Re: [cas-user] CAS5.3.x: Error getting flow information for URL

2018-05-17 Thread Jay 
Hi Ray,


Yes, it does not allow the user to be validated and login successfully. It 
redirects back to login page only.

Any suggestion to look into specifically.

We see this issue when we hit the load balance url but not when we directly 
access the server url.

Thanks,
Jay

On Thursday, May 17, 2018 at 11:46:17 AM UTC-5, rbon wrote:
>
> Jay,
>
> I seem to recall a message like this was produced because of a 'feature' 
> to clear out the flow if it sat for too long. It would show up periodically 
> and had no bearing on how long the user took to log in.
> Does it cause a problem?
>
> Ray
>
> On Thu, 2018-05-17 at 01:16 -0700, Jay wrote:
>
> Hello everyone, 
>
> We have CAS application running in Tomcat in two different instances and 
> load balanced by a F5 url.
> Any application is configured with the F5 url for login authentication and 
> authorization.
>
> We have customized the url to *https:///las/v3/login* (Naming 
> the war file as *las#v3.war* sets the context path here)
>
> When I use individual server instance login/logout works absolutely fine. 
> (i.e. *:/las/v3/login* )
>
> We see below error after we give the user credential and clink on login 
> button.
>
> 2018-05-17 01:49:36,786 DEBUG 
> [org.apereo.cas.web.FlowExecutionExceptionResolver] - <*Error getting 
> flow information for URL* 
> [/las/v3/login?service=http%3A%2F%2Flocalhost%3A3001%2Flogin%3Fdestination%3D%252Fconfiguration%252Faccounts%252F34864%252FproductLines%252FPrismPostPD%252Ftemplates%252F311]>
>  
> [m
> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException: 
> Error decoding flow execution
> at 
> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getFlowExecution(ClientFlowExecutionRepository.java:99)
>  
> ~[spring-webflow-client-repo-1.0.3.jar:1.0.3]
> at 
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168)
>  
> ~[spring-webflow-2.4.7.RELEASE.jar:2.4.7.RELEASE]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_31]
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_31]
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  
> ~[?:1.8.0_31]
> at java.lang.reflect.Method.invoke(Method.java:483) ~[?:1.8.0_31]
> at 
> org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
>  
> ~[spring-core-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
>  
> ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
> at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>  
> ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
>  
> ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at com.sun.proxy.$Proxy165.resumeExecution(Unknown Source) ~[?:?]
> at 
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:253)
>  
> ~[spring-webflow-2.4.7.RELEASE.jar:2.4.7.RELEASE]
> at 
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) 
> ~[servlet-api.jar:?]
> at 
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) 
> ~[servlet-api.jar:?]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
>  
> ~[catalina.jar:8.0.29]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>  
> ~[catalina.jar:8.0.29]
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
> ~[tomcat-websocket.jar:8.0.29]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
>  
> ~[catalina.jar:8.0.29]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>  
> ~[catalina.jar:8.0.29]
> at 
> org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:30)
>  
> ~[cas-server-core-web-api-5.3.0-RC2.jar:5.3.0-RC2]
> at 
>

[cas-user] Re: CAS5.3.x: Error getting flow information for URL

2018-05-17 Thread Jay 
Hi Ray,


https://groups.google.com/a/apereo.org/d/msg/cas-user/FqJW4gS3lCI/y9W-63-nCgAJ

Yes, it does allow use to be validated and login. It redirects back to 
login page only.

Any suggestion to look into.

We see this issue when we hit the load balance url but not when we directly 
access the server url.

Thanks,
Jay

On Thursday, May 17, 2018 at 3:16:12 AM UTC-5, Jay wrote:
>
> Hello everyone,
>
> We have CAS application running in Tomcat in two different instances and 
> load balanced by a F5 url.
> Any application is configured with the F5 url for login authentication and 
> authorization.
>
> We have customized the url to *https:///las/v3/login* (Naming 
> the war file as *las#v3.war* sets the context path here)
>
> When I use individual server instance login/logout works absolutely fine. 
> (i.e. *:/las/v3/login* )
>
> We see below error after we give the user credential and clink on login 
> button.
>
> 2018-05-17 01:49:36,786 DEBUG 
> [org.apereo.cas.web.FlowExecutionExceptionResolver] - <*Error getting 
> flow information for URL* 
> [/las/v3/login?service=http%3A%2F%2Flocalhost%3A3001%2Flogin%3Fdestination%3D%252Fconfiguration%252Faccounts%252F34864%252FproductLines%252FPrismPostPD%252Ftemplates%252F311]>
>  
> [m
> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException: 
> Error decoding flow execution
> at 
> org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getFlowExecution(ClientFlowExecutionRepository.java:99)
>  
> ~[spring-webflow-client-repo-1.0.3.jar:1.0.3]
> at 
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168)
>  
> ~[spring-webflow-2.4.7.RELEASE.jar:2.4.7.RELEASE]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_31]
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_31]
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  
> ~[?:1.8.0_31]
> at java.lang.reflect.Method.invoke(Method.java:483) ~[?:1.8.0_31]
> at 
> org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
>  
> ~[spring-core-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
>  
> ~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
> at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>  
> ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
>  
> ~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at com.sun.proxy.$Proxy165.resumeExecution(Unknown Source) ~[?:?]
> at 
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:253)
>  
> ~[spring-webflow-2.4.7.RELEASE.jar:2.4.7.RELEASE]
> at 
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at 
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) 
> ~[servlet-api.jar:?]
> at 
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
>  
> ~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) 
> ~[servlet-api.jar:?]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
>  
> ~[catalina.jar:8.0.29]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>  
> ~[catalina.jar:8.0.29]
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
> ~[tomcat-websocket.jar:8.0.29]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
>  
> ~[catalina.jar:8.0.29]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>  
> ~[catalina.jar:8.0.29]
> at 
> org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:30)
>  
> ~[cas-server-core-web-api-5.3.0-RC2.jar:5.3.0-RC2]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
>  
> ~[catalina.jar:8.0.29]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>  
> ~[catalina.jar:8.0.29]
> at 
>

Re: [cas-user] CAS Logout Issue

2018-05-17 Thread Ramakrishna G 
Ray,

Let me explain you my architecture. I have a CAS client (mod_auth_cas)
which redirects to NGINX Load Balancer. The nginx forwards to one of the
active CAS Server. Do I need to install certificates on all CAS Server?

User request to Mod_auth_cas via HTTPS but I am doing ssl stripping for
internal communication from Nginx to CAS server. i.e Plain http
comminication is happenning from nginx to cas server.


Can you pls guide me how can I achieve logout for my approach.

On Thu, May 17, 2018 at 9:49 PM, Ray Bon  wrote:

