[cas-user] does CAS 5.2.0 SAML Logout support propagation of logout requests to other session participants?

[Elena]

Hello,

I read your SAML Docs and found link 
https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html#_single_logout_2
.

It define SAML Single Logout like this. 

4.3. Single Logout
[IIP-IDP17]

Identity Providers MUST It is OPTIONAL to support propagation of logout 
requests to other session participants.

I wonder that CAS provide OPTIONAL function (highlighted red color) of SAML 
Single logout.

Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/650fbf2f-3b98-4dd0-b439-92237f74e0e0%40apereo.org.

Re: [cas-user] SAML Public Key for Metadata

[David Curry]

Sorry, I don't. We don't use ADFS, so have no need for it.


David A. Curry,  CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York, NY 10003
+1 212 229-5300 x4728 ~ david.cu...@newschool.edu
Sent from my phone; please excuse typos and inane auto-corrections.


On Thu, May 10, 2018, 17:15 Alin Tomoiaga  wrote:

> David, thank you for the great information you have on New School. Do you
> by any chance have a similar tutorial on setting up CAS as an ADFS idp as
> described here:
> https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html ?
> (sorry for posting on this thread)
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d9791bfb-e4ce-4f91-bd11-270ccfd315cc%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAO53bzcxUND4r2Kyq0fnEgffsZnoXfbvx4i1AuZgexgWA%40mail.gmail.com.

Re: [cas-user] SAML Public Key for Metadata

[Alin Tomoiaga]

David, thank you for the great information you have on New School. Do you 
by any chance have a similar tutorial on setting up CAS as an ADFS idp as 
described here: 
https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html ? 
(sorry for posting on this thread)

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d9791bfb-e4ce-4f91-bd11-270ccfd315cc%40apereo.org.

Re: [cas-user] SAML Public Key for Metadata

[David Curry]

Assuming you mean for CAS to be your IdP...

When you start CAS for the first time with the SAML IdP enabled, it will
generate keys and store them in /etc/cas/saml for you. You need to copy
them from there back to a safe location so that they get re-deployed
whenever you update the server.

See, for example, here:
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_saml_install-and-test-the-idp.html

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, May 10, 2018 at 2:05 PM, John D Giotta  wrote:

> For a IdP metadata file, what should the KeyDescriptor be? Is it the
> public key of the web server?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/a66f9075-e1ba-4181-9f29-
> d3f4c185b654%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMKQLrUT93-zTG6gy%2BTtzuv695Q7YBcGFrrumhu0Ne8NA%40mail.gmail.com.

[cas-user] SAML Public Key for Metadata

[John D Giotta]

For a IdP metadata file, what should the KeyDescriptor be? Is it the public 
key of the web server?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a66f9075-e1ba-4181-9f29-d3f4c185b654%40apereo.org.

[cas-user] Extending Ldap Authentication with new properties

[Christian Poirier]

Hi

I am developing a new way to let our developer team authenticate with our 
production usernames but with a generic password in a development 
environment. This authentication handler will check if the IP address 
corresponds to those allowed from a property value and the service 
definition will authorize the use of this authentication handler.

@Configuration("ldapAuthenticationConfiguration")
@EnableConfigurationProperties(CasConfigurationProperties.class)
@Slf4j
public class LdapdevAuthenticationConfiguration extends 
LdapAuthenticationConfiguration {

// Added properties
}



As I am a newbie on Java development with Spring, if I extends the 
LdapAuthenticationHandler to LdapdevAuthenticationHandler and use new 
properties implemented by extending also LdapAuthenticationConfiguration to 
LdapdevAuthenticationConfiguration. With the previous code what I have to 
do?

   - Change the
   @Configuration("ldapAuthenticationConfiguration")
   
   by
   @Configuration("ldapdevAuthenticationConfiguration")
   
   - Add the ldapdev section in the configuration model or use the current 
   ldap section?

Thanks in advance


Christian Poirier

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4357f1d8-56b1-40ad-b4f4-f0a5bac38eb1%40apereo.org.

