Re: [cas-user] Which CAS 5.x release are people running successfully in prod?

[Paul]

Hi Duanne,

Have you had any success with this?  I am in the same boat with respect to 
any version of CAS > 5.0.5 breaks proxy tickets.  Unfortunately 5.0.5 is 
not production ready and requires constant restarts due to memory leaks.  
We can also crash it fairly quickly doing load tests with service tickets 
only with over 8 GB of heap.

I'm looking at reverting to a stable version of CAS like 4.2.X unless I can 
solve the proxy ticket issue.  5.2.3 seems stable related to service 
tickets; except proxy configuration is not working as documented.  

So far what we found is this is always throws a null pointer; and sure 
enough in the cas code it isn't initialized; which leads me to believe 
there is some configuration missing that is supposed to do you a favor.


2018-03-21 13:34:06,537 ERROR 
[org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]]
 
- 

java.lang.NullPointerException

at 
org.apereo.cas.web.ProxyController.getTargetService(ProxyController.java:102) 
~[cas-server-support-validation-5.0.10.jar!/:5.0.10]

at 
org.apereo.cas.web.ProxyController.handleRequestInternal(ProxyController.java:78)
 
~[cas-server-support-validation-5.0.10.jar!/:5.0.10]

thanks in advance.



On Thursday, November 16, 2017 at 4:05:52 PM UTC-8, Duane Booher wrote:
>
> First off, we are running CAS 5.0.5 because that is the latest 5.0.x 
> version that we get cas/poxy to work.
>
> The problems we've encountered - First, when zero days are left on the 
> LDAP password expiration policy, then a CREDENTIAL_NOT_FOUND occurs 
> instead of the PASSWORD_EXPIRED. Another error is that we encountered a 
> heap out of memory error and we are running at 6G heap. Another error is 
> that SSO session persistence across multiple app tabs on same browser was 
> not lasting longer than 30 minutes.
>
> There are additional circumstances for all the above, but bottom line is 
> that all of these issues work as expected on CAS 4.0.3.
>
> We are starting to configure a CAS 5.2 system to evaluate the above 
> functionality.
>
> Duane 
>
> On Thursday, November 16, 2017 at 3:50:03 PM UTC-7, rbon wrote:
>>
>> Duane,
>>
>> Can you itemize what is not working in your production environment?
>>
>> Ray
>>
>> On Thu, 2017-11-16 at 08:21 -0800, Duane Booher wrote:
>>
>> Hi, we have been trying to upgrade to CAS 5.x in our production 
>> environment. We run successfully in our CAS-Test, but in our prod 
>> environment we encounter various issues forcing us to revert back to CAS 4. 
>>
>> What CAS 5.x releases are people successfully running in production?
>>
>> Duane Booher
>>
>> -- 
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | rb...@uvic.ca
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f2ba523a-a1f9-482c-9304-84ae1148cc5d%40apereo.org.

Re: [cas-user] CAS 5.2 delegate authentication to custom CAS 3

[Man H]

see
https://apereo.github.io/cas/5.2.x/installation/Trusted-Authentication.html

2018-03-22 17:52 GMT-03:00 Diego Henrique Pagani :

> Hello,
>
> I have a problem guys:
> We have an legacy CAS3, witch has some customizations inside the source
> code and some application that *only authenticate* with this specific CAS
> (Let's call it app1).
> Recently, I configured a new CAS5,  some applications (Let's call app2)
> usign Oauth2 protocol to communicate with CAS5 and everything is working
> fine, until now.
>
> We need a SSO session between app1 and app2, but app1 only uses CAS3 and
> app2 only uses CAS5. So, I have configured CAS5 to delegate authentication
> to CAS3,
> witch is working but I have to click on the login screen to redirect to
> CAS3. Is it possible to redirect to cas 3 directly?
>
>
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6865a0ec-5190-4eca-beb3-
> 929d3ab4f9fd%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifnk8%2B2m%2Bt_subG_XXGj_rddzRzdwNkQAzcx7C-9SPjHg%40mail.gmail.com.

[cas-user] FYI Had to modify column size for Trusted Device

[Tim Tyler]

CAS Community.