> Ramakrishna,
>
> Add this to the log config:
>
> 
>
> The above may produce a lot of messages.
> It looks to be a problem with CAS contacting your client. It could be a
> certificate issue.
> I guess you created a certificate since it is on a 192 ip. Did you add the
> certificate to the java key store? If CAS and your client are on different
> machines, then the certificate will need to be added to both.
>
> Ray
>
> On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
>
> Hi Ray,
>
> As said by you, I enabled logs and this is the output
>
> 2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager]
> -  **eGcHG1JqHs-client]>
> 2018-05-17 11:50:46,501 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  for service [org.apereo.cas.authentication.principal.
> SimpleWebApplicationServiceImpl@432f5faa[id=https://192.168.
> 111.12:8443/,originalUrl=https://192.168.111.12:8443/,*artifactId=*
> ,principal=casuser,loggedOutAlready=false,format=XML]]...>
> 2018-05-17 11:50:46,503 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=
> https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
> artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
> supports single logout and is found in the registry as
> [id=1001,name=HTTPS and IMAPS,description=This service definition
> authorizes all application urls that support HTTPS and IMAPS
> protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.
> apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d
> ,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,
> attributeReleasePolicy=org.apereo.cas.services.
> ReturnAllowedAttributeReleasePolicy@15646ed9[attributeFilter=,
> principalAttributesRepository=org.apereo.cas.authentication.principal.
> DefaultPrincipalAttributesRepository@7923006f[],
> authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticat
> ionAttributes=true,authorizedToReleaseProxyGrantingTicket=false,
> excludeDefaultAttributes=false,principalIdAttribute=<
> null>,consentPolicy=org.apereo.cas.services.consent.
> DefaultRegisteredServiceConsentPolicy@330ae512[excludedAttributes=,
> includeOnlyAttributes=,enabled=true],allowedAttributes=[]],
> accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccess
> Strategy@5bc47191[enabled=true,ssoEnabled=true,requireAllAttributes=true,
> requiredAttributes={},unauthorizedRedirectUrl=
> ,caseInsensitive=false,rejectedAttributes={}],
> publicKey=,proxyPolicy=org.apereo.cas.services.
> RefuseRegisteredServiceProxyPolicy@2cd156ce,logo=,logoutUrl=,
> requiredHandlers=[],properties={},multifactorPolicy=org.apereo.
> cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8[
> multifactorAuthenticationProviders=[],failureMode=NOT_SET,
> principalAttributeNameTrigger=,principalAttributeValueToMatch
> =,bypassEnabled=false],informationUrl=,
> privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.
> DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,
> notifyWhenDeleted=false,expirationDate=],]. Proceeding...>
> 2018-05-17 11:50:46,514 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  https://192.168.111.12:8443/] for service [org.apereo.cas.
> authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=
> https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
> artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]>
> 2018-05-17 11:50:46,515 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImp
> l@432f5faa[id=https://192.168.111.12:8443/,originalUrl=
> https://192.168.111.12:8443/,artifactId=,principal=
> casuser,loggedOutAlready=false,format=XML]] and ticket id [ST-3-Ca79ror-
> smWCKyQzaBNn0ZYt6l0-client]>
> 2018-05-17 11:50:46,517 DEBUG [org.apereo.cas.logout.
> DefaultSingleLogoutServiceMessageHandler] -  [org.apereo.cas.logout.DefaultLogoutRequest@61e23890[
> ticketId=ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,service=org.apereo.cas.
> authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=
> https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
> artifactId=,principal=casuser,loggedOutAlready=
>

Re: [cas-user] Re: SPNEGO Client Selection Strategy

2018-05-17 Thread Charles Le Gallic 
Hi Christian,

Which version of CAS do you use ?

It seems to be a version below CAS 5.0.x (org.jasig packages and XML spring
configurations). SPNEGO client selection strategy was working on 4.x
version, but I cannot make it work after having upgrade to CAS 5.1.x

Regards,

Charles


12, impasse du Malrigou, 31140 Montberon
cont...@amoae.com | 06 24 73 04 98 | *amoae.com* 


Le jeu. 17 mai 2018 à 15:25, Christian Poirier  a
écrit :

> Hi Nicolas,
>
> In our organization, we need to let the user choose between the default
> login and SPNEGO upon a list of criteria and sometimes we need to go
> directly to the SPNEGO authentication upon other criteria. For this
> feature, I extended the SPNEGO module. I show a button with the label
> "LOGIN WITH MY WINDOWS ACCOUNT" when the IP address matches a regular
> expression. When the service matches a regular expression and the IP
> address also matches its regular expression, I force SPNEGO authentication
> without giving the user the chance to authenticate otherwise. If none of
> the previous conditions are present, then the user must authenticate
> normally with his user ID and password.
> If you look the following webflow, you will find this logic inside.
>
>  "org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
>
> 
>
> 
>
>
>
> 
>
>
> 
>
>"hasServiceCheck" else="gatewayRequestCheck" />
>
> 
>
>
> 
>
>"gatewayServicesManagementCheck" else="startAuthenticateCheck" />
>
> 
>
>
> 
>
>"viewGenericLoginSuccess" />
>
> 
>
>
> 
>
>  "startAuthenticateCheck" else="generateServiceTicket" />
>
> 
>
>
> 
>
> 
>
>"redirect" />
>
> 
>
>
> 
>
> 
>
>"generateLoginTicket" else="spnegoForceCheckAction" />
>
> 
>
>
> 
>
> then="spnegoIPCheckAction2" else="spnegoAppCheckAction" />
>
> 
>
>
> 
>
>
>
>
>
>   
>
> 
>
>
> 
>
> 
>
> 
>
> 
>
>
>   
>
>   
>
> 
>
>
> 
>
>
>
> 
>
>  
>
> 
>
>
> 
>
>   
>
>   
>
> 
>
>
> 
>
>  
>
>
>
>   
>
> 
>
>
> 
>
>  "generateLoginTicketAction.generate(flowRequestContext)" />
>
>
>
> 
>
>
> Here are my new spnego.properties
> # cas.authn.spnego.spnegoMode=direct: indicates to go directly to the
> SPNEGO by changing the succes transition of initialLoginForm action-state
> to startSpnegoAuthenticate
> # cas.authn.spnego.spnegoMode=evaluateClient: indicates to evaluate the
> client based on the client action strategy defined in 
> evaluateClientActionStrategy.
>
> # It changes the
> success transition of initialLoginForm action-state to evaluateClientRequest
> cas.authn.spnego.spnegoMode=evaluateClient|direct
> # The following property is deprecated
>
> #cas.authn.spnego.hostNameClientActionStrategy=serviceNameSpnegoClientAction
> # cas.authn.spnego.evaluateClientActionStrategy=hostnameSpnegoClientAction
> where CAS checks to see if the request?s remote hostname matches a
> predefine pattern
> # cas.authn.spnego.evaluateClientActionStrategy=ldapSpnegoClientAction
> where CAS checks an LDAP instance for the remote hostname,
> #
>  to locate a pre-defined attribute whose mere existence would allow the
> webflow to resume to SPNEGO
> # cas.authn.spnego.evaluateClientActionStrategy=serviceNameSpnegoClientAction
> where CAS checks if the service corresponds to a regularExpression
> #defined in
> serviceNamePatternString and the ip corresponds to ipsToCheckPattern
> implemented
> #in baseSpnegoClientAction
> cas.authn.spnego.evaluateClientActionStrategy=
> serviceNameSpnegoClientAction
> cas.authn.spnego.ipsToCheckPattern=((127\.0)|(122.110))(\.[0-9]{1,3}){2}
>
> cas.authn.spnego.serviceNamePatternString=(app1\.domain\.ca)|(app2\.domain\.ca)
>
>
> It works well for me. If you want it, I could send you the code.
>
> Le jeudi 17 mai 2018 01:47:54 UTC-4, Nicholas Wylie a écrit :
>>
>> Hi CAS Community,
>>
>> I've successfully configured CAS 5.2 with LDAP/SPNEGO authentication
>> against our Active Directory.
>>
>> What we have noticed though is that non-domain joined computers see a
>> pop-up prompt for credentials when they visit the CAS login page. From my
>> reading, I believe we can fix this by configuring the LDAP Client Selection
>> Strategy for SPNEGO, but the documentation for which properties need to be
>> configured seems to be a bit scarce.
>>
>> Can someone offer any guidance (or a link to some documentation) as to
>> which properties I need to configure to use the LDAP Client Selection
>> Strategy?
>>
>> Thanks,
>> Nicholas
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CAS Community" group.

Re: [cas-user] Logout using delegated authentication to another CAS server

2018-05-17 Thread Diego Henrique Pagani 
Aaah, and I also have to configure a service on CAS5, allowing CAS3 to
redirect.

Em qui, 17 de mai de 2018 às 17:20, Diego Henrique Pagani <
dhpag...@gmail.com> escreveu:

> But I need to change the url of the logout on oauth2app. Is there someway
> to do it on cas5 configuration ?
>
> Em qui, 17 de mai de 2018 às 15:59, Misagh Moayyed 
> escreveu:
>
>>
>> How can I configure CAS5, when the user is logging out, to tell CAS3 to
>> end its session or redirects to CAS 3 to logout, and get back to the login
>> screen?
>>
>>
>>
>> https://cas5/cas/logout?service=https://cas3/cas/logout?service=wherever-you-need-to-go
>>
>> with the proper encoding of the parameters.
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/20377.835674.1526583545685.JavaMail.zimbra%40unicon.net
>> 
>> .
>>
> --
> Diego Henrique Pagani
>
-- 
Diego Henrique Pagani

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALwCSERz-AbY3AZ5vPER%3Dz4sEVYjVqutc5kUduH%2BwbQUCJJ8%2BQ%40mail.gmail.com.

