Re: [cas-user] New Error -- I broke it LOL

[Jennifer LaVoie]

Ha.. thanks Andy :)

On Tue, May 15, 2018, 21:28 Andy Ng  wrote:

> Hi Jen,
>
> One more thing to note, next time you might want to double check your
> debug log before posting.
>
> I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636",
> so I think you recognized that uri to be confidential.
>
> But I can clearly see the actual ldap server in your debug log. Soo...
> yeah.
>
> - Andy
>
> On Wednesday, 16 May 2018 02:55:55 UTC+8, Jennifer LaVoie wrote:
>>
>> Hi Everyone
>>
>> It was my malformed cas.properties entries for LDAP
>>
>> Working now.
>>
>> Thank you all for your help
>>
>> Jen
>>
>> On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>>>
>>> Looks like the CAS webapp isn't starting. catalina.out should tell you
>>> what happened?
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR OF INFORMATION SECURITY*
>>> INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>>
>>> [image: The New School]
>>>
>>> On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie 
>>> wrote:
>>>
 I updated my pom.xml last week to install LDAP, but I didn't redeploy
 the war file...so I did that today, but now I can't reach
 https://cas3.xxx.xxx/cas/login

 I can still see my self signed cert though, so I didn't wipe out my
 server.xml file...

 If i go to here

 https://cas3.xxx.xxx:8443/  I do see the default apache page is
 loading.


 HTTP Status 404 – Not Found
 --

 *Type* Status Report

 *Message* /cas/login

 *Description* The origin server did not find a current representation
 for the target resource or is not willing to disclose that one exists.
 --
 Apache Tomcat/9.0.7

 What did I break LOL

 Thank gods, I made a snapshot

 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+u...@apereo.org.
 To view this discussion on the web visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org
 
 .

>>>
>>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/203165ec-cce8-4881-bc22-3bf80cd33021%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vFk0HBe1Ldfpof%2B_zaV07uyQ9B7DCQVTdBbjwUrJhn8yg%40mail.gmail.com.

Re: [cas-user] New Error -- I broke it LOL

[Andy Ng]

Hi Jen,

One more thing to note, next time you might want to double check your debug 
log before posting.

I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636", 
so I think you recognized that uri to be confidential.

But I can clearly see the actual ldap server in your debug log. Soo... yeah.

- Andy

On Wednesday, 16 May 2018 02:55:55 UTC+8, Jennifer LaVoie wrote:
>
> Hi Everyone
>
> It was my malformed cas.properties entries for LDAP
>
> Working now.
>
> Thank you all for your help
>
> Jen
>
> On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>>
>> Looks like the CAS webapp isn't starting. catalina.out should tell you 
>> what happened?
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie  
>> wrote:
>>
>>> I updated my pom.xml last week to install LDAP, but I didn't redeploy 
>>> the war file...so I did that today, but now I can't reach 
>>> https://cas3.xxx.xxx/cas/login
>>>
>>> I can still see my self signed cert though, so I didn't wipe out my 
>>> server.xml file...
>>>
>>> If i go to here
>>>
>>> https://cas3.xxx.xxx:8443/  I do see the default apache page is loading.
>>>
>>>
>>> HTTP Status 404 – Not Found
>>> --
>>>
>>> *Type* Status Report
>>>
>>> *Message* /cas/login
>>>
>>> *Description* The origin server did not find a current representation 
>>> for the target resource or is not willing to disclose that one exists.
>>> --
>>> Apache Tomcat/9.0.7
>>>
>>> What did I break LOL
>>>
>>> Thank gods, I made a snapshot
>>>
>>> -- 
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org
>>>  
>>> 
>>> .
>>>
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/203165ec-cce8-4881-bc22-3bf80cd33021%40apereo.org.

Re: [cas-user] User Attributes for SAML 2.0

[David Curry]

The same way you do for CAS services, pretty much. Just list what you want
to return. If you need the uri naming, you can use the "return mapped
attributes" feature; there's an example of that in my doc. Although that
may or may not be necessary depending on the SP.

CAS 5.3 has some improved functionality in this area (uri names plus
friendly names at the same time), but we haven't needed it in our
environment (YMMV).

David A. Curry,  CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York, NY 10003
+1 212 229-5300 x4728 ~ david.cu...@newschool.edu
Sent from my phone; please excuse typos and inane auto-corrections.



On Tue, May 15, 2018, 19:32 John D Giotta  wrote:

> How do I set up user attributes for SAML 2.0?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a7ec4d7-6a6f-41cf-be7d-86cb08ea9e70%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANyqQUK_bESb77Br4R9-_zVSGvUJCNPnhT5tODNrDo%2BaQ%40mail.gmail.com.

[cas-user] User Attributes for SAML 2.0

[John D Giotta]

How do I set up user attributes for SAML 2.0?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a7ec4d7-6a6f-41cf-be7d-86cb08ea9e70%40apereo.org.

Re: [cas-user] Service Registry -- Getting the 1st Application Entered

[Jann Malenkoff]

Hi David:

You Sir --- are a gentleman and a scholar.

Very much appreciated from both of us.

Working exactly as you have outlined.

Please accept out utmost gratitude. 

On Tuesday, May 15, 2018 at 5:15:55 AM UTC-7, David Curry wrote:
>
> Lionel and Jann,
>
> Did you ever have the JSON service registry working? If not, I recommend 
> that you take all the JPA stuff out of pom.xml and cas.properties and get 
> that working correctly first, so that you're only trying to debug one thing 
> at a time. Once you have the JSON service registry working correctly, for 
> both the main server and the management webapp, then it's time to move 
> things to JPA.
>
> The basic steps for moving to JPA *should* be this:
>
> 1. REMOVE the "cas-server-support-json-service-registry" dependency from 
> pom.xml (server and management webapp)
>
> 2. Add the "cas-server-support-jpa-service-registry" dependency and 
> whatever other dependencies go with it to pom.xml (server and management 
> webapp)
>
> 3. Rebuild the server and management webapp
>
> 4. In the server's cas.properties file, include BOTH of these lines:
>
> cas.serviceRegistry.json.location: file:/etc/cas/services
> cas.serviceRegistry.initFromJson:  true
>
>
> The first line should already be there (since before you start these steps 
> you're using the JSON service registry), but you must add the second line.
>
> 5. Add all the lines you need to configure the JPA service registry to the 
> server's cas.properties file.
>
> 6. Start the CAS server (do not start the management webapp). You should 
> see it load the services from the JSON files (again, this should already be 
> working before you start) and then it will magically save them into the JPA 
> registry.
>
> 7. Shut the server down.
>
> 8. Check the database to see that the services actually got loaded there. 
> If not, this is where you need to start debugging. And the first step of 
> that would be setting the log level to "debug" in log4j2.xml, and adding 
> whatever Logger configuration you need to make the Oracle JDBC library log 
> for you as well.
>
> Once you've got the services loaded into the database
>
> 9. Remove the "cas.serviceRegistry.json.location" and 
> "cas.serviceRegistry.initFromJson" properties from the server's 
> cas.properties file.
>
> 10. Remove the "cas.serviceRegistry.json.location" property from, and add 
> all the JPA properties to, the management webapp's management.properties 
> file.
>
> At least, that's the procedure I followed to get the MongoDB service 
> registry working (see 
> https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html).
>  
> I've not used the JPA stuff at all, so no guarantees, but I don't see why 
> it should be any different.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
> On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel  > wrote:
>
>> Changing in "cas.properties"  
>> 'cas.serviceRegistry.json.location:file:/etc/cas/services' to 
>> 'cas.serviceRegistry.json.location:foobar:/etc/cas/services'
>>
>> The above does not generate an error message --- is that a sign it's not 
>> loaded?
>>
>>
>> On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote:
>>>
>>> I'm working with Jann -- attached is our pom file (we call the jar 
>>> my-cas -- which is reflected in the URLs).
>>>
>>> It does not look like the JSON file is loaded -- I don't think it's pom 
>>> related --- but at the moment we are both stumped so anything goes.
>>>
>>> 2018-05-14 20:23:17,715 WARN 
>>> [org.apereo.cas.services.web.ServiceThemeResolver] - >> is found to match 
>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@330c1ecf[id=
>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>>>  
>>> or service access is disallowed. Using default theme [cas-theme-default]>
>>>
>>> On Monday, May 14, 2018 at 5:42:35 PM UTC-7, Jann Malenkoff wrote:


 Attached is my 'cas.properties' file ---  in case I may be missing 
 something there (very likely)


 On Monday, May 14, 2018 at 5:09:12 PM UTC-7, Jann Malenkoff wrote:
>
> I had a minor Eureka moment --- but it came to fraught (partially).
>
> I has a typo in the 'cas.properties' file: 
> cas.serviceRegistry.json.location:file:/etc/cas/service
>
> i,e, 'service' instead of 'services' --- corrected now (validated that 
> the json files are in '/etc/cas/services').
>
> But still no-go...any ideas will be matched by the maximum Karma I 
> can provide.
>
> On Monday, May 14, 2018 at 4:16:39 PM UTC-7, Jann Malenkoff wrote:
>>
>> I'm on 5.2.4 --- 

Re: [cas-user] cas admin pages from every IP?

