Re: [cas-user] Re: Issue: "Content is not allowed in Prolog"

2019-01-23 Thread Isaac Li 
Ray,

I'm using Open JDK 11.

F:\John\Code\CAS\cas-overlay-template>java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)

F:\John\Code\CAS\cas-overlay-template>gradlew clean build
Starting a Gradle Daemon (subsequent builds will be faster)

> Task :bootWar
[Fatal Error] commons-parent-42.pom:2:1: 前言中不允许有内容。
[Fatal Error] commons-parent-42.pom:2:1: 前言中不允许有内容。

BUILD SUCCESSFUL in 26m 35s
2 actionable tasks: 2 executed
<-> 0% WAITING
> IDLE
> IDLE


On Thu, Jan 24, 2019 at 12:44 AM Ray Bon  wrote:

> Isaac,
>
> If you are doing a clone then immediate build, you are working off master.
> It requires jdk 11. Open JDK 11 works.
>
> Ray
>
> On Wed, 2019-01-23 at 09:42 +0800, Isaac Li wrote:
>
> Today I ask my colleage for help to build, there is no error.  I think
> it's problem of my work environment.
>
> On Tue, Jan 22, 2019 at 3:59 PM Isaac Li  wrote:
>
> Hello,
>
> Today when I do git clone g...@github.com:apereo/cas-overlay-template.git
> and run: "gradlew clean build"
>
>
> F:\John\Code\CAS\cas-overlay-template>gradlew clean build
>
> > Task :bootWar
> [Fatal Error] commons-parent-42.pom:2:1: 前言中不允许有内容。  (I believe it's said
> "Content is not allowed in Prolog" )
> [Fatal Error] commons-parent-42.pom:2:1: 前言中不允许有内容。
>
> BUILD SUCCESSFUL in 50s
> 2 actionable tasks: 1 executed, 1 up-to-date
> <-> 0% WAITING
> > IDLE
>
>
> John
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1548261876.3605.79.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPNNC%2BeB21jcZ0nk4%3Db-dKw9HxVxRk6CuHuiCG4M6hLy15BNgQ%40mail.gmail.com.

[cas-user] TGT hard timeout dose not work for rememberMe

2019-01-23 Thread James Mackerel 
hi all,

I am trying to set tgt session timeout for my CAS server. I want to config 
CAS to act like this (for testing purpose):

1. if remember me is not checked, TGT will be killed if it is not used to 
grant ST in 10 seconds
2. if remember me is checked, TGT will be killed if it is not used to grant 
ST in 300 seconds
3. if a TGT grants a ST, its TTL will be refreshed to 3000 seconds
4. but no matter remember me is checked or not, a TGT will be killed 30 
seconds after its creation

So this is properties I set:

cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=300

cas.ticket.tgt.maxTimeToLiveInSeconds=3000
cas.ticket.tgt.timeToKillInSeconds=10
cas.ticket.tgt.hardTimeout.timeToKillInSeconds=30

cas.tgc.rememberMeMaxAge=2000

But when I check the remember me box, TGT will never be killed if I use it 
to grant ST less than every *300 seconds.*

It seems like hardTimout is not working when remember me is checked. Is 
this a bug?

I am using CAS 5.3.6 with *redis ticket registry*. Please help, thank you.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4a4af29c-73fc-4c8e-a977-e0db2ebea74a%40apereo.org.

[cas-user] Basic CAS server test

2019-01-23 Thread Ethan M 
Hi,

I'm running CAS 5.3.7 in Docker:

  $ docker pull apereo/cas
  $ docker run -p 8080:8080 -p 8443:8443 14de63
  ...