Re: [cas-user] Logout using delegated authentication to another CAS server

2018-05-17 Thread Diego Henrique Pagani 
But I need to change the url of the logout on oauth2app. Is there someway
to do it on cas5 configuration ?

Em qui, 17 de mai de 2018 às 15:59, Misagh Moayyed 
escreveu:

>
> How can I configure CAS5, when the user is logging out, to tell CAS3 to
> end its session or redirects to CAS 3 to logout, and get back to the login
> screen?
>
>
>
> https://cas5/cas/logout?service=https://cas3/cas/logout?service=wherever-you-need-to-go
>
> with the proper encoding of the parameters.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/20377.835674.1526583545685.JavaMail.zimbra%40unicon.net
> 
> .
>
-- 
Diego Henrique Pagani

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALwCSERCLZTzGEQa_1cDHqgJM0sMYZnPQgt8gvwvTEc8EHwV8w%40mail.gmail.com.

Re: [cas-user] Re: cas-management question

2018-05-17 Thread Ray Bon 
Jen,

I think you mean a cas-management error and not 'CAS error'.
Are CAS and cas-management running on the same tomcat?
Logging config for cas-management is in log4j2-management.xml which also 
introduces cas-management.log.

Ray

On Thu, 2018-05-17 at 12:55 -0700, Jennifer LaVoie wrote:

nothing helpful in cas.log or catalina.out that I can see

it seems to be CAS error because the leaf is on the tab and above the error 
that I posted it says

Cas Service Management

Jen

On Thursday, May 17, 2018 at 3:44:27 PM UTC-4, David Curry wrote:
Haven't seen that one, that I can recall.

Is that a CAS error (shows in a CAS-branded web page) or a Tomcat error?

Do the logs (cas.log and/or catalina.out) say anything helpful?




--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[The New School]

On Thu, May 17, 2018 at 3:40 PM, Jennifer LaVoie 
 wrote:
I updated the management.properties file with some ports specifically defined.  
And that is now working as expected...

However, I get this

The CAS management webapp is unavailable.

There was an error trying to complete your request. Please notify your support 
desk or try again.




On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
So I have followed all the steps here

https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html

(awesome site)

And when I try to go to

https://cashost:8443/cas-management

I am redirected to here

https://casserver.herokuapp.com/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

I have already logged into my cas.

What config file have I forgotten to change?

Jen


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+u...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e370795e%40apereo.org.




--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526588156.1817.81.camel%40uvic.ca.

Re: [cas-user] Re: cas-management question

2018-05-17 Thread David Curry 
Sorry, not cas.log cas-management.log.

If still nothing, try setting   cas.log.level   to debug in
log4j2-management.xml.




--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, May 17, 2018 at 3:23 PM, Jennifer LaVoie 
wrote:

> Here is my management.properties file
>
> # CAS server that management app will authenticate with
> # This server will authenticate for any app (service) and you can login as
> casuser/Mellon
>
> server.name: https://cashost
> cas.server.prefix: ${cas.server.name}/cas
>
> cas.mgmt.adminRoles[0]=ROLE_ADMIN
> cas.mgmt.userPropertiesFile=file:/etc/cas/config/admusers.properties
>
>
> # Update this URL to point at server running this management app
> cas.mgmt.serverName=${cas.server.name}:8443
>
> #server.context-path=/cas-management
> #server.port=8443
>
> cas.serviceRegistry.json.location: file:/etc/cas/services
>
> logging.config=file:/etc/cas/config/log4j2-management.xml
>
>
> On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
>>
>> So I have followed all the steps here
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_
>> svcmgmt_configure-webapp-properties.html
>>
>> (awesome site)
>>
>> And when I try to go to
>>
>> https://cashost:8443/cas-management
>>
>> I am redirected to here
>>
>> https://casserver.herokuapp.com/cas/login?service=https%3A%
>> 2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>>
>> I have already logged into my cas.
>>
>> What config file have I forgotten to change?
>>
>> Jen
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/00b98d20-6f6d-4af3-8b74-
> cef6a55fcaef%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMNMTd0GyFTydBj8yw%2BKgMvK-M-NdYTy7j2Xe4niSzy_w%40mail.gmail.com.

Re: [cas-user] Re: cas-management question

2018-05-17 Thread Jennifer LaVoie 

nothing helpful in cas.log or catalina.out that I can see

it seems to be CAS error because the leaf is on the tab and above the error 
that I posted it says

Cas Service Management

Jen

On Thursday, May 17, 2018 at 3:44:27 PM UTC-4, David Curry wrote:
>
> Haven't seen that one, that I can recall.
>
> Is that a CAS error (shows in a CAS-branded web page) or a Tomcat error?
>
> Do the logs (cas.log and/or catalina.out) say anything helpful?
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
> On Thu, May 17, 2018 at 3:40 PM, Jennifer LaVoie  > wrote:
>
>> I updated the management.properties file with some ports specifically 
>> defined.  And that is now working as expected...
>>
>> However, I get this
>>
>> The CAS management webapp is unavailable.
>>
>> There was an error trying to complete your request. Please notify your 
>> support desk or try again.
>>
>>
>>
>>
>>
>> On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
>>>
>>> So I have followed all the steps here
>>>
>>>
>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html
>>>
>>> (awesome site)
>>>
>>> And when I try to go to 
>>>
>>> https://cashost:8443/cas-management
>>>
>>> I am redirected to here
>>>
>>>
>>> https://casserver.herokuapp.com/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>>>
>>> I have already logged into my cas.
>>>
>>> What config file have I forgotten to change?
>>>
>>> Jen
>>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e370795e%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/72a4a823-1223-4685-bd63-8d1a587e12cf%40apereo.org.

Re: [cas-user] Re: cas-management question

2018-05-17 Thread David Curry 
Haven't seen that one, that I can recall.

Is that a CAS error (shows in a CAS-branded web page) or a Tomcat error?

Do the logs (cas.log and/or catalina.out) say anything helpful?



--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, May 17, 2018 at 3:40 PM, Jennifer LaVoie 
wrote:

> I updated the management.properties file with some ports specifically
> defined.  And that is now working as expected...
>
> However, I get this
>
> The CAS management webapp is unavailable.
>
> There was an error trying to complete your request. Please notify your
> support desk or try again.
>
>
>
>
>
> On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
>>
>> So I have followed all the steps here
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_
>> svcmgmt_configure-webapp-properties.html
>>
>> (awesome site)
>>
>> And when I try to go to
>>
>> https://cashost:8443/cas-management
>>
>> I am redirected to here
>>
>> https://casserver.herokuapp.com/cas/login?service=https%3A%
>> 2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>>
>> I have already logged into my cas.
>>
>> What config file have I forgotten to change?
>>
>> Jen
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-
> 1db0e370795e%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANk_3FiWjgUPHTf6dP3CbNtbCoN2dBsWOmT3hDTjG0_xw%40mail.gmail.com.

[cas-user] Re: cas-management question

2018-05-17 Thread Jennifer LaVoie 
I updated the management.properties file with some ports specifically 
defined.  And that is now working as expected...

However, I get this

The CAS management webapp is unavailable.

There was an error trying to complete your request. Please notify your 
support desk or try again.





On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
>
> So I have followed all the steps here
>
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html
>
> (awesome site)
>
> And when I try to go to 
>
> https://cashost:8443/cas-management
>
> I am redirected to here
>
>
> https://casserver.herokuapp.com/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>
> I have already logged into my cas.
>
> What config file have I forgotten to change?
>
> Jen
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e370795e%40apereo.org.

Re: [cas-user] cas-management question

2018-05-17 Thread David Curry 
Not sure if you copy-n-pasted this:

https://cashost/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

or typed it by hand, but I see both "cashost" and "cashost:8443". Normally
they'd both be the same (since Tomcat is usually only listening on the one
port).