[Jennifer LaVoie]

Thanks again

what type of pizza do you eat?

On Tue, May 15, 2018 at 4:02 PM, David Curry 
wrote:

> You need to set  cas.adminPagesSecurity.ip to a regular expression that
> matches the IPs you want to let in.
>
> To allow all of 10.28.51 in, you'd have something like this:
>
> cas.adminPagesSecurity.ip:  ^10\\.28\\.51\\.[0-9]{1,3}$
>
> I have something like this:
>
> cas.adminPagesSecurity.ip:  ^192\\.168\\.(50\\.[0-9]{1,3}|
> 1\\.[12]0)$
>
> which allows the entire 192.168.50 subnet, as well as 192.168.1.10 and
> 192.168.1.20 (the load balancers).
>
> You can use the entire regexp syntax in there, so you can go crazy. :-)
>
> You might find this helpful to make sure you get what you want:
> https://www.freeformatter.com/java-regex-tester.html
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> 
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Tue, May 15, 2018 at 3:54 PM, Jennifer LaVoie 
> wrote:
>
>> I want to be able to hit the admin page from any host...is there a way to
>> do that in the /etc/cas/config/cas.properties file?  I tried leaving the
>> entry blank, but no luck
>>
>> my subnet is 10.28.51 so I at least need that so all my sys admins can
>> log in.
>>
>> thanks
>> Jen
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/1323debf-0538-47b1-a9b0-15bed457ab
>> b1%40apereo.org
>> 
>> .
>>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CA%2Bd9XAPkHzFox7gPE73i8O75doQYWQ
> dJJikYJE54rT_J18D%2BFw%40mail.gmail.com
> 
> .
>



-- 
"Confusion is a word we have invented for an order which is not
understood."  ~Henry Miller

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vFuVMSo4moLuz4ErRbaEWPMHs1WhzKk-WrqJy4RpGHp9A%40mail.gmail.com.

Re: [cas-user] cas admin pages from every IP?

[David Curry]

You need to set  cas.adminPagesSecurity.ip to a regular expression that
matches the IPs you want to let in.

To allow all of 10.28.51 in, you'd have something like this:

cas.adminPagesSecurity.ip:  ^10\\.28\\.51\\.[0-9]{1,3}$

I have something like this:

cas.adminPagesSecurity.ip:
^192\\.168\\.(50\\.[0-9]{1,3}|1\\.[12]0)$

which allows the entire 192.168.50 subnet, as well as 192.168.1.10 and
192.168.1.20 (the load balancers).

You can use the entire regexp syntax in there, so you can go crazy. :-)

You might find this helpful to make sure you get what you want:
https://www.freeformatter.com/java-regex-tester.html



--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, May 15, 2018 at 3:54 PM, Jennifer LaVoie 
wrote:

> I want to be able to hit the admin page from any host...is there a way to
> do that in the /etc/cas/config/cas.properties file?  I tried leaving the
> entry blank, but no luck
>
> my subnet is 10.28.51 so I at least need that so all my sys admins can log
> in.
>
> thanks
> Jen
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1323debf-0538-47b1-a9b0-
> 15bed457abb1%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPkHzFox7gPE73i8O75doQYWQdJJikYJE54rT_J18D%2BFw%40mail.gmail.com.

[cas-user] cas admin pages from every IP?

[Jennifer LaVoie]

I want to be able to hit the admin page from any host...is there a way to 
do that in the /etc/cas/config/cas.properties file?  I tried leaving the 
entry blank, but no luck

my subnet is 10.28.51 so I at least need that so all my sys admins can log 
in.

thanks
Jen

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1323debf-0538-47b1-a9b0-15bed457abb1%40apereo.org.

Re: [cas-user] New Error -- I broke it LOL

[Jennifer LaVoie]

Hi Everyone

It was my malformed cas.properties entries for LDAP

Working now.

Thank you all for your help

Jen

On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>
> Looks like the CAS webapp isn't starting. catalina.out should tell you 
> what happened?
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
> On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie  > wrote:
>
>> I updated my pom.xml last week to install LDAP, but I didn't redeploy the 
>> war file...so I did that today, but now I can't reach 
>> https://cas3.xxx.xxx/cas/login
>>
>> I can still see my self signed cert though, so I didn't wipe out my 
>> server.xml file...
>>
>> If i go to here
>>
>> https://cas3.xxx.xxx:8443/  I do see the default apache page is loading.
>>
>>
>> HTTP Status 404 – Not Found
>> --
>>
>> *Type* Status Report
>>
>> *Message* /cas/login
>>
>> *Description* The origin server did not find a current representation 
>> for the target resource or is not willing to disclose that one exists.
>> --
>> Apache Tomcat/9.0.7
>>
>> What did I break LOL
>>
>> Thank gods, I made a snapshot
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdf0c2c1-a6af-461f-a496-467bb5eadb0c%40apereo.org.

Re: [cas-user] CAS Logout Issue

[Ray Bon]

Ramakrishna,

If the TGT is destroyed, then that SSO session is also destroyed even if the 
TGC is not (why TGC is not removed is odd).
If you are still logged in to the client application, your client may not be 
part of single log out (SLO). It is up to the client to manage its own session.
When you say 'valid ticket', do you mean a new service ticket?

You can try these log4j2 options to see what is happening during the logout 
process:


















Ray

On Tue, 2018-05-15 at 15:58 +0530, Ramakrishna G wrote:
On Clicking logout which calls the cas/logout link :

WHO: casuser
WHAT: 
TGT-1-*CPmWzMzi-I-client
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Tue May 15 15:45:17 IST 2018
CLIENT IP ADDRESS: 192.168.111.12
SERVER IP ADDRESS: 192.168.111.12
=



But i can see that in the browser , the TGC cookie still resides , which forces 
me to delete the cookies or close the browser for a fresh login. Is there any 
way to avoid this?

On Sat, May 12, 2018 at 1:45 PM, Ramakrishna G 
> wrote:
Yes it is redirected to logout page, yet cookies is not removed. When I refresh 
it redirects to application with valid ticket instead of redirecting to login 
page.


On Fri, May 11, 2018 at 8:39 PM, Ray Bon > 
wrote:
Ramakrishna,

If the browser is redirected to /cas/logout, the cookies will/should be removed.

Ray

On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote:
Hello Team,

On logout CAS cookies are not removed from browser. I need to forcefully clear. 
What might be the reason?

Thanks
Ramakrishna G

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca.





--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526408970.1817.28.camel%40uvic.ca.

Re: [cas-user] New Error -- I broke it LOL

[Jennifer LaVoie]

ok...I will try that :)