 __     _     __
/ /  / ___|/ \/ ___|  \ \
   | |  | |   / _ \   \___ \   | |
   | |  | |___   / ___ \   ___) |  | |
   | |   \| /_/   \_\ |/   | |
\_\   /_/

  CAS Version: 5.3.7
  CAS Commit Id: f54e8d5132a0e52fd2fc3ea498c8d0f5ee97f502
  CAS Build Date/Time: 2019-01-23T19:58:46Z
  Spring Boot Version: 1.5.18.RELEASE
  Spring Version: 4.3.20.RELEASE
  Java Home: /opt/zulu8.21.0.1-jdk8.0.131-linux_x64/jre
  Java Vendor: Azul Systems, Inc.
  Java Version: 1.8.0_131
  JVM Free Memory: 25 MB
  JVM Maximum Memory: 444 MB
  JVM Total Memory: 201 MB
  JCE Installed: Yes
  Node Version: N/A
  NPM Version: N/A
  OS Architecture: amd64
  OS Name: Linux
  OS Version: 4.9.93-linuxkit-aufs
  OS Date/Time: 2019-01-23T19:58:55.204
  OS Temp Directory: /tmp
  
  Apache Tomcat Version: Apache Tomcat/8.5.37
  


  2019-01-23 19:58:56,130 INFO 
[org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] 
- 
  2019-01-23 19:58:56,144 INFO 
[org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration]
 
- 
  2019-01-23 19:58:56,151 INFO [org.apereo.cas.web.CasWebApplication] - 

  2019-01-23 19:58:56,209 INFO 
[org.apereo.cas.web.CasWebApplicationContext] - 
  2019-01-23 19:59:00,066 WARN 
[org.apereo.cas.config.CasCoreTicketsConfiguration] - 
  2019-01-23 19:59:00,069 INFO [org.apereo.cas.util.CoreTicketUtils] - 

  2019-01-23 19:59:13,155 INFO 
[org.apereo.cas.config.CasConfigurationSupportUtilitiesConfiguration] - 

  2019-01-23 19:59:13,690 WARN 
[org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration]
 
- <>
  2019-01-23 19:59:13,694 WARN 
[org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration]
 
- <

_____
   / ___|  |_   _|  / _ \  |  _ \  | |
   \___ \| |   | | | | | |_) | | |
___) |   | |   | |_| | |  __/  |_|
   |/|_|\___/  |_| (_)


  CAS is configured to accept a static list of credentials for 
authentication. While this is generally useful for demo purposes, it is 
STRONGLY recommended that you DISABLE this authentication method (by 
setting 'cas.authn.accept.users' to a blank value) and switch to a mode 
that is more suitable for production.>
  2019-01-23 19:59:13,695 WARN 
[org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration]
 
- <>
  2019-01-23 19:59:18,844 INFO 
[org.apereo.cas.support.events.listener.CasConfigurationEventListener] - 

  2019-01-23 19:59:19,239 WARN 
[org.apereo.cas.config.CasCoreServicesConfiguration] - 
  2019-01-23 19:59:19,292 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 
  2019-01-23 19:59:19,583 WARN 
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
  2019-01-23 19:59:19,597 WARN 
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
  2019-01-23 19:59:19,601 WARN 
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
  2019-01-23 19:59:19,602 WARN 
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
  2019-01-23 19:59:20,169 WARN 
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
  2019-01-23 19:59:20,170 WARN 
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
  2019-01-23 19:59:20,170 WARN 
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
  2019-01-23 19:59:20,173 WARN 
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
  2019-01-23 19:59:20,470 INFO 
[org.apereo.cas.support.events.listener.DefaultCasEventListener] - <>
  2019-01-23 19:59:20,473 INFO 
[org.apereo.cas.support.events.listener.DefaultCasEventListener] - <

_  _     __   __
   |  _ \  | |/ \|  _ \  \ \ / /
   | |_) | |  _| / _ \   | | | |  \ V /
   |  _ <  | |___   / ___ \  | |_| |   | |
   |_| \_\ |_| /_/   \_\ |/|_|


  2019-01-23 19:59:20,473 INFO 
[org.apereo.cas.support.events.listener.DefaultCasEventListener] - <>
  2019-01-23 19:59:20,473 INFO 
[org.apereo.cas.support.events.listener.DefaultCasEventListener] - 
  2019-01-23 19:59:20,476 INFO [org.apereo.cas.web.CasWebApplication] - 

  2019-01-23 19:59:40,300 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 
  2019-01-23 19:59:50,326 INFO 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] 
expired tickets removed.>
  2019-01-23 20:00:40,230 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 
  ...