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, May 17, 2018 at 3:32 PM, Jennifer LaVoie 
wrote:

> Thanks Matt and Dave
>
> Ok, so once I fixed my stupid typo, I get the correct url
>
> https://cashost/cas/login?service=https%3A%2F%2Fcashost%
> 3A8443%2Fcas-management%2Fmanage.html
>
> But i also get ERR_Connection_refused.
>
> not sure why
>
>
>
> On Thu, May 17, 2018 at 3:31 PM, Matthew Uribe 
> wrote:
>
>> Sorry, after sending this response, my email refreshed and I saw the
>> other helpful posts. Disregard.
>>
>>
>> On Thursday, May 17, 2018 at 1:28:06 PM UTC-6, Matthew Uribe wrote:
>>>
>>> What's the cas.server.name in your management.properties?
>>>
>>> [image: Aims Community College Top Work Places 2018 - The Denver Post]
>>> Matt Uribe
>>> Programmer Analyst II
>>> Information Technology
>>> Aims Community College
>>> 970.339.6375
>>> matthew.ur...@aims.edu 
>>> 5401 W. 20th Street
>>> 
>>> Greeley, CO, 80634
>>> 
>>> www.aims.edu
>>> 
>>>
>>>
>>> *IT staff will never ask you for your username and password. *
>>>
>>>
>>> *Always decline to provide the information and report such attempts to the 
>>> Help Desk (x6380).*
>>>
>>>
>>> On Thu, May 17, 2018 at 1:18 PM, Jennifer LaVoie 
>>> wrote:
>>>
 So I have followed all the steps here

 https://dacurry-tns.github.io/deploying-apereo-cas/building_
 svcmgmt_configure-webapp-properties.html

 (awesome site)

 And when I try to go to

 https://cashost:8443/cas-management

 I am redirected to here

 https://casserver.herokuapp.com/cas/login?service=https%3A%2
 F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

 I have already logged into my cas.

 What config file have I forgotten to change?

 Jen

 --
 - Website: https://apereo.github.io/cas
 
 - Gitter Chatroom: https://gitter.im/apereo/cas
 
 - List Guidelines: https://goo.gl/1VRrw7
 
 - Contributions: https://goo.gl/mh7qDG
 
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+unsubscr...@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/ap
 ereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-e57c7ab785
 c9%40apereo.org
 
 .

>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>>

Re: [cas-user] cas-management question

2018-05-17 Thread Jennifer LaVoie 
Thanks Matt and Dave

Ok, so once I fixed my stupid typo, I get the correct url

https://cashost/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

But i also get ERR_Connection_refused.

not sure why



On Thu, May 17, 2018 at 3:31 PM, Matthew Uribe 
wrote:

> Sorry, after sending this response, my email refreshed and I saw the other
> helpful posts. Disregard.
>
>
> On Thursday, May 17, 2018 at 1:28:06 PM UTC-6, Matthew Uribe wrote:
>>
>> What's the cas.server.name in your management.properties?
>>
>> [image: Aims Community College Top Work Places 2018 - The Denver Post]
>> Matt Uribe
>> Programmer Analyst II
>> Information Technology
>> Aims Community College
>> 970.339.6375
>> matthew.ur...@aims.edu 
>> 5401 W. 20th Street
>> 
>> Greeley, CO, 80634
>> 
>> www.aims.edu
>> 
>>
>>
>> *IT staff will never ask you for your username and password. *
>>
>>
>> *Always decline to provide the information and report such attempts to the 
>> Help Desk (x6380).*
>>
>>
>> On Thu, May 17, 2018 at 1:18 PM, Jennifer LaVoie 
>> wrote:
>>
>>> So I have followed all the steps here
>>>
>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_
>>> svcmgmt_configure-webapp-properties.html
>>>
>>> (awesome site)
>>>
>>> And when I try to go to
>>>
>>> https://cashost:8443/cas-management
>>>
>>> I am redirected to here
>>>
>>> https://casserver.herokuapp.com/cas/login?service=https%3A%
>>> 2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>>>
>>> I have already logged into my cas.
>>>
>>> What config file have I forgotten to change?
>>>
>>> Jen
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> 
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> 
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> 
>>> - Contributions: https://goo.gl/mh7qDG
>>> 
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-e57c7ab785
>>> c9%40apereo.org
>>> 
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/bda0d3a1-19ae-40b4-881a-
> 92bd471fa2b5%40apereo.org
> 
> .
>



-- 
"Confusion is a word we have invented for an order which is not
understood."  ~Henry Miller

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view

Re: [cas-user] cas-management question

2018-05-17 Thread Matthew Uribe 
Sorry, after sending this response, my email refreshed and I saw the other 
helpful posts. Disregard. 

On Thursday, May 17, 2018 at 1:28:06 PM UTC-6, Matthew Uribe wrote:
>
> What's the cas.server.name in your management.properties?
>
> [image: Aims Community College Top Work Places 2018 - The Denver Post] 
> Matt Uribe
> Programmer Analyst II
> Information Technology
> Aims Community College
> 970.339.6375
> matthew.ur...@aims.edu 
> 5401 W. 20th Street 
> 
> Greeley, CO, 80634 
> 
> www.aims.edu
> 
>
>
> *IT staff will never ask you for your username and password. *
>
>
> *Always decline to provide the information and report such attempts to the 
> Help Desk (x6380).*
>
>
> On Thu, May 17, 2018 at 1:18 PM, Jennifer LaVoie  
> wrote:
>
>> So I have followed all the steps here
>>
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html
>>
>> (awesome site)
>>
>> And when I try to go to 
>>
>> https://cashost:8443/cas-management
>>
>> I am redirected to here
>>
>>
>> https://casserver.herokuapp.com/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>>
>> I have already logged into my cas.
>>
>> What config file have I forgotten to change?
>>
>> Jen
>>
>> -- 
>> - Website: https://apereo.github.io/cas 
>> 
>> - Gitter Chatroom: https://gitter.im/apereo/cas 
>> 
>> - List Guidelines: https://goo.gl/1VRrw7 
>> 
>> - Contributions: https://goo.gl/mh7qDG 
>> 
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-e57c7ab785c9%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bda0d3a1-19ae-40b4-881a-92bd471fa2b5%40apereo.org.

Re: [cas-user] cas-management question

2018-05-17 Thread Matthew Uribe 
What's the cas.server.name in your management.properties?

[image: Aims Community College Top Work Places 2018 - The Denver Post]
Matt Uribe
Programmer Analyst II
Information Technology
Aims Community College
970.339.6375
matthew.ur...@aims.edu 
5401 W. 20th Street

Greeley, CO, 80634

www.aims.edu



*IT staff will never ask you for your username and password. *


*Always decline to provide the information and report such attempts to
the Help Desk (x6380).*


On Thu, May 17, 2018 at 1:18 PM, Jennifer LaVoie 
wrote:

> So I have followed all the steps here
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_
> svcmgmt_configure-webapp-properties.html
>
> (awesome site)
>
> And when I try to go to
>
> https://cashost:8443/cas-management
>
> I am redirected to here
>
> https://casserver.herokuapp.com/cas/login?service=https%
> 3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>
> I have already logged into my cas.
>
> What config file have I forgotten to change?
>
> Jen
>
> --
> - Website: https://apereo.github.io/cas
> 
> - Gitter Chatroom: https://gitter.im/apereo/cas
> 
> - List Guidelines: https://goo.gl/1VRrw7
> 
> - Contributions: https://goo.gl/mh7qDG
> 
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-
> e57c7ab785c9%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bdxy9eF5NDnsSJHrTWgmcO9APoNPx--4SsNih6myVRUwFdxmA%40mail.gmail.com.

Re: [cas-user] Re: cas-management question

2018-05-17 Thread David Curry 
You have "server.name" instead of "cas.server.name" (oops)




--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, May 17, 2018 at 3:23 PM, Jennifer LaVoie 
wrote:

> Here is my management.properties file
>
> # CAS server that management app will authenticate with
> # This server will authenticate for any app (service) and you can login as
> casuser/Mellon
>
> server.name: https://cashost
> cas.server.prefix: ${cas.server.name}/cas
>
> cas.mgmt.adminRoles[0]=ROLE_ADMIN
> cas.mgmt.userPropertiesFile=file:/etc/cas/config/admusers.properties
>
>
> # Update this URL to point at server running this management app
> cas.mgmt.serverName=${cas.server.name}:8443
>
> #server.context-path=/cas-management
> #server.port=8443
>
> cas.serviceRegistry.json.location: file:/etc/cas/services
>
> logging.config=file:/etc/cas/config/log4j2-management.xml
>
>
> On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
>>
>> So I have followed all the steps here
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_
>> svcmgmt_configure-webapp-properties.html
>>
>> (awesome site)
>>
>> And when I try to go to
>>
>> https://cashost:8443/cas-management
>>
>> I am redirected to here
>>
>> https://casserver.herokuapp.com/cas/login?service=https%3A%
>> 2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>>
>> I have already logged into my cas.
>>
>> What config file have I forgotten to change?
>>
>> Jen
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/00b98d20-6f6d-4af3-8b74-
> cef6a55fcaef%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANgQUGB41MpLrk_%3DjOpTdh%3DkC0MTMvidJoFm-s1FR%2B%3D7Q%40mail.gmail.com.