Re: [cas-user] error in catalina.out Address already in use

[David Curry]

I _think_ that's caused by a missing or too-low-version library -- either
the Tomcat Native Library, or the Apache Portable Runtime, or OpenSSL would
be my guess.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, May 10, 2018 at 1:02 PM, Jennifer LaVoie 
wrote:

> Hello Everyone
>
> I am having an issue with configuring tomcat/apache/java
>
> After a fresh reboot, I run
>
>  netstat -anop |grep java
>
> and nothing is returned.
>
> I then run /opt/apache/bin/ ./startup.sh and run netstat again and get
>
> tcp0  0 0.0.0.0:443 0.0.0.0:*
>  LISTEN  1799/javaoff (0.00/0/0)
> unix  2  [ ] STREAM CONNECTED 308791799/java
>
>
> I cannot connect via the URL in web browser.
>
> Then I tail -100 /opt/apache/logs/catalina.out
>
> I see this error
>
> 10-May-2018 12:49:26.918 WARNING [main] 
> org.apache.tomcat.util.net.SSLHostConfig.setConfigType
> The property [disableSessionTickets] was set on the SSLHostConfig named
> [_default_] and is for the [OPENSSL] configuration syntax but the
> SSLHostConfig is being used with the [EITHER] configuration syntax
> 10-May-2018 12:49:26.923 SEVERE [main] org.apache.catalina.util.
> LifecycleBase.handleSubClassException Failed to initialize component
> [Connector[HTTP/1.1-443]]
>  java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.Pool.create(J)J
> at org.apache.tomcat.jni.Pool.create(Native Method)
> at org.apache.tomcat.util.net.openssl.OpenSSLEngine.
> (OpenSSLEngine.java:70)
> at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getImplementedProtocols(
> OpenSSLUtil.java:61)
> at org.apache.tomcat.util.net.SSLUtilBase.(SSLUtilBase.java:53)
> at org.apache.tomcat.util.net.openssl.OpenSSLUtil.(
> OpenSSLUtil.java:41)
> at org.apache.tomcat.util.net.openssl.OpenSSLImplementation.getSSLUtil(
> OpenSSLImplementation.java:36)
> at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(
> AbstractJsseEndpoint.java:102)
> at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(
> AbstractJsseEndpoint.java:85)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216)
> at org.apache.tomcat.util.net.AbstractEndpoint.init(
> AbstractEndpoint.java:1043)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540)
> at org.apache.coyote.http11.AbstractHttp11Protocol.init(
> AbstractHttp11Protocol.java:74)
> at org.apache.catalina.connector.Connector.initInternal(
> Connector.java:932)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.core.StandardService.initInternal(
> StandardService.java:530)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.core.StandardServer.initInternal(
> StandardServer.java:852)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:656)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
>
>
> I am not sure how to troubleshoot next...
>
> any insight would be helpful.
>
> Here is my connector
>
>  sslImplementationName="org.apache.tomcat.util.net.
> openssl.OpenSSLImplementation"
> SSLEnabled="true" connectionTimeout="2" maxThreads="150">
>  ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-
> POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-
> GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
> GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-
> SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-
> SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-
> RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-
> AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:
> ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-
> RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:
> AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
> honorCipherOrder="true" protocols="all,-SSLv2Hello,-SSLv2,-SSLv3"
> disableSessionTickets="true">
>  certificateKeystoreFile="/etc/pki/tls/keystore.jks"
> certificateKeystorePassword="x"
> type="RSA" />
> 
> 
>   
>
> (keystore password  out)
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: 

[cas-user] Re: error in catalina.out Address already in use

[Jennifer LaVoie]

Wrong Error in subject...  should be UnsatisfiedLinkError: 
org.apache.tomcat.jni.Pool.create(J)J