Is CAS listening?

  $ nmap -Pn 172.17.0.2
  ...
  PORT STATE  SERVICE
  113/tcp  closed ident
  8008/tcp open   http


Seems to be listening on port 8008 (instead of 8080). But I get a 302 on 
`/cas/login`:

  $ telnet 172.17.0.2 8008
  Trying 172.17.0.2...
  Connected to

Re: [cas-user] CAS Attribute

2019-01-23 Thread Ray Bon 
John,

What is your service definition for https://k?

Ray

On Wed, 2019-01-23 at 11:13 +0300, john adz wrote:
Ray, I check the records that the error is returned because the mail did not 
come. I'm sending the log again. Is this way when the mail is gone? Or should I 
see the e-mail address in the WHO: WHAT: section of the page?



2019-01-23 07:17:28,283 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,284 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,284 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,286 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,287 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,287 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,288 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,289 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,289 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,290 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,290 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,290 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-23 07:17:28,290 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 




On Tue, Jan 22, 2019 at 9:44 PM Ray Bon mailto:r...@uvic.ca>> 
wrote:
John,

What happens on the client side?
Check client logs to see if email is being received.

Ray

On Tue, 2019-01-22 at 10:41 +0300, john adz wrote:
Hi Ray,
Thanks for your answer. I've done something, and I see e-mails in the logs. But 
I don't know how to send this email address to the application. Or I don't know 
if I'm sending it right now. log like


2019-01-22 07:28:04,472 INFO 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2019-01-22 07:28:04,477 INFO 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
mailto:a...@gmail.com>} with credentials [username**].>

2019-01-22 07:28:04,478 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 

2019-01-22 07:28:04,478 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 

2019-01-22 07:28:04,480 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,481 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
mailto:a...@gmail.com>} for 
username**>

2019-01-22 07:28:04,481 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,481 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,482 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,482 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,482 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,483 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,483 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
mailto:a...@gmail.com>}>

2019-01-22 07:28:04,483 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,483 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,484 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,484 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
mailto:a...@gmail.com>}>

2019-01-22 07:28:04,485 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 

2019-01-22 07:28:04,485 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 

2019-01-22 07:28:04,489 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
mailto:a...@gmail.com>} for 
username**>

2019-01-22 07:28:04,489 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,489 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,489 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,490 DEBUG 
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 


2019-01-22 07:28:04,490 DEBUG

Re: [cas-user] Re: Issue: "Content is not allowed in Prolog"

2019-01-23 Thread Ray Bon 
Isaac,

If you are doing a clone then immediate build, you are working off master. It 
requires jdk 11. Open JDK 11 works.

Ray

On Wed, 2019-01-23 at 09:42 +0800, Isaac Li wrote:
Today I ask my colleage for help to build, there is no error.  I think it's 
problem of my work environment.

On Tue, Jan 22, 2019 at 3:59 PM Isaac Li 
mailto:tingjun...@gmail.com>> wrote:
Hello,

Today when I do git clone g...@github.com:apereo/cas-overlay-template.git and 
run: "gradlew clean build"


F:\John\Code\CAS\cas-overlay-template>gradlew clean build

> Task :bootWar
[Fatal Error] commons-parent-42.pom:2:1: 前言中不允许有内容。  (I believe it's said 
"Content is not allowed in Prolog" )
[Fatal Error] commons-parent-42.pom:2:1: 前言中不允许有内容。

BUILD SUCCESSFUL in 50s
2 actionable tasks: 1 executed, 1 up-to-date
<-> 0% WAITING
> IDLE


John


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1548261876.3605.79.camel%40uvic.ca.

Re: [cas-user] Re: CAS integration with multiple OpenID Providers

2019-01-23 Thread P Shreyas Holla 
Thanks Jerome, will test the same and will update.