Re: [cas-user] cas-management question

2018-05-17 Thread David Curry 
etc/cas/config/management.properties

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, May 17, 2018 at 3:18 PM, Jennifer LaVoie 
wrote:

> So I have followed all the steps here
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_
> svcmgmt_configure-webapp-properties.html
>
> (awesome site)
>
> And when I try to go to
>
> https://cashost:8443/cas-management
>
> I am redirected to here
>
> https://casserver.herokuapp.com/cas/login?service=https%
> 3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>
> I have already logged into my cas.
>
> What config file have I forgotten to change?
>
> Jen
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-
> e57c7ab785c9%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMPY_5nr3UQtKbMd6Qy-%2BzdiGyJMKOoAg7DR4Xc2-m8%2Bg%40mail.gmail.com.

[cas-user] Re: cas-management question

2018-05-17 Thread Jennifer LaVoie 
Here is my management.properties file

# CAS server that management app will authenticate with
# This server will authenticate for any app (service) and you can login as 
casuser/Mellon 

server.name: https://cashost
cas.server.prefix: ${cas.server.name}/cas

cas.mgmt.adminRoles[0]=ROLE_ADMIN
cas.mgmt.userPropertiesFile=file:/etc/cas/config/admusers.properties


# Update this URL to point at server running this management app
cas.mgmt.serverName=${cas.server.name}:8443

#server.context-path=/cas-management
#server.port=8443

cas.serviceRegistry.json.location: file:/etc/cas/services

logging.config=file:/etc/cas/config/log4j2-management.xml


On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
>
> So I have followed all the steps here
>
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html
>
> (awesome site)
>
> And when I try to go to 
>
> https://cashost:8443/cas-management
>
> I am redirected to here
>
>
> https://casserver.herokuapp.com/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>
> I have already logged into my cas.
>
> What config file have I forgotten to change?
>
> Jen
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b98d20-6f6d-4af3-8b74-cef6a55fcaef%40apereo.org.

[cas-user] cas-management question

2018-05-17 Thread Jennifer LaVoie 
So I have followed all the steps here

https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html

(awesome site)

And when I try to go to 

https://cashost:8443/cas-management

I am redirected to here

https://casserver.herokuapp.com/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

I have already logged into my cas.

What config file have I forgotten to change?

Jen

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-e57c7ab785c9%40apereo.org.

Re: [cas-user] Logout using delegated authentication to another CAS server

2018-05-17 Thread Misagh Moayyed 
> How can I configure CAS5, when the user is logging out, to tell CAS3 to end 
> its
> session or redirects to CAS 3 to logout, and get back to the login screen?

https://cas5/cas/logout?service=https://cas3/cas/logout?service=wherever-you-need-to-go
 

with the proper encoding of the parameters. 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20377.835674.1526583545685.JavaMail.zimbra%40unicon.net.

[cas-user] Logout using delegated authentication to another CAS server

2018-05-17 Thread Diego Henrique Pagani 
Hi guys, 

I have the structure:  [Oauth2 application] -> [cas5] -> [cas3]. 
The CAS5 server is configured to delegate authentication, using CAS30 
protocol (pac4j) to cas3 and it's working fine. The problem that I'm trying 
to solve is when the user asks for logout.  I need that the user ends its 
session com Oauth2Application, CAS5 and CAS3.

The following steps shows the problem:
1 - User is logged in Oauth2 application,CAS5 and CAS3.
2 - User logout the oauth2app
3 - Oauth2app redirects the user to CAS5 logout
4 - CAS5 logouts the user and redirects to oauth2app(following service URL)
5 - Oauth2 app(the user is not logged anymore) redirects to CAS5 to login 
again
6 - CAS5 redirects the user to CAS3
7 - CAS3 still has a valid SSO session to user, that is, redirect to CAS5 
authenticated
8 - CAS5 creates the tickets and redirects to oauth2applicaton
9 - User is logged in


For the user, he/she is asking for logout, wait some time, and it's logged 
again and that is a problem.

How can I configure CAS5, when the user is logging out, to tell CAS3 to end 
its session or redirects to CAS 3 to logout, and get back to the login 
screen?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/928bfca0-eabb-4c5f-90bc-54548542fe6b%40apereo.org.

Re: [cas-user] Application Not Authorized to Use CAS

2018-05-17 Thread Jann Malenkoff 
FYI --- this post is old and resolved via great assistance from David (fThe
New School).

The filters are holding back emails sent to the list.

On Mon, May 14, 2018 at 10:43 AM, Jann Malenkoff 
wrote:

> Hello:
>
> I have been tacking with the JSON enabling of 'http://localhost:8080/cas-
> management' over the weekend.
>
> Wondering if I can change approach and tackle this by entering SQL to the
> DB tables (screenshot attached).
>
> Would there be a resource with instruction on which tables to update?
> Google has not been my best friend today.
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/092d3dc9-f4f2-4b43-b928-
> 75bc4e5e61a4%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGeq_2WwU7mCJD3-uDeseE50AX8vd-KRhtCDqyRZoO8CCDsQkA%40mail.gmail.com.

Re: [cas-user] Re: Size of maven cas-overlay-template

2018-05-17 Thread Ray Bon 
Sam,

There is an install requirements section in the docs, 
https://apereo.github.io/cas/5.2.x/planning/Installation-Requirements.html

Ray

On Thu, 2018-05-17 at 08:46 -0800, Sam Erie wrote:
Thank you sir. That is how it seemed, just wanted to make sure I have done 
everything possible before requesting more space on the server.

On Wed, May 16, 2018 at 10:40 PM, Andy Ng 
> wrote:
Hi Sam,

Since the default CAS 5 server already included so many components, the large 
size is to be expected I think,
and I also tried but failed to find any way to shrink down the size of CAS 5.

However, my previous blockage is actually I hit tomcat default max-file-size, 
and actually I can do this and be fine: 
"https://maxrohde.com/2011/04/27/large-war-file-cannot-be-deployed-in-tomcat-7/;.
 If it is also your case then this might help you.

But if for other reason, then I probably can't help you...

Cheers!
- Andy


On Thursday, 17 May 2018 09:01:14 UTC+8, Sam Erie wrote:
I am putting together CAS version 5.2.4.x, and I would like to run it as an 
executable war, however the size of the built project is still too big for the 
server I am developing it for. I have taken out as many of the obviously 
unneeded dependancies from pom.xml as I can, but I can not seem to get build 
any smaller than 309 MB.

Is there any documentation on minimal builds? Or does that seem like a minimal 
size? Any information on how I could go about pairing down the final build size 
and still be able to run as executable war would be appreciated.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/48f50e28-168e-4a12-ae4a-0b42d25b6527%40apereo.org.



--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526575969.1817.74.camel%40uvic.ca.

Re: [cas-user] Re: Size of maven cas-overlay-template

2018-05-17 Thread Sam Erie 
Thank you sir. That is how it seemed, just wanted to make sure I have done
everything possible before requesting more space on the server.