  We setup 2FA with Trusted Device on MariaDB on Redhat 7.   In order to
get Trusted Device working, we had to modify the column size of recordKey
column as it was too small.  It was set to 500.  We set it to 8k, but we
are not sure what the optimal size would be.  It is fine at 8k. Probably be
fine at 4k, maybe smaller.  It seems like it might be a good idea to fix
this in the distribution.  Small fix that might save others some hassle if
they are using Mariadb or perhaps some other databases.





Tim Tyler

Network Engineer

Beloit College

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/614ecba0a3de847b4f542bcb28067aab%40mail.gmail.com.

[cas-user] pac4j SAML2Client and principal

[Scott Koranda]

Hi,

I am using CAS 5.1.3 (though I might be able to upgrade to 5.2.3,
depending on the issue of which binding is being used for the
, as detailed in an earlier note to this list).

I am delegating authentication to a SAML2 IdP using pac4j.

After a successful authentication I see in cas.log

2018-03-22 14:44:46,372 DEBUG [org.pac4j.saml.client.SAML2Client] -


Those are the values for NameID (transient) and attributes that I
expect.

The next line in cas.log is

2018-03-22 14:44:46,402 INFO
[org.apereo.cas.authentication.AbstractAuthenticationManager] -


So it appears that the NameID value (transient) is being used as the
principal, but none of the attributes are making it from the pac4j layer
into the CAS layer.

Is that a correct assessment?

If so, how can I

a) change what value is used for the principal? I would like to use the
value from one of the asserted attributes.

b) push the attributes into the CAS layer to make them available for
assertion downstream to the CAS client?

I have reviewed the documentation for the Delegated/pac4j authentication at

https://apereo.github.io/cas/5.1.x/integration/Delegate-Authentication.html

and that for Attribute Resolution at

https://apereo.github.io/cas/5.1.x/integration/Attribute-Resolution.html

but I am not able to find a configuration option that appears to tell
pac4j to push the attributes into the Authentication object.

Thank you for your consideration.

Scott K


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180322152546.o52kuzuh6u227e5s%40paprika.local.

Re: [cas-user] Couchbase Ticket Registry Connection Error

[Scott Green]

Michael,

Here are the relevant CAS Properties according to the documentation

# cas.ticket.registry.couchbase.timeout=10
# cas.ticket.registry.couchbase.nodeSet=localhost:8091
# cas.ticket.registry.couchbase.password=
# cas.ticket.registry.couchbase.queryEnabled=true
# cas.ticket.registry.couchbase.bucket=default# 
cas.ticket.registry.couchbase.crypto.signing.key=
# cas.ticket.registry.couchbase.crypto.signing.keySize=512
# cas.ticket.registry.couchbase.crypto.encryption.key=
# cas.ticket.registry.couchbase.crypto.encryption.keySize=16
# cas.ticket.registry.couchbase.crypto.alg=AES
# cas.ticket.registry.couchbase.crypto.enabled=false



There is no setting for username in that field.  Couchbase itself is 
configured to use the bucket settings which simply list a password, not a 
username.  I'm guessing that the URI is incorrect in some way, but I have 
not been able to determine why.

