Re: [cas-user] Attribute not receiving inconsistant on serviceValidate request

Dont do redirect only gather your attributes El martes, 27 de febrero de 2018, Sreekanth Mohan escribió: > I have successfully integrated CAS for our different clients. But this > time 'samlValidate' response is not consistently supplying the required > attribute.

Re: [cas-user] Re: CAS 5.1.x and 5.2.x failing when authenticating agains MySQL DB

Use support-jdbc instead of Jdbc-driver El jueves, 1 de marzo de 2018, S escribió: > Hi > > I am also getting the same error. Any solutions? > > Thanks > > On Saturday, September 16, 2017 at 1:55:45 AM UTC+5:30, Nona M wrote: >> >> Hi, >> >> Were you able to solve

[cas-user] CAS SSO for Asp.Net website, attributes not receiving on serviceValidate request

I have successfully integrated CAS for our different clients. But this time 'samlValidate' response is not consistently supplying the required attribute. Login is failing randomly because of the missing attribute in the ticket validation response. Sometimes when I clear browser history, it's

[cas-user] Attribute not receiving inconsistant on serviceValidate request

I have successfully integrated CAS for our different clients. But this time 'samlValidate' response is not consistently supplying the required attribute. Login is failing randomly because of the missing attribute in the ticket validation response. Sometimes when I clear browser history, it's

[cas-user] Re: CAS 5.1.x and 5.2.x failing when authenticating agains MySQL DB

Hi I am also getting the same error. Any solutions? Thanks On Saturday, September 16, 2017 at 1:55:45 AM UTC+5:30, Nona M wrote: > > Hi, > > Were you able to solve this? I am getting the same error. > > Thx > > > On Thursday, August 17, 2017 at 9:31:04 AM UTC-4, Szymon Stuglik wrote: >> >>

Re: [cas-user] Re: CAS 5.2 Password Variable

Lets see what the security people say! 2018-02-28 19:06 GMT-03:00 Ray Bon : > There is https://github.com/apereo/cas-configserver-overlay which we have > deployed. It reads our config from a local git repo. In the repo the > credentials are encrypted. The config server decrypts

Re: [cas-user] Re: CAS 5.2 Password Variable

There is https://github.com/apereo/cas-configserver-overlay which we have deployed. It reads our config from a local git repo. In the repo the credentials are encrypted. The config server decrypts them before sending to CAS. But there is still a password for access to the config server. Ray

Re: [cas-user] cas 5.1.x setting cas:user value

Thank you. Classic problem of knowing what I want but not sure how to google for it. Got it working. Cheers. On Tuesday, February 27, 2018 at 9:13:37 PM UTC-6, Manfredo Hopp wrote: > > See > > > https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-PrincipalId.html > > El martes, 27

Re: [cas-user] Re: CAS 5.2 Password Variable

Password of what? The server or the AD credentials? I'm assuming you're refering to the server which if you have physical access, you can boot using GRUB and mount the filesystem bypassing any password. Then it's just a matter of looking up AD/LDAP credentials. David, thank you for pointing that

Re: [cas-user] Re: CAS 5.2 Password Variable

Note that Jasypt is just a wrapper around Java's symmetric encryption algorithms. Yeah, you've encrypted the passwords in the cas.properties file, but the Jasypt key to decrypt them has to exist in plaintext in the startup script (systemd service file, /etc/init.d script, etc.) for the server

Re: [cas-user] Re: CAS 5.2 Password Variable

How do you get to password 2018-02-28 18:34 GMT-03:00 Kevin Liu : > I guess the easiest would be physical access. There are other various > intrusion methods too. > > On Wednesday, February 28, 2018 at 3:29:40 PM UTC-6, Manfredo Hopp wrote: >> >> How should the server be

Re: [cas-user] Re: CAS 5.2 Password Variable

I guess the easiest would be physical access. There are other various intrusion methods too. On Wednesday, February 28, 2018 at 3:29:40 PM UTC-6, Manfredo Hopp wrote: > > How should the server be compromised. > > 2018-02-28 18:12 GMT-03:00 Kevin Liu : > >> Should the server

Re: [cas-user] Re: CAS 5.2 Password Variable

How should the server be compromised. 2018-02-28 18:12 GMT-03:00 Kevin Liu : > Should the server be compromised, attackers can grab AD credentials and > then verify all accounts with compromised credentials. > > My solution to this is to not have clear text (seems genius

Re: [cas-user] Re: CAS 5.2 Password Variable

Should the server be compromised, attackers can grab AD credentials and then verify all accounts with compromised credentials. My solution to this is to not have clear text (seems genius right? ;) ). According to one of CAS's blogs,