On Wed, May 16, 2018 at 10:40 PM, Andy Ng  wrote:

> Hi Sam,
>
> Since the default CAS 5 server already included so many components, the
> large size is to be expected I think,
> and I also tried but failed to find any way to shrink down the size of CAS
> 5.
>
> However, my previous blockage is actually *I hit tomcat default
> max-file-size*, and actually I can do this and be fine: "
> https://maxrohde.com/2011/04/27/large-war-file-cannot-be-
> deployed-in-tomcat-7/". If it is also your case then this might help you.
>
> But if for other reason, then I probably can't help you...
>
> Cheers!
> - Andy
>
>
> On Thursday, 17 May 2018 09:01:14 UTC+8, Sam Erie wrote:
>>
>> I am putting together CAS version 5.2.4.x, and I would like to run it as
>> an executable war, however the size of the built project is still too big
>> for the server I am developing it for. I have taken out as many of the
>> obviously unneeded dependancies from pom.xml as I can, but I can not seem
>> to get build any smaller than 309 MB.
>>
>> Is there any documentation on minimal builds? Or does that seem like a
>> minimal size? Any information on how I could go about pairing down the
>> final build size and still be able to run as executable war would be
>> appreciated.
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/48f50e28-168e-4a12-ae4a-
> 0b42d25b6527%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLFEiqVnMTBrKMuqqjE_J%2BbyEtwjRkRxxDCOksoF7F84A%40mail.gmail.com.

Re: [cas-user] CAS Logout Issue

2018-05-17 Thread Ray Bon 
Ramakrishna,

Add this to the log config:



The above may produce a lot of messages.
It looks to be a problem with CAS contacting your client. It could be a 
certificate issue.
I guess you created a certificate since it is on a 192 ip. Did you add the 
certificate to the java key store? If CAS and your client are on different 
machines, then the certificate will need to be added to both.

Ray

On Thu, 2018-05-17 at 12:01 +0530, Ramakrishna G wrote:
Hi Ray,

As said by you, I enabled logs and this is the output

2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] - 

2018-05-17 11:50:46,501 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]...>
2018-05-17 11:50:46,503 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 supports single logout and is found in the registry as [id=1001,name=HTTPS 
and IMAPS,description=This service definition authorizes all application urls 
that support HTTPS and IMAPS 
protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@15646ed9[attributeFilter=,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7923006f[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@330ae512[excludedAttributes=,includeOnlyAttributes=,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@5bc47191[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2cd156ce,logo=,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=],].
 Proceeding...>
2018-05-17 11:50:46,514 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/] for service 
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]>
2018-05-17 11:50:46,515 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,517 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]
 created for 
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa[id=https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,518 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
 is [BACK_CHANNEL]>
2018-05-17 11:50:46,519 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]>
2018-05-17 11:50:46,522 DEBUG 
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,522 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/] to 
[https://192.168.111.12:8443/]>
2018-05-17 11:50:46,547 DEBUG 
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -

[cas-user] Re: CAS 5.2.3 IpAddress blocking& Password expiry messages & Service Maintenance notifications

2018-05-17 Thread Mr Rao 
Hi, 
Any one has ideas on this?

Rao


On Wednesday, May 16, 2018 at 10:12:13 PM UTC-7, Mr Rao wrote:
>
> Hi,
> I've been migrating from CAS 3.2.5 to CAS 5.2.3. We have below 
> requirements in current code and need help on how to implement these in new 
> version of CAS.
>
> 1) IP address blocking per user basis , error message should be added 
> dynamically instead of using messages.properties.
>
> 2) After successful login before redirecting user to Service we want to 
> display Application Maintenance notification. Info messages should be added 
> dynamically instead of using messages.properties.
>
> 3)  After successful logic before redirecting user to Service we want to 
> display  password expiration warning and user must be able click on change 
> password to reset password. Error message should be added dynamically 
> instead of using messages.properties.
>
> I tried to modify AbstractAuthenticationAction class like below and I'm 
> unable to add  my custom error message instead of using 
> messages.properties.  
>
> Whats the best practice to implement these?
>
> Thanks
> Rao
>
>
>  protected Event doExecute(final RequestContext requestContext) {
> final String agent = 
> WebUtils.getHttpServletRequestUserAgentFromRequestContext();
> final GeoLocationRequest geoLocation = 
> WebUtils.getHttpServletRequestGeoLocationFromRequestContext();
>
> // TODo  -  Ip address Checking.
> Event event = iPAddressCasWebflowSupport.doExecute(requestContext);
> if (event != null) {
> return event;
> }
>
>
> if (!adaptiveAuthenticationPolicy.apply(agent, geoLocation)) {
> final String msg = "Adaptive authentication policy does not 
> allow this request for " + agent + " and " + geoLocation;
> final Map map = 
> CollectionUtils.wrap(
> 
> UnauthorizedAuthenticationException.class.getSimpleName(),
> UnauthorizedAuthenticationException.class);
> final AuthenticationException error = new 
> AuthenticationException(msg, map, new HashMap<>(0));
> return new Event(this, 
> CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE,
> new 
> LocalAttributeMap(CasWebflowConstants.TRANSITION_ID_ERROR, error));
> }
>
> final Event serviceTicketEvent = 
> this.serviceTicketRequestWebflowEventResolver.resolveSingle(requestContext);
> if (serviceTicketEvent != null) {
> fireEventHooks(serviceTicketEvent, requestContext);
> return serviceTicketEvent;
> }
>
>
> final Event finalEvent = 
> this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);
>
> fireEventHooks(finalEvent, requestContext);
>
> event = notificationsCasWebflowSupport.doExecute(requestContext, 
> this);
>
> if (event != null) {
> fireEventHooks(event, requestContext);
> return event;
> }
>
>
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/73c53eec-7dfc-47af-8ed9-c1a8f3da4442%40apereo.org.

[cas-user] Re: (Ask) CAS 5.2 Basic Installation Step by Step

2018-05-17 Thread Fahmi L. Ramdhani 
All will try https://dacurry-tns.github.io/deploying-apereo-cas guides. 
Thanks Matthew Uribe.

Pada Kamis, 17 Mei 2018 21.36.19 UTC+7, Matthew Uribe menulis:
>
> Maybe have a look here 
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/guide/cas-user/LgZzuXvh3OY/T6XXmVvcCQAJ
>  
>  or 
> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/CAS$20documentation$20for$20a$20new$20user$20is$20terrible/cas-user/BwI6_qU612c/sPx1lAaQBgAJ
>   
>  
>
>
> On Thursday, May 17, 2018 at 8:23:23 AM UTC-6, Fahmi L. Ramdhani wrote:
>>
>> Hello,
>>
>> I started a cas installation through 
>> https://github.com/apereo/cas-overlay-template. After that I confused 
>> how the next configuration. I have read the CAS documentation, but I do not 
>> understand that. Please help him to the authentication process succeed.
>>
>> How can I set up service and users, as well as user data stored in MySQL.
>>
>> Thanks.
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e5c92144-f12c-4eb2-818d-af7f843881d9%40apereo.org.

[cas-user] Re: (Ask) CAS 5.2 Basic Installation Step by Step

2018-05-17 Thread Matthew Uribe 
Maybe have a look 
here 
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/guide/cas-user/LgZzuXvh3OY/T6XXmVvcCQAJ
 
 or 
https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/CAS$20documentation$20for$20a$20new$20user$20is$20terrible/cas-user/BwI6_qU612c/sPx1lAaQBgAJ
  
 


On Thursday, May 17, 2018 at 8:23:23 AM UTC-6, Fahmi L. Ramdhani wrote:
>
> Hello,
>
> I started a cas installation through 
> https://github.com/apereo/cas-overlay-template. After that I confused how 
> the next configuration. I have read the CAS documentation, but I do not 
> understand that. Please help him to the authentication process succeed.
>
> How can I set up service and users, as well as user data stored in MySQL.
>
> Thanks.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6b5c5ca-06e3-43df-b2d5-700127397c3d%40apereo.org.

[cas-user] (Ask) CAS 5.2 Basic Installation Step by Step

2018-05-17 Thread Fahmi L. Ramdhani 
Hello,

I started a cas installation through 
https://github.com/apereo/cas-overlay-template. After that I confused how 
the next configuration. I have read the CAS documentation, but I do not 
understand that. Please help him to the authentication process succeed.

How can I set up service and users, as well as user data stored in MySQL.

Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2feeab6e-ee50-431b-9659-8f59c54eeaef%40apereo.org.

Re: [cas-user] cas-overlay-template sutck with warnings

2018-05-17 Thread Matthew Uribe 
Did you create a keystore file 'thekeystore' under '/etc/cas'? I don't see 
any reference to it in your cas.properties. If you are using the embedded 
Tomcat, you need to include the keystore properties in the cas.properties 
file. Check out the README.md file that comes with the overlay.