I want to send you a pizza once I get this working LOL

On Tuesday, May 15, 2018 at 1:49:42 PM UTC-4, David Curry wrote:
>
> This is a guess, but your dnFormat doesn't look very AD-ish to me. I note 
> that you have an "ou=Users" in the commented-out bindDn; shouldn't you have 
> that in dnFormat as well?
>
> If you can, bring up one of the AD tools (under Windows) and look yourself 
> up, and copy the DN string exactly.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
> On Tue, May 15, 2018 at 1:31 PM, Jennifer LaVoie  > wrote:
>
>> Thanks Dave...I had to format my ldap stuff in the cas.properties 
>> differently
>>
>> It now looks like this
>>
>> cas.authn.ldap[0].order:0
>> cas.authn.ldap[0].name: Active Directory
>> cas.authn.ldap[0].type: AD
>> cas.authn.ldap[0].ldapUrl:  ldaps://
>> xxx.campus.bridgew.edu:636
>> cas.authn.ldap[0].validatePeriod:   270
>> cas.authn.ldap[0].poolPassivator:   NONE
>> cas.authn.ldap[0].userFilter:   sAMAccountName={user}
>> cas.authn.ldap[0].baseDn:   dc=campus,dc=bridgew,dc=edu
>> #cas.authn.ldap[0].bindDn:  
>>  cn=cas5,ou=Users,dc=campus,dc=bridgew,dc=edu
>> #cas.authn.ldap[0].bindCredential:  
>> cas.authn.ldap[0].dnFormat: cn=%s,dc=campus,dc=bridgew,dc=edu
>>
>> and now the page loads, but I still can't log in
>>
>> When I netstat -anop | grep java
>>
>> [root@cas3-dev bin]# netstat -anop |grep java
>> tcp0  0 127.0.0.1:8005  0.0.0.0:*  
>>  LISTEN  1795/javaoff (0.00/0/0)
>> tcp0  0 0.0.0.0:80090.0.0.0:*  
>>  LISTEN  1795/javaoff (0.00/0/0)
>> tcp0  0 0.0.0.0:84430.0.0.0:*  
>>  LISTEN  1795/javaoff (0.00/0/0)
>> tcp0  0 10.20.32.131:48450  10.20.16.65:636
>>  ESTABLISHED 1795/javaoff (0.00/0/0)
>> tcp0  0 10.20.32.131:48452  10.20.16.65:636
>>  ESTABLISHED 1795/javaoff (0.00/0/0)
>> tcp0  0 10.20.32.131:48446  10.20.16.65:636
>>  ESTABLISHED 1795/javaoff (0.00/0/0)
>> tcp0  0 10.20.32.131:48448  10.20.16.65:636
>>  ESTABLISHED 1795/javaoff (0.00/0/0)
>> tcp0  0 10.20.32.131:48456  10.20.16.65:636
>>  ESTABLISHED 1795/javaoff (0.00/0/0)
>> tcp0  0 10.20.32.131:48454  10.20.16.65:636
>>  ESTABLISHED 1795/javaoff (0.00/0/0)
>> unix  3  [ ] STREAM CONNECTED 314971795/java  
>>   
>> unix  2  [ ] STREAM CONNECTED 314081795/java  
>>   
>> unix  3  [ ] STREAM CONNECTED 314981795/java  
>>   
>> unix  3  [ ] STREAM CONNECTED 307191795/java  
>>   
>> unix  3  [ ] STREAM CONNECTED 307201795/java  
>>   
>> unix  2  [ ] STREAM CONNECTED 317811795/java 
>>
>> so things seem to be bound correctly
>>
>> Here is my catalina.out grepping for jennifer.lavoie (username)
>>
>> 2018-05-15 13:27:45,866 DEBUG 
>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>>  
>> - > handler [Active Directory]>
>> 2018-05-15 13:27:45,867 DEBUG 
>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>>  
>> - > authentication handler [true]>
>> 2018-05-15 13:27:45,868 DEBUG 
>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>>  
>> - > [org.springframework.security.crypto.password.NoOpPasswordEncoder] for 
>> [jennifer.lavoie]>
>> 2018-05-15 13:27:45,868 DEBUG 
>> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>>  
>> - > [jennifer.lavoie]>
>> 2018-05-15 13:27:45,869 DEBUG 
>> [org.apereo.cas.authentication.LdapAuthenticationHandler] - > LDAP authentication for [jennifer.lavoie]. Authenticator pre-configured 
>> attributes are [null], additional requested attributes for this 
>> authentication request are [[]]>
>> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.FormatDnResolver] - 
>> 
>> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.Authenticator] - 
>> > request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
>>  
>> context=null], returnAttributes=[], controls=null]>
>> 2018-05-15 13:27:45,869 DEBUG 
>> [org.ldaptive.auth.PooledBindAuthenticationHandler] - > 

Re: [cas-user] New Error -- I broke it LOL

[David Curry]

This is a guess, but your dnFormat doesn't look very AD-ish to me. I note
that you have an "ou=Users" in the commented-out bindDn; shouldn't you have
that in dnFormat as well?

If you can, bring up one of the AD tools (under Windows) and look yourself
up, and copy the DN string exactly.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, May 15, 2018 at 1:31 PM, Jennifer LaVoie 
wrote:

> Thanks Dave...I had to format my ldap stuff in the cas.properties
> differently
>
> It now looks like this
>
> cas.authn.ldap[0].order:0
> cas.authn.ldap[0].name: Active Directory
> cas.authn.ldap[0].type: AD
> cas.authn.ldap[0].ldapUrl:  ldaps://xxx.campus.bridgew.edu:636
> cas.authn.ldap[0].validatePeriod:   270
> cas.authn.ldap[0].poolPassivator:   NONE
> cas.authn.ldap[0].userFilter:   sAMAccountName={user}
> cas.authn.ldap[0].baseDn:   dc=campus,dc=bridgew,dc=edu
> #cas.authn.ldap[0].bindDn:   cn=cas5,ou=Users,dc=campus,
> dc=bridgew,dc=edu
> #cas.authn.ldap[0].bindCredential:  
> cas.authn.ldap[0].dnFormat: cn=%s,dc=campus,dc=bridgew,dc=edu
>
> and now the page loads, but I still can't log in
>
> When I netstat -anop | grep java
>
> [root@cas3-dev bin]# netstat -anop |grep java
> tcp0  0 127.0.0.1:8005  0.0.0.0:*
>  LISTEN  1795/javaoff (0.00/0/0)
> tcp0  0 0.0.0.0:80090.0.0.0:*
>  LISTEN  1795/javaoff (0.00/0/0)
> tcp0  0 0.0.0.0:84430.0.0.0:*
>  LISTEN  1795/javaoff (0.00/0/0)
> tcp0  0 10.20.32.131:48450  10.20.16.65:636
>  ESTABLISHED 1795/javaoff (0.00/0/0)
> tcp0  0 10.20.32.131:48452  10.20.16.65:636
>  ESTABLISHED 1795/javaoff (0.00/0/0)
> tcp0  0 10.20.32.131:48446  10.20.16.65:636
>  ESTABLISHED 1795/javaoff (0.00/0/0)
> tcp0  0 10.20.32.131:48448  10.20.16.65:636
>  ESTABLISHED 1795/javaoff (0.00/0/0)
> tcp0  0 10.20.32.131:48456  10.20.16.65:636
>  ESTABLISHED 1795/javaoff (0.00/0/0)
> tcp0  0 10.20.32.131:48454  10.20.16.65:636
>  ESTABLISHED 1795/javaoff (0.00/0/0)
> unix  3  [ ] STREAM CONNECTED 314971795/java
>
> unix  2  [ ] STREAM CONNECTED 314081795/java
>
> unix  3  [ ] STREAM CONNECTED 314981795/java
>
> unix  3  [ ] STREAM CONNECTED 307191795/java
>
> unix  3  [ ] STREAM CONNECTED 307201795/java
>
> unix  2  [ ] STREAM CONNECTED 317811795/java
>
> so things seem to be bound correctly
>
> Here is my catalina.out grepping for jennifer.lavoie (username)
>
> 2018-05-15 13:27:45,866 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  credential [jennifer.lavoie] eligibility for authentication handler [Active
> Directory]>
> 2018-05-15 13:27:45,867 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  [jennifer.lavoie] eligibility is [Active Directory] for authentication
> handler [true]>
> 2018-05-15 13:27:45,868 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  encode credential password via [org.springframework.security.
> crypto.password.NoOpPasswordEncoder] for [jennifer.lavoie]>
> 2018-05-15 13:27:45,868 DEBUG [org.apereo.cas.authentication.handler.
> support.AbstractUsernamePasswordAuthenticationHandler] -  authentication internally for transformed credential [jennifer.lavoie]>
> 2018-05-15 13:27:45,869 DEBUG 
> [org.apereo.cas.authentication.LdapAuthenticationHandler]
> -  pre-configured attributes are [null], additional requested attributes for
> this authentication request are [[]]>
> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.FormatDnResolver] -
> 
> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.Authenticator] -
>  request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.
> ldaptive.auth.User@720667905::identifier=jennifer.lavoie, context=null],
> returnAttributes=[], controls=null]>
> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.
> PooledBindAuthenticationHandler] -  criteria=[org.ldaptive.auth.AuthenticationCriteria@
> 157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
> authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@
> 1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
> context=null], returnAttributes=[], controls=null]]>
> 2018-05-15 13:27:45,873 DEBUG [org.ldaptive.BindOperation] -  

Re: [cas-user] New Error -- I broke it LOL

[Jennifer LaVoie]