Re: [cas-user] Re: CAS 5.2 Password Variable

What would be the problem to have it cleartext in server. 2018-02-28 17:02 GMT-03:00 Kevin Liu : > I'd like to do this because this ways, I won't have bindCredentials in > cleartext. > > On Tuesday, February 27, 2018 at 11:29:22 AM UTC-6, Kevin Liu wrote: >> >> Does anyone

Re: [cas-user] SAML and Jenzabar JICS

read point 2 of previously attached flow. 2018-02-28 14:06 GMT-03:00 Tim Tyler : > Should both the IdP and SP need each other’s SAML metadata content? I ask > because I am suspicious that the Jenzabar JICS side has no configuration > pointing to the CAS metadata.xml content.

Re: [cas-user] Inspektr

yes 2018-02-28 17:02 GMT-03:00 Cheltenham, Chris : > Does anyone use inspektr ? > > > > I simply changed error to info this entry in log4j2 > > > > includeLocation="true"> > > > > > > > > > > From what I read this is supposed to log into

[cas-user] Re: CAS 5.2 Password Variable

I'd like to do this because this ways, I won't have bindCredentials in cleartext. On Tuesday, February 27, 2018 at 11:29:22 AM UTC-6, Kevin Liu wrote: > > Does anyone know how to reference the login page password in > cas.properties? I know for username, you use %s but what about the password?

[cas-user] Inspektr

Does anyone use inspektr ? I simply changed error to info this entry in log4j2 >From what I read this is supposed to log into cas_audit.log. Is that all that I am to do? === Thank You; Chris Cheltenham Technology

Re: [cas-user] Verifying data in Hazelcast

Jono, Try this log4j2 item, Ray On Wed, 2018-02-28 at 09:44 -0800, Jono wrote: I have done that. The log shows when I authenticate. And it shows stuff about hazelcast's heartbeat. But it does not say anything about how the key is store or where I can find it. Should I see

Re: [cas-user] Customizing webflows

Yashwanth, This log line will show details about the webflow configuration on server start: Ray On Wed, 2018-02-28 at 02:18 -0800, yashwanth chowdary wrote: I want to use pswdreset-webflow in my cas5 overlay.I have added the dependencies and I have customized the login-webflow so

[cas-user] HA Diagram

I'm having trouble understanding caching ticket registries. This chart in particular: https://apereo.github.io/cas/5.2.x/planning/High-Availability-Guide.html#recommended-architecture shouldnt cas-2 be pointing at a cache? is the diagram incorrect? -- - Website: https://apereo.github.io/cas -

Re: [cas-user] Verifying data in Hazelcast

I have done that. The log shows when I authenticate. And it shows stuff about hazelcast's heartbeat. But it does not say anything about how the key is store or where I can find it. Should I see something particular? On Wed, Feb 28, 2018 at 9:15 AM, Ray Bon wrote: > Jono, > > Try

Re: [cas-user] Dashboard Issue with Waterfox

Chris, Does this problem exist if you open a private window? Ray On Wed, 2018-02-28 at 11:23 -0500, Cheltenham, Chris wrote: Hello Everyone. Has anyone seen this problem. I was finally able to set up the dashboard with some help. However I found a strange anomaly. Using Waterfox, the 64

Re: [cas-user] What configuration for ticket 5.2 ?

Romain, You still need cas.tgc.maxAge=-1. No sure what the default is (may be a couple weeks) but setting a cookie maxAge to less than 0 will cause the cookie to be discarded by the browser when it closes. It will stay active in the browser as long as the browser is open, the lifetime of the

RE: [cas-user] SAML and Jenzabar JICS

Should both the IdP and SP need each other’s SAML metadata content? I ask because I am suspicious that the Jenzabar JICS side has no configuration pointing to the CAS metadata.xml content. They point to the CAS login, but I don’t think they have a configuration pointing to the CAS metadata. I

[cas-user] Dashboard Issue with Waterfox

Hello Everyone. Has anyone seen this problem. I was finally able to set up the dashboard with some help. However I found a strange anomaly. Using Waterfox, the 64 bit firefox I get a 500 internal error. ANY OTHER browser I used it works just fine. Yes I dumped the cache

[cas-user] SAML and Jenzabar JICS

CAS Experts, Looking for any hints I can get. We are running CAS 5.2 on REdhat 7. I am trying to get SAML to work with our Jenzabar JICS portal. Trying to Configure CAS as the Identity Manager and Jenzabar as the Identity Provider. When one goes to our Jenzabar url to login, they simply

Re: [cas-user] What configuration for ticket 5.2 ?