Thank you

Scott

On Wednesday, March 21, 2018 at 6:37:59 AM UTC-7, Michael Peterson wrote:
>
> In your config settings I did not see a setting for username. I am not 
> familiar with couchbase but it seems to me a username should also be set in 
> the cas properties.
>
> On Tue, Mar 20, 2018 at 4:47 PM, Scott Green  > wrote:
>
>> I am trying to setup an HA environment and use Couchbase as the ticket 
>> registry, but I am getting authentication errors when deploying the .war 
>> files.
>>
>> Settings from cas.properties
>>
>> cas.ticket.registry.couchbase.timeout:10
>> cas.ticket.registry.couchbase.nodeSet:localhost
>> cas.ticket.registry.couchbase.password=test1234
>> cas.ticket.registry.couchbase.queryEnabled=true
>> cas.ticket.registry.couchbase.bucket=cas
>>
>> I have tried the nodeSet as both localhost:8091 and localhost without the 
>> :port
>>
>> Here are the entries from the cas.log 
>>
>> 2018-03-20 14:40:44,602 DEBUG 
>> [com.couchbase.client.core.endpoint.Endpoint] - > connectCallbackGracePeriod of 2000 on Endpoint 127.0.0.1:8091>
>> 2018-03-20 14:40:44,647 DEBUG 
>> [com.couchbase.client.core.endpoint.Endpoint] - 
>> <[/127.0.0.1:8091][ConfigEndpoint]: Connected Endpoint.>
>> 2018-03-20 14:40:44,687 DEBUG 
>> [com.couchbase.client.core.endpoint.AbstractGenericHandler] - 
>> <[/127.0.0.1:8091][ConfigEndpoint]: Channel Active.>
>> 2018-03-20 14:40:44,695 DEBUG 
>> [com.couchbase.client.core.endpoint.kv.KeyValueFeatureHandler] - 
>> 
>> 2018-03-20 14:40:44,700 DEBUG 
>> [com.couchbase.client.core.endpoint.kv.KeyValueFeatureHandler] - 
>> 
>> 2018-03-20 14:40:44,705 WARN 
>> [com.couchbase.client.core.endpoint.Endpoint] - <[null][KeyValueEndpoint]: 
>> Authentication Failure.>
>> 2018-03-20 14:40:44,705 WARN 
>> [com.couchbase.client.core.endpoint.Endpoint] - 
>> com.couchbase.client.core.endpoint.kv.AuthenticationException: 
>> Authentication Failure
>> at 
>> com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.checkIsAuthed(KeyValueAuthHandler.java:288)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.channelRead0(KeyValueAuthHandler.java:173)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.channelRead0(KeyValueAuthHandler.java:52)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:438)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> com.couchbase.client.deps.io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:312)
>>  
>> ~[core-io-1.5.1.jar:?]
>> at 
>> 

Re: [cas-user] Couchbase Ticket Registry Connection Error

[Scott Green]

Michael,

Here are the relevant CAS Properties according to the documentation

# cas.ticket.registry.couchbase.timeout=10
# cas.ticket.registry.couchbase.nodeSet=localhost:8091
# cas.ticket.registry.couchbase.password=
# cas.ticket.registry.couchbase.queryEnabled=true
# cas.ticket.registry.couchbase.bucket=default#
cas.ticket.registry.couchbase.crypto.signing.key=
# cas.ticket.registry.couchbase.crypto.signing.keySize=512
# cas.ticket.registry.couchbase.crypto.encryption.key=
# cas.ticket.registry.couchbase.crypto.encryption.keySize=16
# cas.ticket.registry.couchbase.crypto.alg=AES
# cas.ticket.registry.couchbase.crypto.enabled=false



There is no setting for username in that field.  Couchbase itself is
configured to use the bucket settings which simply list a password, not a
username.  I'm guessing that the URI is incorrect in some way, but I have
not been able to determine why.

Thank you

Scott

On Wed, Mar 21, 2018 at 6:37 AM, Michael Peterson 
wrote:

> In your config settings I did not see a setting for username. I am not
> familiar with couchbase but it seems to me a username should also be set in
> the cas properties.
>
> On Tue, Mar 20, 2018 at 4:47 PM, Scott Green 
> wrote:
>
>> I am trying to setup an HA environment and use Couchbase as the ticket
>> registry, but I am getting authentication errors when deploying the .war
>> files.
>>
>> Settings from cas.properties
>>
>> cas.ticket.registry.couchbase.timeout:10
>> cas.ticket.registry.couchbase.nodeSet:localhost
>> cas.ticket.registry.couchbase.password=test1234
>> cas.ticket.registry.couchbase.queryEnabled=true
>> cas.ticket.registry.couchbase.bucket=cas
>>
>> I have tried the nodeSet as both localhost:8091 and localhost without the
>> :port
>>
>> Here are the entries from the cas.log
>>
>> 2018-03-20 14:40:44,602 DEBUG [com.couchbase.client.core.endpoint.Endpoint]
>> - 
>> 2018-03-20 14:40:44,647 DEBUG [com.couchbase.client.core.endpoint.Endpoint]
>> - <[/127.0.0.1:8091][ConfigEndpoint]: Connected Endpoint.>
>> 2018-03-20 14:40:44,687 DEBUG 
>> [com.couchbase.client.core.endpoint.AbstractGenericHandler]
>> - <[/127.0.0.1:8091][ConfigEndpoint]: Channel Active.>
>> 2018-03-20 14:40:44,695 DEBUG [com.couchbase.client.core.end
>> point.kv.KeyValueFeatureHandler] - > [TCPNODELAY, XATTR, SELECT_BUCKET, XERROR]>
>> 2018-03-20 14:40:44,700 DEBUG [com.couchbase.client.core.end
>> point.kv.KeyValueFeatureHandler] - > [TCPNODELAY]>
>> 2018-03-20 14:40:44,705 WARN [com.couchbase.client.core.endpoint.Endpoint]
>> - <[null][KeyValueEndpoint]: Authentication Failure.>
>> 2018-03-20 14:40:44,705 WARN [com.couchbase.client.core.endpoint.Endpoint]
>> - 
>> com.couchbase.client.core.endpoint.kv.AuthenticationException:
>> Authentication Failure
>> at com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.ch
>> eckIsAuthed(KeyValueAuthHandler.java:288) ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.ch
>> annelRead0(KeyValueAuthHandler.java:173) ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.ch
>> annelRead0(KeyValueAuthHandler.java:52) ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.SimpleChannelInbo
>> undHandler.channelRead(SimpleChannelInboundHandler.java:105)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.AbstractChannelHa
>> ndlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.AbstractChannelHa
>> ndlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.AbstractChannelHa
>> ndlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.handler.codec.MessageToMe
>> ssageDecoder.channelRead(MessageToMessageDecoder.java:102)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.AbstractChannelHa
>> ndlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.AbstractChannelHa
>> ndlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.AbstractChannelHa
>> ndlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.channel.CombinedChannelDu
>> plexHandler$DelegatingChannelHandlerContext.fireChannelRead(
>> CombinedChannelDuplexHandler.java:438) ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.handler.codec.ByteToMessa
>> geDecoder.fireChannelRead(ByteToMessageDecoder.java:312)
>> ~[core-io-1.5.1.jar:?]
>> at com.couchbase.client.deps.io.netty.handler.codec.ByteToMessa
>> geDecoder.channelRead(ByteToMessageDecoder.java:286)
>> ~[core-io-1.5.1.jar:?]
>> 

[cas-user] Delegated SAML 2.0 IDP integration - no support for HTTP-Post Binding

[Filip Majernik]

I have integrated an external SAML 2.0 Identity Provider into my CAS 5.1.0 
Server. Everything works fine if the IdP supports HTTP-Redirect binding for 
the SingleSignOnService. However, if the IdP supports only HTTP-Post 
Binding, the configuration of the SAML2 Client will fail with the exception:

Identity provider has no single sign on service available for the selected 
profileorg.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorImpl


The reason for this is the 
Pac4jAuthenticationEventExecutionPlanConfiguration.configureSamlClient() 
where the destination binding type in the configuration object is hardcoded 
as (although the default member variable in the SAML2ClientConfiguration 
holding 
the binding type is set to SAMLConstants.SAML2_POST_BINDING_URI):

cfg.setDestinationBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI);

I have two questions about this:
1.) What is the reason of limiting the destination binding type to 
HTTP-Redirect when pac4j obviously supports both the HTTP-Post and the 
HTTP-Redirect?
2.) Is there any way to circumvent this?

Thank you very much,
Filip

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ace5c7-3c32-4977-9e5e-c669ff995224%40apereo.org.

[cas-user] CAS 5.2.2 how can I setting custom login page?

[ChangWon Son]

Hi.

build cas server using cas-overlay-template project
I can't find any document about custom login page setting.

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#views
or
https://apereo.github.io/cas/5.2.x/installation/User-Interface-Customization.html

display only default cas login theme


https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/k-yfoou7Zy0
same setting above article 

custom casLoginView.html created and put in 
cas-gradle-overlay-template/src/main/resources/templates directory

cas.properties 

cas.theme.paramName=theme
cas.theme.defaultThemeName=

and..

cas-gradle-overlay-template/src/main/resources/service/-1001.json
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https://.*;,
  "name" : "",
  "theme": "",
  "id" : 1001,
  "evaluationOrder" : 10,
  "attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}



but only display default theme login page..

how can I setting custom login page? 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa93aa61-cb1c-467e-80a7-f1639ef5459f%40apereo.org.