Thanks Dave...I had to format my ldap stuff in the cas.properties 
differently

It now looks like this

cas.authn.ldap[0].order:0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].ldapUrl:  ldaps://xxx.campus.bridgew.edu:636
cas.authn.ldap[0].validatePeriod:   270
cas.authn.ldap[0].poolPassivator:   NONE
cas.authn.ldap[0].userFilter:   sAMAccountName={user}
cas.authn.ldap[0].baseDn:   dc=campus,dc=bridgew,dc=edu
#cas.authn.ldap[0].bindDn:  
 cn=cas5,ou=Users,dc=campus,dc=bridgew,dc=edu
#cas.authn.ldap[0].bindCredential:  
cas.authn.ldap[0].dnFormat: cn=%s,dc=campus,dc=bridgew,dc=edu

and now the page loads, but I still can't log in

When I netstat -anop | grep java

[root@cas3-dev bin]# netstat -anop |grep java
tcp0  0 127.0.0.1:8005  0.0.0.0:*   LISTEN  
1795/javaoff (0.00/0/0)
tcp0  0 0.0.0.0:80090.0.0.0:*   LISTEN  
1795/javaoff (0.00/0/0)
tcp0  0 0.0.0.0:84430.0.0.0:*   LISTEN  
1795/javaoff (0.00/0/0)
tcp0  0 10.20.32.131:48450  10.20.16.65:636
 ESTABLISHED 1795/javaoff (0.00/0/0)
tcp0  0 10.20.32.131:48452  10.20.16.65:636
 ESTABLISHED 1795/javaoff (0.00/0/0)
tcp0  0 10.20.32.131:48446  10.20.16.65:636
 ESTABLISHED 1795/javaoff (0.00/0/0)
tcp0  0 10.20.32.131:48448  10.20.16.65:636
 ESTABLISHED 1795/javaoff (0.00/0/0)
tcp0  0 10.20.32.131:48456  10.20.16.65:636
 ESTABLISHED 1795/javaoff (0.00/0/0)
tcp0  0 10.20.32.131:48454  10.20.16.65:636
 ESTABLISHED 1795/javaoff (0.00/0/0)
unix  3  [ ] STREAM CONNECTED 314971795/java

unix  2  [ ] STREAM CONNECTED 314081795/java

unix  3  [ ] STREAM CONNECTED 314981795/java

unix  3  [ ] STREAM CONNECTED 307191795/java

unix  3  [ ] STREAM CONNECTED 307201795/java

unix  2  [ ] STREAM CONNECTED 317811795/java 

so things seem to be bound correctly

Here is my catalina.out grepping for jennifer.lavoie (username)

2018-05-15 13:27:45,866 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- 
2018-05-15 13:27:45,867 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- 
2018-05-15 13:27:45,868 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- 
2018-05-15 13:27:45,868 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- 
2018-05-15 13:27:45,869 DEBUG 
[org.apereo.cas.authentication.LdapAuthenticationHandler] - 
2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.FormatDnResolver] - 

2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.Authenticator] - 

2018-05-15 13:27:45,869 DEBUG 
[org.ldaptive.auth.PooledBindAuthenticationHandler] - 
2018-05-15 13:27:45,873 DEBUG [org.ldaptive.BindOperation] - 
2018-05-15 13:27:45,874 DEBUG 
[org.ldaptive.auth.PooledBindAuthenticationHandler] - 
2018-05-15 13:27:45,874 INFO [org.ldaptive.auth.Authenticator] - 

2018-05-15 13:27:45,874 DEBUG [org.ldaptive.auth.Authenticator] - 

2018-05-15 13:27:45,874 DEBUG 
[org.apereo.cas.authentication.LdapAuthenticationHandler] - 
2018-05-15 13:27:45,875 DEBUG 
[org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy]
 
- 
2018-05-15 13:27:45,876 DEBUG 
[org.apereo.cas.authentication.support.DefaultAccountStateHandler] - 

2018-05-15 13:27:45,877 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 

WHO: jennifer.lavoie
WHAT: Supplied credentials: [jennifer.lavoie]
[root@cas3-dev bin]# 




On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>
> Looks like the CAS webapp isn't starting. catalina.out should tell you 
> what happened?
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
> On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie  > wrote:
>
>> I updated my pom.xml last week to install LDAP, but I didn't redeploy the 
>> war file...so I did that today, but now I can't reach 
>> https://cas3.xxx.xxx/cas/login
>>
>> I can still see my self signed cert though, so I didn't wipe out my 
>> server.xml file...
>>
>> If i go to here
>>
>> https://cas3.xxx.xxx:8443/  I do see the default apache page is loading.
>>
>>
>> HTTP Status 

Re: [cas-user] Re: CAS not redirecting to service after successful authentication.

[Ray Bon]

Neha,

I have not used the .NET client. There may be more configuration that can be 
done.
One possibility is certificate validity. For .NET client to connect to CAS 
during ticket validation, CAS needs to verify client certificate.
Are you using self signed certificates? If so, they need to be added to the JVM 
running CAS.

Ray

On Mon, 2018-05-14 at 04:13 -0700, Neha Gupta wrote:
Hello Ray,

Request you to please help me out with this.
Please let me know in case you need any other information.


Regards
Neha Gupta

On Wednesday, May 9, 2018 at 10:25:46 AM UTC+2, Neha Gupta wrote:
Hello Ray,

Yes that what is clear from the traces that service ticket are getting 
generated but not validated. I have done all the configuration required in 
ASP.NET application.
Infact i just included the "DotNetCasClient" package and everything was done 
automatically. I just changed the values of some attributes like 
casServerLoginUrl, casServerUrlPrefix etc.

Below is the link which i followed for doing the changes in 
ASP.NET application: -
https://github.com/apereo/dotnet-cas-client#integration-instructions

I don't have any idea as what can be done to solve this problem and i would 
greatly appreciate if your community can help me out to solve the issue.

I am attaching web.config file for reference here.

PS: - I don't have any intention of using any particular ticket validator. 
Initially i tried with Cas20 but as it was not working so i switched to Saml11 
which though working but not redirecting to the ASP.NET 
application.


Regards
Neha Gupta


On Tuesday, May 8, 2018 at 6:39:44 PM UTC+2, rbon wrote:
Neha,

There may be other settings that need to be modified when switching from SAML11 
to CAS20. ST are being created but not validated. Your ASP.NET 
client is not configured correctly.

Ray

On Tue, 2018-05-08 at 03:56 -0700, Neha Gupta wrote:
Hello Andy,

Thanks for reply.
I was also wondering about the TARGET in the URL and i think its because of the 
ticketValidatorName="Saml11" mentioned in the web.config file of 
ASP.NET application and when i change the value of 
"ticketValidatorName" to Cas10 or Cas20 then it does not work at all.Also 
please find attached traces of the same.

Hope this will help.


Regards
Neha Gupta




On Tuesday, May 8, 2018 at 3:40:21 AM UTC+2, Andy Ng wrote:
Hi Neha,

Would like to know in which documentation do you know about the parameter 
TARGET in 
"https://idiv-dev1:8443/cas/login?TARGET=http%3a%2f%2flocalhost%3a60397%2f;, I 
didn't see this parameter in the official documentation.
Maybe it is something related to ASP.NET?

Anyway, the usual parameter for defining service in CAS is "service", that 
means your url should be 
"https://idiv-dev1:8443/cas/login?service=http%3a%2f%2flocalhost%3a60397%2f;

It is nice that you attached the debug log:
- I can see that the service is register successfully based on "", so your service registration 
is correct.

Regarding the part related to ASP.NET, I have no idea so I 
would not comment on that. But i think since you can login success, the 
ASP.NET part should be fine as is.

Cheers!
- Andy


On Monday, 7 May 2018 22:12:34 UTC+8, Neha Gupta wrote:
Dear All,

I am trying to integrate CAS with ASP.NET application.
Everything is working fine but CAS is not able to redirect to the destination 
service and showing its own logged in page.

Final URL is: - 
https://idiv-dev1:8443/cas/login?TARGET=http%3a%2f%2flocalhost%3a60397%2f

where in TARGET my service URL is defined where i want CAS to redirect .

Following configuration i have done in "web.config" file: -

https://idiv-dev1:8443/cas/login;
casServerUrlPrefix="https://idiv-dev1:8443/cas/;
serverName="http://localhost:60397/;
notAuthorizedUrl="~/NotAuthorized.aspx"
redirectAfterValidation="true"
 renew="false"
singleSignOut="true"
ticketValidatorName="Saml11"
serviceTicketManager="CacheServiceTicketManager"
 />

 
  https://idiv-dev1:8443/cas/login; cookieless="UseCookies" />


Along with this configuration i have also mentioned in "FilterConfig.cs" below 
two lines: -

filters.Add(new System.Web.Mvc.AuthorizeAttribute());
filters.Add(new RequireHttpsAttribute());


Please let me know where is the problem as i have no clue.

PS: - I have registered the service with CAS and also below service is present 
which authorizes all services to pass through CAS: -
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps|http)://.*",
  "name" : "Apereo",
  "theme" : "apereo",
  "id" : 1002,
  "description" : "Apereo foundation sample service",
  "evaluationOrder" : 1
   "accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
  }
}




Regards
Neha Gupta



--
Ray Bon
Programmer analyst
Development Services, 

[cas-user] InCommon Federation

[Scott Green]

Has anyone here had success in getting the InCommon Federation setup to use 
the Shibboleth side of CAS 5.2.X?  If so are you having to add each entity 
individually, or were you able to use a single entry to get the entire 
scope?  We are looking at migrating our instance out of ADFS, and into CAS, 
but if that's not possible we may abandon both in favor of Shibboleth.  I'm 
just looking for any help on that, as I feel like CAS is our best option 
for IDP.