On Thursday, May 10, 2018 at 1:02:07 PM UTC-4, Jennifer LaVoie wrote:
>
> Hello Everyone
>
> I am having an issue with configuring tomcat/apache/java
>
> After a fresh reboot, I run 
>
>  netstat -anop |grep java
>
> and nothing is returned.  
>
> I then run /opt/apache/bin/ ./startup.sh and run netstat again and get
>
> tcp0  0 0.0.0.0:443 0.0.0.0:*  
>  LISTEN  1799/javaoff (0.00/0/0)
> unix  2  [ ] STREAM CONNECTED 308791799/java  
>   
>
> I cannot connect via the URL in web browser.
>
> Then I tail -100 /opt/apache/logs/catalina.out
>
> I see this error
>
> 10-May-2018 12:49:26.918 WARNING [main] 
> org.apache.tomcat.util.net.SSLHostConfig.setConfigType The property 
> [disableSessionTickets] was set on the SSLHostConfig named [_default_] and 
> is for the [OPENSSL] configuration syntax but the SSLHostConfig is being 
> used with the [EITHER] configuration syntax
> 10-May-2018 12:49:26.923 SEVERE [main] 
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
> initialize component [Connector[HTTP/1.1-443]]
>  java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.Pool.create(J)J
> at org.apache.tomcat.jni.Pool.create(Native Method)
> at 
> org.apache.tomcat.util.net.openssl.OpenSSLEngine.(OpenSSLEngine.java:70)
> at 
> org.apache.tomcat.util.net.openssl.OpenSSLUtil.getImplementedProtocols(OpenSSLUtil.java:61)
> at org.apache.tomcat.util.net.SSLUtilBase.(SSLUtilBase.java:53)
> at 
> org.apache.tomcat.util.net.openssl.OpenSSLUtil.(OpenSSLUtil.java:41)
> at 
> org.apache.tomcat.util.net.openssl.OpenSSLImplementation.getSSLUtil(OpenSSLImplementation.java:36)
> at 
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102)
> at 
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216)
> at 
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1043)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540)
> at 
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:932)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at 
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:530)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at 
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:852)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:656)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
>
>
> I am not sure how to troubleshoot next...
>
> any insight would be helpful.
>
> Here is my connector
>
>  
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> SSLEnabled="true" connectionTimeout="2" maxThreads="150">
>  
> ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
> honorCipherOrder="true" protocols="all,-SSLv2Hello,-SSLv2,-SSLv3"
> disableSessionTickets="true">
>  certificateKeystoreFile="/etc/pki/tls/keystore.jks"
> certificateKeystorePassword="x"
> type="RSA" />
> 
> 
>   
>
> (keystore password  out)
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 

[cas-user] error in catalina.out Address already in use

[Jennifer LaVoie]

Hello Everyone

I am having an issue with configuring tomcat/apache/java

After a fresh reboot, I run 

 netstat -anop |grep java

and nothing is returned.  

I then run /opt/apache/bin/ ./startup.sh and run netstat again and get

tcp0  0 0.0.0.0:443 0.0.0.0:*   LISTEN  
1799/javaoff (0.00/0/0)
unix  2  [ ] STREAM CONNECTED 308791799/java

I cannot connect via the URL in web browser.

Then I tail -100 /opt/apache/logs/catalina.out

I see this error

10-May-2018 12:49:26.918 WARNING [main] 
org.apache.tomcat.util.net.SSLHostConfig.setConfigType The property 
[disableSessionTickets] was set on the SSLHostConfig named [_default_] and 
is for the [OPENSSL] configuration syntax but the SSLHostConfig is being 
used with the [EITHER] configuration syntax
10-May-2018 12:49:26.923 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component [Connector[HTTP/1.1-443]]
 java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.Pool.create(J)J
at org.apache.tomcat.jni.Pool.create(Native Method)
at 
org.apache.tomcat.util.net.openssl.OpenSSLEngine.(OpenSSLEngine.java:70)
at 
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getImplementedProtocols(OpenSSLUtil.java:61)
at org.apache.tomcat.util.net.SSLUtilBase.(SSLUtilBase.java:53)
at 
org.apache.tomcat.util.net.openssl.OpenSSLUtil.(OpenSSLUtil.java:41)
at 
org.apache.tomcat.util.net.openssl.OpenSSLImplementation.getSSLUtil(OpenSSLImplementation.java:36)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102)
at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216)
at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1043)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540)
at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:932)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:530)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:852)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:656)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)


I am not sure how to troubleshoot next...

any insight would be helpful.