[image: Imágenes integradas 1] its expires 2018-02-28 11:05 GMT-03:00 vallee.romain : > i don't find maxage into the cookie > > Le mercredi 28 février 2018 14:56:24 UTC+1, Manfredo Hopp a écrit : >> >> Cookies hace maxage inside what says yours >> >> El miércoles, 28 de

[cas-user] Re: CAS 5.2 LDAP Quert and Output

Thank Ray! Unfortunately, I realized searching by OU for a user won't work. This is because of a couple of things. I originally thought OUs were groups and have since discovered they are not. I want to authenticate using sAMAccountName and when you search by groups, none of the memberss have

Re: [cas-user] What configuration for ticket 5.2 ?

i don't find maxage into the cookie Le mercredi 28 février 2018 14:56:24 UTC+1, Manfredo Hopp a écrit : > > Cookies hace maxage inside what says yours > > El miércoles, 28 de febrero de 2018, vallee.romain > escribió: > >> Without check rememberme. >> >> the tgc cookie is

Re: [cas-user] What configuration for ticket 5.2 ?

Cookies hace maxage inside what says yours El miércoles, 28 de febrero de 2018, vallee.romain escribió: > Without check rememberme. > > the tgc cookie is present . > > >

Re: [cas-user] What configuration for ticket 5.2 ?

Without check rememberme. the tgc cookie is present . And for cas.ticket.tgt.rememberMe.timeToKillInSeconds=135 I don't find documentation on tgt , tgc ...

Re: [cas-user] Customizing webflows

Hi, You don't need to explicitly add the configuration class in your spring.factories file. Adding the dependency is enough (there is already a spring.factories file inside it). Thanks. Best regards, Jérôme On Wed, Feb 28, 2018 at 11:18 AM, yashwanth chowdary <

Re: [cas-user] only delegated (pac4j SAML) authentication and no button click

Hi, You need to use the following property : # cas.authn.pac4j.autoRedirect=false Thanks. Best regards, Jérôme On Tue, Feb 27, 2018 at 8:35 PM, Scott Koranda wrote: > Hello, > > I am running CAS 5.2.2. > > I have successfully configured CAS to use pac4j for delegated >

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

Try with https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize ? client_name=XXX& client_id=OAuthApp& redirect_uri=http://www.example.com/sp; response_type=code as serviceId El miércoles, 28 de febrero de 2018, Andy Ng

Re: [cas-user] Cas 5.2 OpenLDap notworking: authentication failure and sucess

Log says - escribió: > I config Cas 5.2 Authen user login by OpenLDap, but not working > My cas.properties: > cas.authn.accept.users= > cas.authn.ldap[0].type=AUTHENTICATED > cas.authn.ldap[0].ldapUrl=ldap://localhost:389 > cas.authn.ldap[0].useSsl=false >

Re: [cas-user] What configuration for ticket 5.2 ?

Check maxage within cookie El miércoles, 28 de febrero de 2018, vallee.romain escribió: > Thank you all for your response. > I'm surprised the TGC stays after the browser closes. > > For me, if we didn't check "Remember Me", we had authentication per > session and not a

Re: [cas-user] CAS 5.2.2 logs showing authentication failure and sucess

See https://groups.google.com/a/apereo.org/d/msgid/cas-user/56A68D83-B246-4917-9274-A1BE860FC5AA%40gmail.com?utm_medium=email_source=footer El miércoles, 28 de febrero de 2018, Michael MacEachran < mmaceach...@gmail.com> escribió: > I am trying to add my own custom authentication handler that

[cas-user] Customizing webflows

I want to use pswdreset-webflow in my cas5 overlay.I have added the dependencies and I have customized the login-webflow so that on click of changepassword button it show us the view that is configured in pswdreset webflow. I have added the the class

Re: [cas-user] What configuration for ticket 5.2 ?

Thank you all for your response. I'm surprised the TGC stays after the browser closes. For me, if we didn't check "Remember Me", we had authentication per session and not a cookie. cas.tgc.name=TGC #cas.tgc.secure=false #cas.tgc.rememberMeMaxAge=135

[cas-user] Cas 5.2 OpenLDap notworking: authentication failure and sucess

I config Cas 5.2 Authen user login by OpenLDap, but not working My cas.properties: cas.authn.accept.users= cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://localhost:389 cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].baseDn=ou=Users,dc=xx-cas,dc=com