Thanks,

Scott

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f2b829fe-993a-47f8-9815-aa079933e207%40apereo.org.

Re: [cas-user] Error - Service Registry json

[David Curry]

If you're using the JSON service registry, services are supposed to be
defined one service per file, with all the files stored in a directory. And
there is a naming convention for the files:
JSON fileName = serviceName + "-" + serviceNumericId + ".json"

See
https://apereo.github.io/cas/development/installation/JSON-Service-Management.html
for details.




--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, May 15, 2018 at 12:23 PM, Jay 
wrote:

> Hi Everyone,
> Could someone help me to get this ERROR fixed.
>
> Below is the entry from my json file
> Filename: serviceRegistry-1524464822.json
> [
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(https|imaps|http)://.*",
> "name" : "HTTPS/IMAPS wildcard",
> "id" : 20170905111650,
> "evaluationOrder" : 9
> },
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "https://www.google.com/a/dev..com/acs",
> "name" : "googleApps",
> "id" : 1000,
> "evaluationOrder" : 10
> }
> ]
>
> I see this error in the logs.
> [1;31m2018-05-15 11:14:10,091 ERROR [org.apereo.cas.util.serialization.
> AbstractJacksonBackedStringSerializer] -  [[{"@class":"org.apereo.cas.services.RegexRegisteredService","
> serviceId":"^(https|imaps|http)://.*","name":"HTTPS/IMAPS wil...] to
> deserialize into type [interface org.apereo.cas.services.RegisteredService].
> This may be caused in the absence of a configuration/support module that
> knows how to interpret the fragment, specially if the fragment describes a
> CAS registered service definition. Internal parsing error is [Unexpected
> token (START_OBJECT), expected VALUE_STRING: need JSON String that contains
> type id (for subtype of org.apereo.cas.services.RegisteredService)
>  at [Source: (String)"[{"@class":"org.apereo.cas.services.
> RegexRegisteredService","serviceId":"^(https|imaps|
> http)://.*","name":"HTTPS/IMAPS wildcard","id":20170905111650,
> "evaluationOrder":9},{"@class":"org.apereo.cas.services.
> RegexRegisteredService","serviceId":"https://www.google.com/a/dev
> ..com/acs","name":"googleApps","id":1000,"evaluationOrder":10}]";
> line: 1, column: 2]]> [m
> [36m2018-05-15 11:14:10,091 DEBUG [org.apereo.cas.util.serialization.
> AbstractJacksonBackedStringSerializer] -  (START_OBJECT), expected VALUE_STRING: need JSON String that contains type
> id (for subtype of org.apereo.cas.services.RegisteredService)
>  at [Source: (String)"[{"@class":"org.apereo.cas.services.
> RegexRegisteredService","serviceId":"^(https|imaps|
> http)://.*","name":"HTTPS/IMAPS wildcard","id":20170905111650,
> "evaluationOrder":9},{"@class":"org.apereo.cas.services.
> RegexRegisteredService","serviceId":"https://www.google.com/a/dev
> ..com/acs","name":"googleApps","id":1000,"evaluationOrder":10}]";
> line: 1, column: 2]> [m
> com.fasterxml.jackson.databind.exc.MismatchedInputException: Unexpected
> token (START_OBJECT), expected VALUE_STRING: need JSON String that contains
> type id (for subtype of org.apereo.cas.services.RegisteredService)
>  at [Source: (String)"[{"@class":"org.apereo.cas.services.
> RegexRegisteredService","serviceId":"^(https|imaps|
> http)://.*","name":"HTTPS/IMAPS wildcard","id":20170905111650,
> "evaluationOrder":9},{"@class":"org.apereo.cas.services.
> RegexRegisteredService","serviceId":"https://www.google.com/a/dev
> ..com/acs","name":"googleApps","id":1000,"evaluationOrder":10}]";
> line: 1, column: 2]
> at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(
> MismatchedInputException.java:59) ~[jackson-databind-2.9.3.jar:2.9.3]
> at com.fasterxml.jackson.databind.DeserializationContext.
> wrongTokenException(DeserializationContext.java:1498)
> ~[jackson-databind-2.9.3.jar:2.9.3]
> at com.fasterxml.jackson.databind.DeserializationContext.
> reportWrongTokenException(DeserializationContext.java:1273)
> ~[jackson-databind-2.9.3.jar:2.9.3]
> at com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer._
> locateTypeId(AsArrayTypeDeserializer.java:151)
> ~[jackson-databind-2.9.3.jar:2.9.3]
> at com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer._
> deserialize(AsArrayTypeDeserializer.java:96) ~[jackson-databind-2.9.3.jar:
> 2.9.3]
> at com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer.
> deserializeTypedFromAny(AsArrayTypeDeserializer.java:71)
> ~[jackson-databind-2.9.3.jar:2.9.3]
> at com.fasterxml.jackson.databind.jsontype.impl.
> AsPropertyTypeDeserializer._deserializeTypedUsingDefaultIm
> pl(AsPropertyTypeDeserializer.java:148) ~[jackson-databind-2.9.3.jar:
> 2.9.3]
> at com.fasterxml.jackson.databind.jsontype.impl.
> AsPropertyTypeDeserializer.deserializeTypedFromObject(
> AsPropertyTypeDeserializer.java:88) ~[jackson-databind-2.9.3.jar:2.9.3]
> at 

[cas-user] Error - Service Registry json

[Jay]

Hi Everyone,
Could someone help me to get this ERROR fixed.

Below is the entry from my json file
Filename: serviceRegistry-1524464822.json
[
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps|http)://.*",
"name" : "HTTPS/IMAPS wildcard",
"id" : 20170905111650,
"evaluationOrder" : 9
},
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://www.google.com/a/dev..com/acs",
"name" : "googleApps",
"id" : 1000,
"evaluationOrder" : 10
}
]

I see this error in the logs.
 [1;31m2018-05-15 11:14:10,091 ERROR 
[org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - 
https://www.google.com/a/dev..com/acs","name":"googleApps","id":1000,"evaluationOrder":10}]";
 
line: 1, column: 2]]> [m
 [36m2018-05-15 11:14:10,091 DEBUG 
[org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - 
https://www.google.com/a/dev..com/acs","name":"googleApps","id":1000,"evaluationOrder":10}]";
 
line: 1, column: 2]> [m
com.fasterxml.jackson.databind.exc.MismatchedInputException: Unexpected 
token (START_OBJECT), expected VALUE_STRING: need JSON String that contains 
type id (for subtype of org.apereo.cas.services.RegisteredService)
 at [Source: 
(String)"[{"@class":"org.apereo.cas.services.RegexRegisteredService","serviceId":"^(https|imaps|http)://.*","name":"HTTPS/IMAPS
 
wildcard","id":20170905111650,"evaluationOrder":9},{"@class":"org.apereo.cas.services.RegexRegisteredService","serviceId":"https://www.google.com/a/dev..com/acs","name":"googleApps","id":1000,"evaluationOrder":10}]";
 
line: 1, column: 2]
at 
com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:59)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.DeserializationContext.wrongTokenException(DeserializationContext.java:1498)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.DeserializationContext.reportWrongTokenException(DeserializationContext.java:1273)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer._locateTypeId(AsArrayTypeDeserializer.java:151)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer._deserialize(AsArrayTypeDeserializer.java:96)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer.deserializeTypedFromAny(AsArrayTypeDeserializer.java:71)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedUsingDefaultImpl(AsPropertyTypeDeserializer.java:148)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:88)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.deser.AbstractDeserializer.deserializeWithType(AbstractDeserializer.java:254)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.deser.impl.TypeWrappedDeserializer.deserialize(TypeWrappedDeserializer.java:68)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001)
 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2992) 
~[jackson-databind-2.9.3.jar:2.9.3]
at 
org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer.readObjectFromJson(AbstractJacksonBackedStringSerializer.java:232)
 
~[cas-server-core-util-api-5.3.0-RC2.jar:5.3.0-RC2]
at 
org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer.from(AbstractJacksonBackedStringSerializer.java:108)
 
~[cas-server-core-util-api-5.3.0-RC2.jar:5.3.0-RC2]
at 
org.apereo.cas.util.serialization.StringSerializer.load(StringSerializer.java:100)
 
~[cas-server-core-util-api-5.3.0-RC2.jar:5.3.0-RC2]
at 
org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistryDao.lambda$load$4(AbstractResourceBasedServiceRegistryDao.java:269)
 
~[cas-server-core-services-registry-5.3.0-RC2.jar:5.3.0-RC2]
at 
org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistryDao$$Lambda$161/230611610.apply(Unknown
 
Source) ~[?:?]
at 
java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) 
~[?:1.8.0_31]
at 
java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) 
~[?:1.8.0_31]
at 
java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) 
~[?:1.8.0_31]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:512) 
~[?:1.8.0_31]
at 
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:502) 
~[?:1.8.0_31]
at 
java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) 
~[?:1.8.0_31]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) 
~[?:1.8.0_31]
at 

Re: [cas-user] New Error -- I broke it LOL

[David Curry]

Looks like the CAS webapp isn't starting. catalina.out should tell you what
happened?