Here is my connector






  
   
(keystore password  out)


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a9786710-f748-4453-b6b1-e34ada3368db%40apereo.org.

Re: [cas-user] ORCID API updated to version 2.0.

[Jérôme LELEU]

Hi,

There are not many requests for the Orcid support, so I count on your
contribution on this.
Thanks.
Best regards,
Jérôme


On Wed, May 9, 2018 at 9:56 AM, Neha Gupta  wrote:

> Hello  Jérôme,
>
> Thanks for the reply but it was me only who proposed these changes.
>
> But it seems that now they have completely stopped supporting the previuos
> versions of Orcid API and thus now they are not working and throwing an
> error. Though same was working before May.So now they are advising to
> upgrade to version 2.0 or 2.1 and below is the link where they have
> mentioned the details for upgrading the same: -
>
> https://members.orcid.org/api/news/xsd-20-update
>
> So just want to know when you are planning to provide full support for
> Orcid provider and it would be great if possible let me the estimated
> release when they can be incorporated.
>
>
> Regards
> Neha Gupta
>
>
> On Monday, May 7, 2018 at 3:30:53 PM UTC+2, leleuj wrote:
>>
>> Hi,
>>
>> This upgrade will be available in pac4j 3.0.0(-RC2). See:
>> https://github.com/pac4j/pac4j/commit/cfb5113300de914b6
>> a6e5a109a87a9d1da576472
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> On Mon, May 7, 2018 at 9:55 AM, Neha Gupta  wrote:
>>
>>> Dear CAS Community,
>>>
>>> ORCID have updated the API version to 2 and as such problem is coming
>>> while authenticating with Orcid credentials. I am attaching a trace for the
>>> same. Request you to please look into the same.
>>>
>>> Error shown in the CAS trace: -
>>>
>>> http://www.orcid.org/ns/orcid;>
>>> 1.2
>>> API Version 1.1 is no longer available. please upgrade
>>> to the 2.0 API https://members.orcid.org/api/news/xsd-20-update
>>> 
>>> 
>>>
>>>
>>> Let me know in case any further information is required.
>>>
>>>
>>> Regards
>>> Neha Gupta
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/defeb581-ade3-4a1f-92e7-e9fa42388b
>>> ec%40apereo.org
>>> 
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/16a820f8-8cd4-4d4a-9df2-
> 8a6facdbd702%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LwGHoTaQko3cFwSD7WVtjv5ONa0xrduFbpA8x01jQVQEw%40mail.gmail.com.

RE: [cas-user] Re: Building cas.war for Tomcat -- is 'etc' also required in Tomcat?

[Mailvaganam, Hari]

Using the OP example path -- do you have it at the follow? And swap out by 
defining at 'cas.properties' with 'cas.standalone.config'?


/opt/tomcat/webapp/etc/cas/cas-server-ndsu
/opt/tomcat/webapp/etc/cas/cas-foobae



From: cas-user@apereo.org [cas-user@apereo.org] on behalf of Richard Frovarp 
[richard.frov...@ndsu.edu]
Sent: Thursday, May 10, 2018 07:25
To: cas-user@apereo.org
Subject: Re: [cas-user] Re: Building cas.war for Tomcat -- is 'etc' also 
required in Tomcat?

You can override the configuration location using bootstrap.properties:

cas.standalone.config=/etc/cas/cas-server-ndsu

I need to be able to run several instances of CAS on the same system for 
different audiences, so I have to relocate it out of the default /etc/cas.

On 05/10/2018 09:17 AM, Matthew Uribe wrote:
Your cas.properties and log4j2.xml files are expected in /etc/cas which will 
have to be readable to the tomcat process.

On Wednesday, May 9, 2018 at 11:20:57 PM UTC-6, josbrodie wrote:
We are rather confused over here w.r.t installing v5.2.4 --- any help will be 
greatly appreciated.

Our goal is to build the cas.war to place in '/opt/tomcat/webapps'.