On Wednesday, May 16, 2018 at 9:44:00 AM UTC-6, Érico Teixeira wrote:
>
> Thks for David Curry's site. I will follow it
>
> It is ok for me to use 8443 . I tried before posting to the group :
>
> https://localhost:8443/cas
>
> but I get the following error : 
>
> SSL_ERROR_NO_CYPHER_OVERLAP
>
> 2018-05-16 11:57 GMT-03:00 Matthew Uribe  >:
>
>> Érico,
>>
>> Based on this https://github.com/apereo/cas-overlay-template I would say 
>> that 8080 and 8443 should both be open while the overlay embedded Tomcat is 
>> running. However, it's also my understanding that CAS requires SSL, so the 
>> fact that you have no process listening on port 8080, but java is listening 
>> on 8443 is not too surprising to me. Someone with more experience using the 
>> embedded Tomcat can correct me if I'm wrong. Why don't you want to use 
>> 8443? If SSL cert is the issue, a self-signed cert should be suitable for 
>> test/dev purposes.
>>
>> When I started in CAS 5, not long ago, I was on a similar track. The 
>> guide that David Curry put together is super helpful. Have you taken the 
>> time to look at it?
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html
>>
>>
>> [image: Aims Community College Top Work Places 2018 - The Denver Post] 
>> Matt Uribe
>> Programmer Analyst II
>> Information Technology
>> Aims Community College
>> 970.339.6375
>> matthe...@aims.edu 
>> 5401 W. 20th Street 
>> 
>> Greeley, CO, 80634 
>> 
>> www.aims.edu
>> 
>>
>>
>> *IT staff will never ask you for your username and password. *
>>
>>
>> *Always decline to provide the information and report such attempts to the 
>> Help Desk (x6380).*
>>
>>
>> On Wed, May 16, 2018 at 8:28 AM, Érico Teixeira > > wrote:
>>
>>> Hello Matt
>>>
>>> Thks for the reply 
>>>
>>> I try to access through browser but nothing happens :
>>> http://localhost:8080/cas
>>>
>>> My /etc/cas/config/cas.properties content is the following : 
>>>
>>> #cas.server.name: https://cas.example.org:8443
>>> #cas.server.prefix: https://cas.example.org:8443/cas
>>>
>>> cas.server.name: http://localhost:8080
>>> cas.server.prefix: http://localhost:8080/cas
>>>
>>> cas.server.http.port=8080
>>>
>>> cas.adminPagesSecurity.ip=127\.0\.0\.1
>>>
>>> cas.authn.accept.users=
>>>
>>> logging.config: file:/etc/cas/config/log4j2.xml
>>> # cas.serviceRegistry.config.location: classpath:/services
>>>
>>> is that ok ? 
>>>
>>>
>>> shouldn't 8080 port been open ? 
>>>
>>> cas-overlay-template-master ericomartins$ lsof -i :8080
>>> ---  no result here  
>>>
>>> cas-overlay-template-master ericomartins$ lsof -i :8443
>>> COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE 
>>> NAME
>>> java26098 ericomartins   32u  IPv6 0xff2c21fe03059105  0t0  TCP 
>>> *:pcsync-https (LISTEN)
>>>
>>>
>>> Thks
>>>
>>>
>>> Em quarta-feira, 16 de maio de 2018 11:05:15 UTC-3, Matthew Uribe 
>>> escreveu:

 Have you tried going to the CAS webpage? It should load.

 The warnings are just letting you know that since you didn't define the 
 keys in cas.properties, it's created them for you.

 If I recall from my experience with ./build.sh run, it will sit on the 
 console because the process is still running. That's normal in the console 
 while the process continues to run.

 [image: Aims Community College Top Work Places 2018 - The Denver Post] 
 Matt Uribe
 Programmer Analyst II
 Information Technology
 Aims Community College
 970.339.6375
 matthe...@aims.edu
 5401 W. 20th Street 
 
 Greeley, CO, 80634 
 
 www.aims.edu
 


 *IT staff will never ask you for your username and password. *


 *Always decline to provide the information and report such attempts to the

[cas-user] Re: SPNEGO Client Selection Strategy

2018-05-17 Thread Christian Poirier 
Hi Nicolas,

In our organization, we need to let the user choose between the default 
login and SPNEGO upon a list of criteria and sometimes we need to go 
directly to the SPNEGO authentication upon other criteria. For this 
feature, I extended the SPNEGO module. I show a button with the label 
"LOGIN WITH MY WINDOWS ACCOUNT" when the IP address matches a regular 
expression. When the service matches a regular expression and the IP 
address also matches its regular expression, I force SPNEGO authentication 
without giving the user the chance to authenticate otherwise. If none of 
the previous conditions are present, then the user must authenticate 
normally with his user ID and password.
If you look the following webflow, you will find this logic inside.







   






  






  






  















  








  






   






   

   

  










   
  

  

  






   



 






  

  






 

   

  








   




Here are my new spnego.properties
# cas.authn.spnego.spnegoMode=direct: indicates to go directly to the 
SPNEGO by changing the succes transition of initialLoginForm action-state 
to startSpnegoAuthenticate
# cas.authn.spnego.spnegoMode=evaluateClient: indicates to evaluate the 
client based on the client action strategy defined in 
evaluateClientActionStrategy. 

# It changes the 
success transition of initialLoginForm action-state to evaluateClientRequest
cas.authn.spnego.spnegoMode=evaluateClient|direct
# The following property is deprecated
#cas.authn.spnego.hostNameClientActionStrategy=serviceNameSpnegoClientAction
# cas.authn.spnego.evaluateClientActionStrategy=hostnameSpnegoClientAction 
where CAS checks to see if the request?s remote hostname matches a 
predefine pattern
# cas.authn.spnego.evaluateClientActionStrategy=ldapSpnegoClientAction 
where CAS checks an LDAP instance for the remote hostname, 
#  
 to locate a pre-defined attribute whose mere existence would allow the 
webflow to resume to SPNEGO
# cas.authn.spnego.evaluateClientActionStrategy=serviceNameSpnegoClientAction 
where CAS checks if the service corresponds to a regularExpression
#defined in 
serviceNamePatternString and the ip corresponds to ipsToCheckPattern 
implemented
#in baseSpnegoClientAction
cas.authn.spnego.evaluateClientActionStrategy=serviceNameSpnegoClientAction
cas.authn.spnego.ipsToCheckPattern=((127\.0)|(122.110))(\.[0-9]{1,3}){2}
cas.authn.spnego.serviceNamePatternString=(app1\.domain\.ca)|(app2\.domain\.ca)


It works well for me. If you want it, I could send you the code.

Le jeudi 17 mai 2018 01:47:54 UTC-4, Nicholas Wylie a écrit :
>
> Hi CAS Community,
>
> I've successfully configured CAS 5.2 with LDAP/SPNEGO authentication 
> against our Active Directory.
>
> What we have noticed though is that non-domain joined computers see a 
> pop-up prompt for credentials when they visit the CAS login page. From my 
> reading, I believe we can fix this by configuring the LDAP Client Selection 
> Strategy for SPNEGO, but the documentation for which properties need to be 
> configured seems to be a bit scarce.
>
> Can someone offer any guidance (or a link to some documentation) as to 
> which properties I need to configure to use the LDAP Client Selection 
> Strategy?
>
> Thanks,
> Nicholas
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org.

[cas-user] Application Not Authorized to Use CAS

2018-05-17 Thread Jann Malenkoff 
Hello:

I have been tacking with the JSON enabling of 
'http://localhost:8080/cas-management' over the weekend.

Wondering if I can change approach and tackle this by entering SQL to the 
DB tables (screenshot attached).

Would there be a resource with instruction on which tables to update? 
Google has not been my best friend today.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/092d3dc9-f4f2-4b43-b928-75bc4e5e61a4%40apereo.org.

[cas-user] Re: SPNEGO Client Selection Strategy

2018-05-17 Thread Charles Le Gallic 
Hi Nicholas,

It's seems to me that Kerberos / SPNEGO client selection strategy is broken 
since Alfresco 5.0.x.

Indeed, there are several other messages in this discussion list referring 
to this problem : here 
,
 
here 

 
and here 
,
 
and I didn't achieved to make it work (IP based) in CAS 5.1.7 release.