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie 
wrote:

> I updated my pom.xml last week to install LDAP, but I didn't redeploy the
> war file...so I did that today, but now I can't reach
> https://cas3.xxx.xxx/cas/login
>
> I can still see my self signed cert though, so I didn't wipe out my
> server.xml file...
>
> If i go to here
>
> https://cas3.xxx.xxx:8443/  I do see the default apache page is loading.
>
>
> HTTP Status 404 – Not Found
> --
>
> *Type* Status Report
>
> *Message* /cas/login
>
> *Description* The origin server did not find a current representation for
> the target resource or is not willing to disclose that one exists.
> --
> Apache Tomcat/9.0.7
>
> What did I break LOL
>
> Thank gods, I made a snapshot
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-
> 919c9dfca886%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMCN8f6bWmqyyMsgME3Kg3UbBB7USQ4SC_tN1B6SspYcw%40mail.gmail.com.

[cas-user] New Error -- I broke it LOL

[Jennifer LaVoie]

I updated my pom.xml last week to install LDAP, but I didn't redeploy the 
war file...so I did that today, but now I can't reach 
https://cas3.xxx.xxx/cas/login

I can still see my self signed cert though, so I didn't wipe out my 
server.xml file...

If i go to here

https://cas3.xxx.xxx:8443/  I do see the default apache page is loading.


HTTP Status 404 – Not Found
--

*Type* Status Report

*Message* /cas/login

*Description* The origin server did not find a current representation for 
the target resource or is not willing to disclose that one exists.
--
Apache Tomcat/9.0.7

What did I break LOL

Thank gods, I made a snapshot

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org.

[cas-user] Re: Oauth2 duplicate service definition

[Kirill Gagarski]

If you are still interested I've faced the same problem and managed to 
solve it.

Here is the code responsible for registering OAuth service to CAS.


@PostConstruct
public void initializeServletApplicationContext() {
final String oAuthCallbackUrl = casProperties.getServer().getPrefix() + 
BASE_OAUTH20_URL + '/' + CALLBACK_AUTHORIZE_URL_DEFINITION;


final Service callbackService = this.webApplicationServiceFactory.
createService(oAuthCallbackUrl);
final RegisteredService svc = servicesManager.findServiceBy(
callbackService);


if (svc == null || !svc.getServiceId().equals(oAuthCallbackUrl)) {
// Register a new service
// ...
}
}


When CAS is first started after enabling OAuth support, svc is null, so the 
new service is created. The next time it should be able to find this 
service in the registry and match its serviceId. My problem was that I have 
created a wildcard service for debugging purposes:

--- !
serviceId: ".*"
name: "any"
id: 1000
description: "Any Service"
attributeReleasePolicy: !
  authorizedToReleaseProxyGrantingTicket: true
accessStrategy: !
  enabled: true
  ssoEnabled: true
proxyPolicy: !
  pattern: ".*"
allowedAttributes:
  employeeID

And this service was the one found by 
servicesManager.findServiceBy(callbackService) 
(wildcard service definitely matches the callback URL). So the thing you 
should do is to remove this wildcard service or make it a bit less wildcard 
with some dark regex magic (this part is left as an exercise for the reader
).

On Monday, January 8, 2018 at 5:32:57 PM UTC+3, Cliff Ingham wrote:
>
> CAS is creating a new, duplicate service definition for OAuth every time 
> it starts up.  Has anyone else seen this behavior?  Is there some 
> configuration I'm missing?
>
> CAS 5.2  running in Tomcat
>
> 2018-01-08 09:24:40,006 INFO [org.apereo.cas.services.
> AbstractServicesManager] -  JsonServiceRegistryDao].>
> Exception in thread "JsonServiceRegistryDao" java.lang.
> NullPointerException
> at org.apereo.cas.services.AbstractResourceBasedServiceRegistryDao
> .lambda$enableServicesDirectoryPathWatcher$4(
> AbstractResourceBasedServiceRegistryDao.java:156)
> at org.apereo.cas.util.io.PathWatcherService.lambda$handleEvent$3(
> PathWatcherService.java:143)
> at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.
> java:184)
> at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline
> .java:175)
> at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(
> ArrayList.java:1380)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.
> java:481)
> at java.util.stream.AbstractPipeline.wrapAndCopyInto(
> AbstractPipeline.java:471)
> at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(
> ForEachOps.java:151)
> at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(
> ForEachOps.java:174)
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.
> java:234)
> at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.
> java:418)
> at org.apereo.cas.util.io.PathWatcherService.handleEvent(
> PathWatcherService.java:130)
> at org.apereo.cas.util.io.PathWatcherService.run(
> PathWatcherService.java:102)
> at java.lang.Thread.run(Thread.java:748)
> 2018-01-08 09:24:42,233 WARN [org.apereo.inspektr.common.spi.
> DefaultClientInfoResolver] -  empty ClientInfo object.>
> 2018-01-08 09:24:42,240 INFO [org.apereo.inspektr.audit.support.
> Slf4jLoggingAuditTrailManager] -  =
> WHO: audit:unknown
> WHAT: id=4051071662286337436,name=RegexRegisteredService,description=OAuth 
> Authentication Callback Request URL,serviceId=https:/...
> ACTION: SAVE_SERVICE_SUCCESS
> APPLICATION: CAS
> WHEN: Mon Jan 08 09:24:42 EST 2018
> CLIENT IP ADDRESS: unknown
> SERVER IP ADDRESS: unknown
> =
>
> >
> 2018-01-08 09:24:43,702 WARN [org.apereo.cas.services.
> AbstractResourceBasedServiceRegistryDao] -  https://drifter.bloomington.in.gov/cas/oauth2.0/callbackAuthorize.*] with 
> a duplicate id [4051071662286337536]. This will overwrite previous service 
> definitions and is likely a configuration problem. Make sure all services 
> have a unique id and try again.>
> 2018-01-08 09:24:55,958 WARN [org.apereo.cas.util.cipher.
> BaseStringCipherExecutor] -  [Ticket-granting Cookie]; CAS will attempt to auto-generate the 
> encryption key>
> 2018-01-08 09:24:55,967 WARN [org.apereo.cas.util.cipher.
> BaseStringCipherExecutor] -  c9ml4YbTIpU64Mqz6mSuP_LU] of size [256] for [Ticket-granting Cookie]. The 
> generated key MUST be added to CAS settings under setting [cas.tgc.crypto.
> encryption.key].>
> 2018-01-08 09:24:55,970 WARN [org.apereo.cas.util.cipher.
> BaseStringCipherExecutor] -  Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key
> >
> 2018-01-08 

[cas-user] Re: Surrogate module execution problem: @Autowired Set<Class>

[Christian Poirier]

I did a workaround by making a change to handledAuthenticationExceptions 
and the @PostConstruct init() method.
//@Autowired
//@Qualifier("handledAuthenticationExceptions")
private Set handledAuthenticationExceptions;

@PostConstruct
public void init() {
this.handledAuthenticationExceptions = new HashSet();

this.handledAuthenticationExceptions.add(SurrogateAuthenticationException.class);
}





Le vendredi 11 mai 2018 09:05:00 UTC-4, Christian Poirier a écrit :
>
> Hi
>
> Look at the error I receive when I start CAS after I add the Surrogate 
> module:
>
>
> 2018-05-10 14:58:34,029 ERROR [org.springframework.boot.SpringApplication] 
> - 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'surrogateAuthenticationWebflowConfiguration': 
> Unsatisfied dependency expressed through field 
> 'handledAuthenticationExceptions'; nested exception is 
> org.springframework.beans.factory.NoSuchBeanDefinitionException: No 
> qualifying bean of type 'java.util.Set>' available: expected at least 1 bean which qualifies as autowire 
> candidate. Dependency annotations: 
> {@org.springframework.beans.factory.annotation.Autowired(required=true), 
> @org.sp
>
> ringframework.beans.factory.annotation.Qualifier(value=handledAuthenticationExceptions)}
> at 
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:588)
>  
> ~[spring-beans-4.3.14
> .RELEASE.jar:4.3.14.RELEASE]
>
> The code causing the problem is the following lines and it is in then 
> SurrogateAuthenticationWebFlowConfiguration.java:
> @Autowired
> @Qualifier("handledAuthenticationExceptions")
> private Set handledAuthenticationExceptions;
>
>
>
>
> As I am a newbie in Java and Spring, what to do to correct this?
>
>
> Thanks in advance
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed1f8bf8-21e8-4e0a-b648-a750cf6ba77d%40apereo.org.