This is what we have for locations:


- Overlay at: /opt/workspace/cas-overlay-template


- Minimal amount of configuration in (for cas.properties; log4j2.xml): 
/opt/workspace/cas-overlay-template/etc/cas/config (following the configuration 
instructions here: 
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_configure-server-properties.html)



Steps take:


1) Build: /opt/workspace/cas-overlay-template/.build.sh package

2) Copy the WAR to Tomcat:   cp 
/opt/workspace/cas-overlay-template/target/cas.war /opt/tomcat/webapps/


Is the above all we need?


Or should we also copy '/opt/workspace/cas-overlay-template/etc/' to 
/opt/tomcat/webapps/'?



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42c8c664-a74b-4cfa-9ae3-21d5b0b877a4%40apereo.org.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/caed9353-9c11-23ce-06c7-fe827a988b22%40ndsu.edu.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/EC0CBF4FEE159740B93D387CA8E3018601FAF649AB%40S-ITSV-MBX07P.ead.ubc.ca.

Re: [cas-user] Re: Building cas.war for Tomcat -- is 'etc' also required in Tomcat?

[Richard Frovarp]

You can override the configuration location using bootstrap.properties:

cas.standalone.config=/etc/cas/cas-server-ndsu

I need to be able to run several instances of CAS on the same system for 
different audiences, so I have to relocate it out of the default /etc/cas.


On 05/10/2018 09:17 AM, Matthew Uribe wrote:
Your cas.properties and log4j2.xml files are expected in /etc/cas 
which will have to be readable to the tomcat process.


On Wednesday, May 9, 2018 at 11:20:57 PM UTC-6, josbrodie wrote:

We are rather confused over here w.r.t installing v5.2.4 --- any
help will be greatly appreciated.

Our goal is to build the cas.war to place in '/opt/tomcat/webapps'.

This is what we have for locations:

- Overlay at: /opt/workspace/cas-overlay-template


- Minimal amount of configuration in (for cas.properties;
log4j2.xml): /opt/workspace/cas-overlay-template/etc/cas/config
(following the configuration instructions here:

https://dacurry-tns.github.io/deploying-apereo-cas/building_server_configure-server-properties.html

)



Steps take:


1) Build: /opt/workspace/cas-overlay-template/.build.sh package

2) Copy the WAR to Tomcat: cp
/opt/workspace/cas-overlay-template/target/cas.war
/opt/tomcat/webapps/


Is the above all we need?


Or should we also copy '/opt/workspace/cas-overlay-template/etc/'
to /opt/tomcat/webapps/'?



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org 
.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42c8c664-a74b-4cfa-9ae3-21d5b0b877a4%40apereo.org 
.



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/caed9353-9c11-23ce-06c7-fe827a988b22%40ndsu.edu.

[cas-user] Re: Building cas.war for Tomcat -- is 'etc' also required in Tomcat?

[Matthew Uribe]

Your cas.properties and log4j2.xml files are expected in /etc/cas which 
will have to be readable to the tomcat process.

On Wednesday, May 9, 2018 at 11:20:57 PM UTC-6, josbrodie wrote:
>
> We are rather confused over here w.r.t installing v5.2.4 --- any help will 
> be greatly appreciated.
>
> Our goal is to build the cas.war to place in '/opt/tomcat/webapps'.
>
> This is what we have for locations:
>
> - Overlay at: /opt/workspace/cas-overlay-template
>
>
> - Minimal amount of configuration in (for cas.properties; log4j2.xml): 
> /opt/workspace/cas-overlay-template/etc/cas/config 
> (following the configuration instructions here: 
> https://dacurry-tns.github.io/deploying-apereo-cas/building_server_configure-server-properties.html
> )
>
>
>
> Steps take:
>
>
> 1) Build: /opt/workspace/cas-overlay-template/.build.sh package
>
> 2) Copy the WAR to Tomcat:   cp 
> /opt/workspace/cas-overlay-template/target/cas.war /opt/tomcat/webapps/
>
>
> Is the above all we need? 
>
>
> Or should we also copy '/opt/workspace/cas-overlay-template/etc/' to 
> /opt/tomcat/webapps/'?
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42c8c664-a74b-4cfa-9ae3-21d5b0b877a4%40apereo.org.

