could not use AD and used AUTHENTICATED instead, and
used cas.authn.ldap[0].userFilter=(userPrincipalName={user}) as filter,
with subtreeSearch set to true, and was able to authenticate on two
different domains (but this
Hello all,
We're in the process of migrating our old 3.5.2 CAS setup to a more recent
version (5.2.2) and I'm testing different storage solutions for the service
registry.
So far, I was not able to use DynamoDB, and was wondering if anyone had
success with it. I'm guessing that it should
Okay so I've changed my cas.properties to reflect what you're saying.
I'm getting an error which requires me to input an dnFormat. Fair enough
but looking at your documentation, it says to put %s which will get the
username entered into the query. Does this mean that in your AD, your CN
and
Correct. If you're using the AD type, you should be using
cas.authn.ldap[0].userFilter: sAMAccountName={user}
Putting "anything" in the username field and getting authenticated doesn't
sound right.
But if you're using AD and dnFormat, I'm almost positive that you DO NOT
want to have a
No worries! Reading the documents again, it looks like I may confused a
couple of things.
AD Acive Directory - Users authenticate with sAMAccountName typically using
a DN format.
It says that it authenticates using the sAMAccountName which should get
passed in if we use
I concur with Matthew. That was my issue too until I changed it. Then
services started picking up.
On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:
>
> But think of all the experience you're getting! :-)
>
> Seriously, I know the feeling. I think we've all been there before.
Thanks, got it working!
I hope you don't mind me picking your brain a little further. Do you have
any experience with principalAttributeId fields? I'm wondering if I can
first bind to LDAP, and then use username and password to authenticate
instead and it looks like principalAttribute fields
If you want to release attributes under CAS 2.0 protocol, here (
https://kogentadono.com/2017/08/30/attribute-release-cas-5-1-x-for-cas-2-0-protocol/)
is a post I wrote up a while back.
Also, attached is the file you'll need to put in your war overlay to make
release work. It should live in
But think of all the experience you're getting! :-)
Seriously, I know the feeling. I think we've all been there before.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •
I haven't tried it myself, but you ought to be able to put cas.log.level
back to "warn" and then add something like
in the section (down around line 61). See the comment right there
in the file for a little more info.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
I do , I will check everything again in the morning.
Thanks for your help.
It’s frustrating because I know it’s something stupid but I just don’t see
it yet.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work #
Chris,
I ran into the same problem. I added json files to /etc/cas/services but
CAS was only reading those in the classpath/services directory.
I found that my problem was in my cas.properties:
Incorrect:
cas.serviceRegistry.*config*.location: file:/etc/cas/services
Correct:
I'm messing with the logger. Is it possible to have just LDAP debug codes
output? If so, how? Cause I can't seem to be able to shut off the others
without shutting off debug all together.
On Monday, February 26, 2018 at 11:53:16 AM UTC-6, David Curry wrote:
>
> Well, you can start with
Do you have
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
in pom.xml and
cas.serviceRegistry.json.location:file:/etc/cas/services
in cas.properties?
If not, you need them. If so, then dig through the archives of this group
in the
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018-02-26 14:42:49,710 DEBUG
I think we've been through most of these at one time or another, but to
assemble them all in one place...
1. You have all of these:
# The /status endpoint is protected by IP address only.
cas.adminPagesSecurity.ip: ...a valid regex to match your
authorized addresses...
# The
Hi, Didier. We're also experiencing some WebProxy and ClearPass issues with CAS
5.2.x and uPortal 4. What version of uPortal are you running?
thanks,
Luke
OK, I answer by myself.
Found the solution by a colleague in a French list. Thanks a lot to him.
I try to explain (sorry for my english) :
Hello,
I have been stuggling with access denied on the dashboard
- users.properties only has the following.
ccheltenham-ext=passwordnotused,ROLE_ADMIN
What else could I have misconfigured?
===
Thank You;
Chris Cheltenham
Technology
Well, you can start with log4j2.xml, and change
warn
to
debug
which will give you a lot of detail (all in cas.log) about what's going on.
If that doesn't give you want you want, you can also (or instead) change
to
to get debugging from the LDAP code itself.
As for your second
Thank you Dave for providing additonal insight!
Just to add, my MSDN I was refering above is actually an Microsoft Active
Directory Server which I'm using the LDAP protocol to talk to (at least
that is my understanding).
I've got a few more questions. Is it possible to see what the LDAP is
Glad you figured it out. Note that if you turn on debug logging for
anything (in log4j2.xml), those messages will also go to cas.log. In my
personal experience, the cas.log messages are more helpful than the
catalina.out messages about 4 times out of 5.