Re: [cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

[David Curry]

If you're using ldap.type=AD, you should not be using a bind credential.

If you want to use a bind credential, you should use
ldap.type=AUTHENTICATED.

See
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1
for more info on ldap.type.

--Dave





--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, May 15, 2018 at 9:04 AM, Jennifer LaVoie 
wrote:

> Hello Everyone
>
> I am trying to get CAS to work with AD.  I am getting the following error
> and authentication fails.  I already have the OS bound to AD for OS login,
> so I know there is not firewall issue or anything.  I am wondering if I
> have the right libraries and jar files?  I did update my pom.xml and run
> maven again to (i hope) install the ldap stuff.
>
> Here is my cas.properties (some fields masked)
>
> cas.server.name: https://cas3-dev.campus.bridgew.edu
> cas.server.prefix: ${cas.server.name}/cas
>
> cas.adminPagesSecurity.ip=127\.0\.0\.1
>
> cas.tgc.secure: true
> cas.tgc.crypto.signing.key: xxx
> cas.tgc.crypto.encryption.key: xxx
> cas.webflow.crypto.signing.key: xxx
> cas.webflow.crypto.encryption.key: xxx
>
>
> logging.config: file:/etc/cas/config/log4j2.xml
> cas.serviceRegistry.json.config.location: file:/etc/cas/services
>
> cas.authn.accept.users:
>
> cas.authn.ldap[0].order:0
> cas.authn.ldap[0].name: Active Directory
> cas.authn.ldap[0].type: AD
> cas.authn.ldap[0].ldapUrl:  ldap://boydendc-prd.campus.
> bridgew.edu:389
> cas.authn.ldap[0].validatePeriod:   270
> cas.authn.ldap[0].poolPassivator:   NONE
> cas.authn.ldap[0].userFilter:   sAMAccountName={user}
> cas.authn.ldap[0].baseDn:   dc=campus,dc=bridgew,dc=edu
> cas.authn.ldap[0].bindDn:   "cn=cassrch,ou=BEIS-CAS,ou=IT
> Admin,dc=campus,dc=bridgew,dc=edu"
> cas.authn.ldap[1].bindCredential:  xx
> cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu
>
> This is a tail of my catalina.out
>
> 15-May-2018 08:53:40.825 INFO [main] 
> org.apache.catalina.startup.HostConfig.deployDirectory
> Deployment of web application directory [/opt/apache/webapps/cas] has
> finished in [32,744] ms
> 15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["https-jsse-nio-8443"]
> 15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["ajp-nio-8009"]
> 15-May-2018 08:53:40.843 INFO [main] 
> org.apache.catalina.startup.Catalina.start
> Server startup in 33115 ms
> 2018-05-15 08:54:00,803 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] -  [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]:
> PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
> 2018-05-15 08:54:10,812 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,812 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,815 INFO 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - <[0] expired tickets removed.>
> 2018-05-15 08:54:10,815 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,815 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] - 
> 2018-05-15 08:55:00,804 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction]
> - 
> 2018-05-15 08:55:42,526 DEBUG 
> [org.apereo.cas.authentication.principal.WebApplicationServiceFactory]
> - 
> 2018-05-15 08:55:42,527 DEBUG 
> [org.apereo.cas.web.support.DefaultArgumentExtractor]
> - 
> 2018-05-15 08:55:42,527 DEBUG 
> [org.apereo.cas.web.support.AbstractArgumentExtractor]
> - 
> 2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] -
> 
> 2018-05-15 08:55:42,553 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> -  =
> WHO: audit:unknown
> WHAT: [event=success,timestamp=Tue May 15 08:55:42 EDT 2018,source=
> RankedAuthenticationProviderWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue May 15 08:55:42 EDT 2018
> CLIENT IP ADDRESS: 10.28.51.56
> SERVER IP ADDRESS: 10.20.32.131
> 

[cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

[Jennifer LaVoie]

Hello Everyone

I am trying to get CAS to work with AD.  I am getting the following error 
and authentication fails.  I already have the OS bound to AD for OS login, 
so I know there is not firewall issue or anything.  I am wondering if I 
have the right libraries and jar files?  I did update my pom.xml and run 
maven again to (i hope) install the ldap stuff.

Here is my cas.properties (some fields masked)

cas.server.name: https://cas3-dev.campus.bridgew.edu
cas.server.prefix: ${cas.server.name}/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

cas.tgc.secure: true
cas.tgc.crypto.signing.key: xxx
cas.tgc.crypto.encryption.key: xxx
cas.webflow.crypto.signing.key: xxx
cas.webflow.crypto.encryption.key: xxx


logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.json.config.location: file:/etc/cas/services

cas.authn.accept.users:

cas.authn.ldap[0].order:0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].ldapUrl:  
ldap://boydendc-prd.campus.bridgew.edu:389
cas.authn.ldap[0].validatePeriod:   270
cas.authn.ldap[0].poolPassivator:   NONE
cas.authn.ldap[0].userFilter:   sAMAccountName={user}
cas.authn.ldap[0].baseDn:   dc=campus,dc=bridgew,dc=edu
cas.authn.ldap[0].bindDn:   "cn=cassrch,ou=BEIS-CAS,ou=IT 
Admin,dc=campus,dc=bridgew,dc=edu"
cas.authn.ldap[1].bindCredential:  xx
cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu

This is a tail of my catalina.out

15-May-2018 08:53:40.825 INFO [main] 
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web 
application directory [/opt/apache/webapps/cas] has finished in [32,744] ms
15-May-2018 08:53:40.830 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["https-jsse-nio-8443"]
15-May-2018 08:53:40.841 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["ajp-nio-8009"]
15-May-2018 08:53:40.843 INFO [main] 
org.apache.catalina.startup.Catalina.start Server startup in 33115 ms
2018-05-15 08:54:00,803 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:54:00,804 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:54:10,807 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2018-05-15 08:54:10,812 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,812 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,815 INFO 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] 
expired tickets removed.>
2018-05-15 08:54:10,815 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,815 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,816 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2018-05-15 08:55:00,804 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:55:00,805 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:55:42,520 INFO 
[org.apereo.cas.web.flow.InitialFlowSetupAction] - 
2018-05-15 08:55:42,526 DEBUG 
[org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - 

2018-05-15 08:55:42,527 DEBUG 
[org.apereo.cas.web.support.DefaultArgumentExtractor] - 
2018-05-15 08:55:42,527 DEBUG 
[org.apereo.cas.web.support.AbstractArgumentExtractor] - 
2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - 

2018-05-15 08:55:42,553 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2018-05-15 08:55:42,884 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,885 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,885 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,886 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,887 DEBUG 
[org.apereo.cas.services.web.ServiceThemeResolver] - 
2018-05-15 08:55:42,887 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,887 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:43,864 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:43,865 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:43,866 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:43,868 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:44,024 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:44,025 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:44,025 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:44,026 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 

Re: [cas-user] Service Registry -- Getting the 1st Application Entered

[David Curry]

Lionel and Jann,

Did you ever have the JSON service registry working? If not, I recommend
that you take all the JPA stuff out of pom.xml and cas.properties and get
that working correctly first, so that you're only trying to debug one thing
at a time. Once you have the JSON service registry working correctly, for
both the main server and the management webapp, then it's time to move
things to JPA.

The basic steps for moving to JPA *should* be this:

1. REMOVE the "cas-server-support-json-service-registry" dependency from
pom.xml (server and management webapp)

2. Add the "cas-server-support-jpa-service-registry" dependency and
whatever other dependencies go with it to pom.xml (server and management
webapp)

3. Rebuild the server and management webapp

4. In the server's cas.properties file, include BOTH of these lines:

cas.serviceRegistry.json.location: file:/etc/cas/services
cas.serviceRegistry.initFromJson:  true


The first line should already be there (since before you start these steps
you're using the JSON service registry), but you must add the second line.

5. Add all the lines you need to configure the JPA service registry to the
server's cas.properties file.

6. Start the CAS server (do not start the management webapp). You should
see it load the services from the JSON files (again, this should already be
working before you start) and then it will magically save them into the JPA
registry.

7. Shut the server down.

8. Check the database to see that the services actually got loaded there.
If not, this is where you need to start debugging. And the first step of
that would be setting the log level to "debug" in log4j2.xml, and adding
whatever Logger configuration you need to make the Oracle JDBC library log
for you as well.