SPNEGO Client Selection strategy setup is done in the 
SpengoWebflowConfigurer 

 
class, using the "cas.authn.spnego.hostNameClientActionStrategy" parameter 
value to set the strategy (default to "hostnameSpnegoClientAction"). You 
can use the "ldapSpnegoClientAction" value to use a LDAP Client Selection 
Strategy.

The problem is the Spring MVC Web Flow is configured for using the 
"START_SPNEGO_AUTHENTICATE" 
action state by default 
,
 
instead of the "EVALUATE_SPNEGO_CLIENT" action state (evaluateClientRequest) 

.

Therefore, the Client Selection Strategy is never applied. I didn't found 
any way to use CAS configuration properties to add the 
*evaluateClientRequest* action state before the *startSpnegoAuthenticate* 
state.

The only way to do this may be to overidde the 
CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM 
state (as done here 
)
 
in a custom bean and configure it to transition to the 
evaluateClientRequest state.

I may have missed something, and I hope a CAS Developer can clarify it.

Regards,

Charles






Le jeudi 17 mai 2018 07:47:54 UTC+2, Nicholas Wylie a écrit :
>
> Hi CAS Community,
>
> I've successfully configured CAS 5.2 with LDAP/SPNEGO authentication 
> against our Active Directory.
>
> What we have noticed though is that non-domain joined computers see a 
> pop-up prompt for credentials when they visit the CAS login page. From my 
> reading, I believe we can fix this by configuring the LDAP Client Selection 
> Strategy for SPNEGO, but the documentation for which properties need to be 
> configured seems to be a bit scarce.
>
> Can someone offer any guidance (or a link to some documentation) as to 
> which properties I need to configure to use the LDAP Client Selection 
> Strategy?
>
> Thanks,
> Nicholas
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f3f6c1a-5510-498d-afe6-ea478a2de75c%40apereo.org.

[cas-user] CAS5.3.x: Error getting flow information for URL

2018-05-17 Thread Jay 
Hello everyone,

We have CAS application running in Tomcat in two different instances and 
load balanced by a F5 url.
Any application is configured with the F5 url for login authentication and 
authorization.

We have customized the url to *https:///las/v3/login* (Naming 
the war file as *las#v3.war* sets the context path here)

When I use individual server instance login/logout works absolutely fine. 
(i.e. *:/las/v3/login* )

We see below error after we give the user credential and clink on login 
button.

2018-05-17 01:49:36,786 DEBUG 
[org.apereo.cas.web.FlowExecutionExceptionResolver] - <*Error getting flow 
information for URL* 
[/las/v3/login?service=http%3A%2F%2Flocalhost%3A3001%2Flogin%3Fdestination%3D%252Fconfiguration%252Faccounts%252F34864%252FproductLines%252FPrismPostPD%252Ftemplates%252F311]>
 [m
org.apereo.spring.webflow.plugin.ClientFlowExecutionRepositoryException: 
Error decoding flow execution
at 
org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository.getFlowExecution(ClientFlowExecutionRepository.java:99)
 
~[spring-webflow-client-repo-1.0.3.jar:1.0.3]
at 
org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168)
 
~[spring-webflow-2.4.7.RELEASE.jar:2.4.7.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_31]
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
~[?:1.8.0_31]
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
~[?:1.8.0_31]
at java.lang.reflect.Method.invoke(Method.java:483) ~[?:1.8.0_31]
at 
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) 
~[spring-core-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at 
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470)
 
~[spring-cloud-context-1.3.0.RELEASE.jar:1.3.0.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 
~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at 
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
 
~[spring-aop-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at com.sun.proxy.$Proxy165.resumeExecution(Unknown Source) ~[?:?]
at 
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:253)
 
~[spring-webflow-2.4.7.RELEASE.jar:2.4.7.RELEASE]
at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
 
~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
 
~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
 
~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at 
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
 
~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) 
~[servlet-api.jar:?]
at 
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
 
~[spring-webmvc-4.3.14.RELEASE.jar:4.3.14.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) 
~[servlet-api.jar:?]
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
 
~[catalina.jar:8.0.29]
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 
~[catalina.jar:8.0.29]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
~[tomcat-websocket.jar:8.0.29]
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
 
~[catalina.jar:8.0.29]
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 
~[catalina.jar:8.0.29]
at 
org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:30)
 
~[cas-server-core-web-api-5.3.0-RC2.jar:5.3.0-RC2]
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
 
~[catalina.jar:8.0.29]
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 
~[catalina.jar:8.0.29]
at 
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
 
~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
 
~[catalina.jar:8.0.29]
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 
~[catalina.jar:8.0.29]
at 
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:237)
 
~[cas-server-security-filter-2.0.10.2.jar:2.0.10.2]
at

[cas-user] Re: Size of maven cas-overlay-template

2018-05-17 Thread Andy Ng 
Hi Sam,

Since the default CAS 5 server already included so many components, the 
large size is to be expected I think, 
and I also tried but failed to find any way to shrink down the size of CAS 
5.

However, my previous blockage is actually *I hit tomcat default 
max-file-size*, and actually I can do this and be fine: 
"https://maxrohde.com/2011/04/27/large-war-file-cannot-be-deployed-in-tomcat-7/;.
 
If it is also your case then this might help you.

But if for other reason, then I probably can't help you... 

Cheers!
- Andy


On Thursday, 17 May 2018 09:01:14 UTC+8, Sam Erie wrote:
>
> I am putting together CAS version 5.2.4.x, and I would like to run it as 
> an executable war, however the size of the built project is still too big 
> for the server I am developing it for. I have taken out as many of the 
> obviously unneeded dependancies from pom.xml as I can, but I can not seem 
> to get build any smaller than 309 MB. 
>
> Is there any documentation on minimal builds? Or does that seem like a 
> minimal size? Any information on how I could go about pairing down the 
> final build size and still be able to run as executable war would be 
> appreciated.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/48f50e28-168e-4a12-ae4a-0b42d25b6527%40apereo.org.

Re: [cas-user] CAS Logout Issue

2018-05-17 Thread Ramakrishna G 
Hi Ray,

As said by you, I enabled logs and this is the output

2018-05-17 11:50:46,479 INFO [org.apereo.cas.logout.DefaultLogoutManager] -

2018-05-17 11:50:46,501 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,
*artifactId=*
,principal=casuser,loggedOutAlready=false,format=XML]]...>
2018-05-17 11:50:46,503 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
supports single logout and is found in the registry as
[id=1001,name=HTTPS and IMAPS,description=This service definition
authorizes all application urls that support HTTPS and IMAPS
protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d
,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@15646ed9
[attributeFilter=,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7923006f
[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@330ae512
[excludedAttributes=,includeOnlyAttributes=,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@5bc47191
[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2cd156ce
,logo=,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dc092b8
[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@687fb318[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=],].
Proceeding...>
2018-05-17 11:50:46,514 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/] for service
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa
[id=
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=
,principal=casuser,loggedOutAlready=false,format=XML]]>
2018-05-17 11:50:46,515 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,517 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]
created for
[org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@432f5faa
[id=
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
and ticket id [ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,518 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] - https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=,principal=casuser,loggedOutAlready=false,format=XML]]
is [BACK_CHANNEL]>
2018-05-17 11:50:46,519 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,originalUrl=https://192.168.111.12:8443/,artifactId=
,principal=casuser,loggedOutAlready=false,format=XML],status=NOT_ATTEMPTED]]>
2018-05-17 11:50:46,522 DEBUG
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@
ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client]>
2018-05-17 11:50:46,522 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/] to [
https://192.168.111.12:8443/]>
2018-05-17 11:50:46,547 DEBUG
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -
https://192.168.111.12:8443/,message=@NOT_USED@ST-3-Ca79ror-smWCKyQzaBNn0ZYt6l0-client,asynchronous=false,contentType=application/x-www-form-urlencoded,responseCode=0]].
Sending...>
2018-05-17 11:50:46,659 WARN
[org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler] -* https://192.168.111.12:8443/
]; Continuing processing...>*
2018-05-17 11:50:46,661 INFO [org.apereo.cas.logout.DefaultLogoutManager] -
<[1] logout requests were