--Dave
--
DAVID A. CURRY, CISSP
Toby,
It looks like your client is using CAS 2.0 protocol.
Attribute release can be done with SAML 1.1 and CAS 3.0 protocol.
Ray
On Mon, 2018-02-26 at 07:41 -0800, Toby Archer wrote:
With the addition of those loggers and a little tweeking I got some info that
should be useful. Firstly:
Ash,
You could adjust the webflow and redirect user after TGT is sent and before ST
is created. We did this to prompt user to update contact info through a custom
app.
Ray
On Mon, 2018-02-26 at 05:40 -0800, Ash wrote:
Not for logout, but during the login process. The Service Provider
I was trying to customize web-flows in cas5 using xml/annotation based
configurations, i was facing issue (NoSuchWebflowFoundException) while
registering new web-flows.As I was looking at the documentation of apereo
found the below link to customize web-flows but couldn't get a clear
Do you get any log entries in cas.log? Sometimes those can be a little more
informative than the ones in catalina.out.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •
Cas is not multitenant.
See
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20C889EBD5E2E103.107C4E6D-3607-4BC8-8345-C8AE71F48935%40mail.outlook.com?utm_medium=email_source=footer
among others.
2018-02-26 10:40 GMT-03:00 Ash :
>
> Not for logout, but
I am trying to use SAML2 with CAS 5.2. I have it setup as the idp and I
have two services connected to it. Everything works as expected with one
service - but the second service does not receive a POST to its logout url
when signing out of CAS.
Steps:
Sign in to both applications. Only first
With the addition of those loggers and a little tweeking I got some info
that should be useful. Firstly:
2018-02-26 15:36:46,731 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
2018-02-26 15:36:46,731 DEBUG
Hi David,
Yep, already got that.
On 26/02/2018 14:35, David Curry wrote:
> Sami,
>
> Do you have the LDAP dependency in pom.xml?
>
>
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
>
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
>
Chris,
In the URL you posted:
https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D
/login?service=https%3A%2F%2Fdevcas5.philasd.org%2Fcas%2Fstatus%2Fdashboard
what is this part:
$%7Bcas.server.prefix%7D
supposed to do?
Looks like maybe you have a typo somehwere. The URL should
Actually I did not figure out my issue
If anyone know why I am getting page not found /satatus/dashboard please see
below …
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From:
I think I figured out that yes I do need a service Jason for the dashboard.
Please disregard.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org
Sami,
Do you have the LDAP dependency in pom.xml?
org.apereo.cas
cas-server-support-ldap
${cas.version}
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
Using David Curry's dashboard instructions I seem to have either missed
something.
I get
PAGE Not Found
at this url
https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?serv
ice=https%3A%2F%2Fdevcas5.philasd.org%2Fcas%2Fstatus%2Fdashboard
Don't I need a
On Thu, Feb 22, 2018 at 06:04PM -0500, Dawid Hawes wrote:
>> for authorization control, without having access to a samlValidate url
>> option? For example, we would like to instruct Apache to limit access
>> to those users who have "Staff" in the the "" element.
>
>mod_auth_cas supports SAML
I've been following this guide throughout
https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html,
and everything has been going smoothly so far; up to the part where I
needed to add the ldap authentication. The log says cas is deployed with
errors.
Catalina logs:
Not for logout, but during the login process. The Service Provider supports
multiple tenants and we would like CAS to redirect the user to a different
URL based on tenant.
Thanks,
Ash
On Saturday, February 24, 2018 at 2:32:41 PM UTC-6, Manfredo Hopp wrote:
>
> Why you need more than one
Cas is not reading your properties. Check where they are fetched
El lunes, 26 de febrero de 2018, William Jojo escribió:
> Manfredo,
>
> Hibernate is not posting to my logs. Turned on cas.jdbc.showSql and
> cas.jdbc.genDdl. Also added org.hibernate, org.hibernate.SQL and
>
I don't know.
Uxío Prego
Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com
The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of
Manfredo,
Hibernate is not posting to my logs. Turned on cas.jdbc.showSql and
cas.jdbc.genDdl. Also added org.hibernate, org.hibernate.SQL and
org.hibernate.type.descriptor.sql to the log4j2.xml for both debug and
trace. Nothing.
This is built using Maven and our own Tomcat server.
Bill
On
Hi Everyone,
I would like to add the possibility to use JWT Authentication to my CAS
Server, i followed this link
https://apereo.github.io/cas/4.2.x/installation/JWT-Authentication.html but
it's not working.
Im using CAS Version 4.2.7 and Java Version : 1.8.0_40, i followed this
steps below
48 matches
Mail list logo