Once you've got the services loaded into the database

9. Remove the "cas.serviceRegistry.json.location" and
"cas.serviceRegistry.initFromJson" properties from the server's
cas.properties file.

10. Remove the "cas.serviceRegistry.json.location" property from, and add
all the JPA properties to, the management webapp's management.properties
file.

At least, that's the procedure I followed to get the MongoDB service
registry working (see
https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html).
I've not used the JPA stuff at all, so no guarantees, but I don't see why
it should be any different.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel 
wrote:

> Changing in "cas.properties"  'cas.serviceRegistry.json.
> location:file:/etc/cas/services' to 'cas.serviceRegistry.json.
> location:foobar:/etc/cas/services'
>
> The above does not generate an error message --- is that a sign it's not
> loaded?
>
>
> On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote:
>>
>> I'm working with Jann -- attached is our pom file (we call the jar my-cas
>> -- which is reflected in the URLs).
>>
>> It does not look like the JSON file is loaded -- I don't think it's pom
>> related --- but at the moment we are both stumped so anything goes.
>>
>> 2018-05-14 20:23:17,715 WARN 
>> [org.apereo.cas.services.web.ServiceThemeResolver]
>> - > .principal.SimpleWebApplicationServiceImpl@330c1ecf[id=http:
>> //localhost:8080/cas-management/manage.html,originalUrl=http://localhost:
>> 8080/cas-management/manage.html,artifactId=,principal=,
>> loggedOutAlready=false,format=XML]] or service access is disallowed.
>> Using default theme [cas-theme-default]>
>>
>> On Monday, May 14, 2018 at 5:42:35 PM UTC-7, Jann Malenkoff wrote:
>>>
>>>
>>> Attached is my 'cas.properties' file ---  in case I may be missing
>>> something there (very likely)
>>>
>>>
>>> On Monday, May 14, 2018 at 5:09:12 PM UTC-7, Jann Malenkoff wrote:

 I had a minor Eureka moment --- but it came to fraught (partially).

 I has a typo in the 'cas.properties' file:
 cas.serviceRegistry.json.location:file:/etc/cas/service

 i,e, 'service' instead of 'services' --- corrected now (validated that
 the json files are in '/etc/cas/services').

 But still no-go...any ideas will be matched by the maximum Karma I
 can provide.

 On Monday, May 14, 2018 at 4:16:39 PM UTC-7, Jann Malenkoff wrote:
>
> I'm on 5.2.4 --- I had earlier the 5.1 (i.e. cas.serviceRegistry
> .config.location) in 'cas.properties'--- now, updated to below (the
> 5.2.x version)
>
> cas.serviceRegistry.json.location:file:/etc/cas/service
> cas.serviceRegistry.initFromJson=true
>
> Still getting error below:
>
> 2018-05-14 16:11:41,016 WARN 
> [org.apereo.cas.services.web.ServiceThemeResolver]
> -  .principal.SimpleWebApplicationServiceImpl@3f670479[id=http:
> 

RE: [cas-user] Service Registry -- Getting the 1st Application Entered

[King, Robert]

Does the tomcat service have proper read rights to the json files and/or the 
/etc/cas/services/ directories?

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Jann 
Malenkoff
Sent: May-14-18 9:39 PM
To: CAS Community 
Subject: Re: [cas-user] Service Registry -- Getting the 1st Application Entered

I had a minor Eureka moment --- but it came to fraught (partially).

I has a typo in the 'cas.properties' file: 
cas.serviceRegistry.json.location:file:/etc/cas/service

i,e, 'service' instead of 'services' --- corrected now (validated that the json 
files are in '/etc/cas/services').

But still no-go...any ideas will be matched by the maximum Karma I can 
provide.

On Monday, May 14, 2018 at 4:16:39 PM UTC-7, Jann Malenkoff wrote:
I'm on 5.2.4 --- I had earlier the 5.1 (i.e. 
cas.serviceRegistry.config.location) in 'cas.properties'--- now, updated to 
below (the 5.2.x version)

cas.serviceRegistry.json.location:file:/etc/cas/service
cas.serviceRegistry.initFromJson=true

Still getting error below:

2018-05-14 16:11:41,016 WARN [org.apereo.cas.services.web.ServiceThemeResolver] 
- http://localhost:8080/cas-management/manage.html,originalUrl=http://locahost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
 or service access is disallowed. Using default theme [cas-theme-default]>

Json file:

{
  "@class" :"org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(http)://.*",
  "name" :  "HTTP wildcard",
  "id" :20170905111650,
  "evaluationOrder" :   9
}

Have I missed anything else? Could there be something else in the logs that can 
give a clue (I have been hunting but may be missing it)?

On Monday, May 14, 2018 at 3:47:36 PM UTC-7, Manfredo Hopp wrote:

where are these pointing to:

cas.serviceRegistry.json.location for 5.2.x
or
cas.serviceRegistry.config.location for 5.1.x

2018-05-14 19:41 GMT-03:00 Jann Malenkoff 
>:
FYI --- the following appears in 'catalina.out' when attempting to access 
'http://localhost:8080/cas-management/manage.html,'.

2018-05-14 15:39:09,152 WARN [org.apereo.cas.services.web.ServiceThemeResolver] 
- http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
 or service access is disallowed. Using default theme [cas-theme-default]>


On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote:
Hi Richard:

I have the following in 'cas.properties':

cas.serviceRegistry.initFromJson=true

Is that correct to enable the first read from JSON? I have been staring at the 
screen for so long and begining to doubt myself w.r.t true/false flags.

On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp wrote:
Do you have initialization on from JSON? Not sure if it will use your file or 
just the defaults. Either way, it should get you into the manager. Then you 
configure the manager service, and turn that property off.



# Auto-initialize the registry from default JSON service definitions

# cas.serviceRegistry.initFromJson=false


On 05/14/2018 05:13 PM, Jann Malenkoff wrote:
Hi All:

I'm trying to get the 'http://localhost:8080/cas-management/manage.html' loaded 
up --- but hitting the error message:
'
Application Not Authorized to Use CAS

The services registry of CAS is empty and has no service definitions. 
Applications that wish to authenticate with CAS must explicitly be defined in 
the services registry.'



I am hoping to have a JPA service registry --- and have configured the 
dependencies below in the 'cas-overlay-template' pom.xml.



To enable the access to 'http://localhost:8080/cas-management/manage.html, I 
have added  the JASON entry as below --- but do not see it in the database 
table REGEXREGISTEREDSERVICE (I have cas.serviceRegistry.config.location:
file:/etc/cas/services in 'cas.properties).



What could I have missed (or more likely misunderstood)?



JSON File in /etc/cas/services (copied -- slightly adjusted -- from an earlier 
post):

{
  /*
   * Wildcard service definition that applies to any https or imaps url.
   * Do not use this definition in a production environment.
   */
  "@class" :"org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(http)://.*",
  "name" :  "HTTP wildcard",
  "id" :20180514,
  "evaluationOrder" :   9
}


pom.xml -- for cas-overlay-template



org.apereo.cas
cas-server-webapp${app.server}
${cas.version}
war

Re: [cas-user] CAS Logout Issue

[Ramakrishna G]

 On Clicking logout which calls the cas/logout link :

WHO: casuser
WHAT:
TGT-1-*CPmWzMzi-I-client
ACTION: TICKET_GRANTING_TICKET_DESTROYED
APPLICATION: CAS
WHEN: Tue May 15 15:45:17 IST 2018
CLIENT IP ADDRESS: 192.168.111.12
SERVER IP ADDRESS: 192.168.111.12
=



But i can see that in the browser , the TGC cookie still resides , which
forces me to delete the cookies or close the browser for a fresh login. Is
there any way to avoid this?

On Sat, May 12, 2018 at 1:45 PM, Ramakrishna G  wrote:

> Yes it is redirected to logout page, yet cookies is not removed. When I
> refresh it redirects to application with valid ticket instead of
> redirecting to login page.
>
>
> On Fri, May 11, 2018 at 8:39 PM, Ray Bon  wrote:
>
>> Ramakrishna,
>>
>> If the browser is redirected to /cas/logout, the cookies will/should be
>> removed.
>>
>> Ray
>>
>> On Fri, 2018-05-11 at 19:30 +0530, Ramakrishna G wrote:
>>
>> Hello Team,
>>
>> On logout CAS cookies are not removed from browser. I need to forcefully
>> clear. What might be the reason?
>>
>> Thanks
>> Ramakrishna G
>>
>> --
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | r...@uvic.ca
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/1526051367.1797.41.camel%40uvic.ca
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_Vre5%2BX87sWDfGdH7KZ5JGZtjEZA6agpjj-Z%3DmZFy4mw%40mail.gmail.com.