[cas-user] CAS 5.2.0-RC4: Stuck thread issue

[Naresh kumar kankati]

Hi,

We are seeing stuck thread issue for Timer thread with CAS version 
5.2.0-RC4-SNAPSHOT and tomcat version 8.5.x. 

It is keeps on increasing the count. Because of this seeing issue" unable 
to create new native thread".

 

Can you please help us on fixing this issue? 

 

*FROM THREAD DUMP:*

 

Timer-1510 - threadId:156688 - state:TIMED_WAITING

stackTrace:

at java.util.TimerThread.run(Timer.java:505)

at java.util.TimerThread.mainLoop(Timer.java:552)

at java.lang.Object.wait(Native Method)

 

Timer-1509 - threadId:153888 - state:TIMED_WAITING

stackTrace:

at java.util.TimerThread.run(Timer.java:505)

at java.util.TimerThread.mainLoop(Timer.java:552)

at java.lang.Object.wait(Native Method)

 

Timer-1508 - threadId:153648 - state:TIMED_WAITING

stackTrace:

at java.util.TimerThread.run(Timer.java:505)

at java.util.TimerThread.mainLoop(Timer.java:552)

at java.lang.Object.wait(Native Method)






LOGS:

java.lang.OutOfMemoryError: unable to create new native thread

at java.lang.Thread.start0(Native Method) ~[?:1.8.0_151]

at java.lang.Thread.start(Thread.java:717) ~[?:1.8.0_151]

at java.util.Timer.(Timer.java:176) ~[?:1.8.0_151]

at java.util.Timer.(Timer.java:146) ~[?:1.8.0_151]

at 
org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver.(AbstractReloadingMetadataResolver.java:116)
 
~[opensaml-saml-impl-3.3.0.jar:?]

at 
org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver.(AbstractReloadingMetadataResolver.java:102)
 
~[opensaml-saml-impl-3.3.0.jar:?]

at 
org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver.(ResourceBackedMetadataResolver.java:67)
 
~[opensaml-saml-impl-3.3.0.jar:?]

at 
org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.FileSystemResourceMetadataResolver.resolve(FileSystemResourceMetadataResolver.java:49)
 
~[cas-server-support-saml-idp-5.2.0-RC4-SNAPSHOT.jar:5.2.0-RC4-SNAPSHOT]

at 
org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataResolverCacheLoader.lambda$load$1(SamlRegisteredServiceMetadataResolverCacheLoader.java:62)
 
~[cas-server-support-saml-idp-5.2.0-RC4-SNAPSHOT.jar:5.2.0-RC4-SNAPSHOT]

at 
java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) 
~[?:1.8.0_151]

at 
java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) 
~[?:1.8.0_151]

at java.util.Iterator.forEachRemaining(Iterator.java:116) 
~[?:1.8.0_151]

at 
java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
 
~[?:1.8.0_151]

at 
java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) 
~[?:1.8.0_151]

at 
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) 
~[?:1.8.0_151]

at 
java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151) 
~[?:1.8.0_151]

at 
java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
 
~[?:1.8.0_151]

at 
java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) 
~[?:1.8.0_151]

at 
java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418) 
~[?:1.8.0_151]

at 
org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataResolverCacheLoader.load(SamlRegisteredServiceMetadataResolverCacheLoader.java:63)
 
~[cas-server-support-saml-idp-5.2.0-RC4-SNAPSHOT.jar:5.2.0-RC4-SNAPSHOT]

at 
org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceMetadataResolverCacheLoader.load(SamlRegisteredServiceMetadataResolverCacheLoader.java:28)
 
~[cas-server-support-saml-idp-5.2.0-RC4-SNAPSHOT.jar:5.2.0-RC4-SNAPSHOT]



Thanks

Naresh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7e297cae-6efa-4164-9f46-05480a0b3ea2%40apereo.org.