On Wednesday, January 23, 2019 at 1:29:10 PM UTC+5:30, leleuj wrote:
>
> Hi,
>
> Starting with the version 5.3, you have the /clientredirect URL with the 
> service and client_name parameters. You may use that.
> Thanks.
> Best regards,
> Jérôme
>
>
> Le mer. 23 janv. 2019 à 05:54, P Shreyas Holla  > a écrit :
>
>>
>> leleuj , we want to achieve something like* http://localhost:8080/cas 
>> ?client_name=AzureAdClient* for Azure and 
>> *http://localhost:8080/cas 
>> ?client_name=GoogleClient *for google 
>> provider. Would this be possible?
>>
>> Thanks
>> Shreyas
>>
>> On Tuesday, January 22, 2019 at 8:00:29 PM UTC+5:30, leleuj wrote:
>>>
>>> Hi,
>>>
>>> You can log in at Azure or Google via the authentication delegation 
>>> feature: 
>>> https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html#openid-connect-1
>>>
>>> Choosing the OpenID Connect provider per service is a customization.
>>>
>>> Thanks.
>>> Best regards,
>>> Jéôme
>>>
>>>
>>> Le mardi 22 janvier 2019 09:58:39 UTC+1, P Shreyas Holla a écrit :

 Suppose we have User1 and User2.

 1)Whenever user1 acesses the application URL, he has to be redirected 
 to google login page,

 2) Whenever user2 acesses the application URL, he has to be redirected 
 to microsoft Azure login page.

 On Tuesday, January 22, 2019 at 2:20:25 PM UTC+5:30, P Shreyas Holla 
 wrote:
>
> We need to integrate CAS with multiple OpenID Providers like with 
> Google and Azure. How can we achieve it?
>
 -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f16a773-03fc-433b-884f-e206e3979469%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e305aaa9-7bf0-4299-ba4c-318cc3d2ca91%40apereo.org.

Re: [cas-user] masquerade as different user

2019-01-23 Thread Tepe, Dirk 
Ah, sorry. I overlooked the fact that you are on 5.1. We're on 5.3 and I
would expect the configuration you described to work. I unfortunately can't
speak to the 5.1 release.

Your log entry indicates the surrogate auth is successful. Do you have an
application in which you can enable CAS debugging and dump the result of
the validation? You might also set the CAS log to DEBUG and see if that
provides anything useful.

-dirk

On Wed, Jan 23, 2019 at 9:12 AM Brian Gibson <
gibson_br...@wheatoncollege.edu> wrote:

> Hi Dirk,
>
> Unfortunately when I add the "cas-server-support-surrogate-webflow"
> dependency to my pom.xml file I get the following error when I do "mvn
> clean package"
>
> *[ERROR] Failed to execute goal on project cas-overlay: Could not resolve
> depende*
> *ncies for project org.apereo.cas:cas-overlay:war:1.0: Could not find
> artifact or*
> *g.apereo.cas:cas-server-support-surrogate-webflow:jar:5.1.2 in
> sonatype-releases*
> * (http://oss.sonatype.org/content/repositories/releases/
> ) -> [Help 1]*
> *[ERROR]*
>
> From what I remember reading, the 5.1.x docs only mentioned the
> "cas-server-support-surrogate-authentication" dependency in the Surrogate
> setup directions and the other surrogate webflow and rest dependencies only
> started appearing (I think) in the 5.2 docs and above.
>
>
>
>
> On 1/22/2019 9:05 PM, Tepe, Dirk wrote:
>
> Just to be clear, you did include 'cas-server-support-surrogate-webflow'
> in your dependencies, right? While you don't need the REST dependency, you
> do need that one.
>
> -dirk
>
> On Tue, Jan 22, 2019 at 4:30 PM Brian Gibson <
> gibson_br...@wheatoncollege.edu> wrote:
>
>> Hi everyone,
>>
>> Dirk, thanks for all the suggestions, I 'think' I am close. I created the
>> c:\etc\cas\config\surrogates.json file and it looks like this...
>>
>> {
>> "bob": ["mary", "jim"]
>> }
>>
>> and I am referencing the surrogates.json file from my cas.properties file
>> like this...
>>
>> cas.authn.surrogate.separator=+
>> cas.authn.surrogate.json.config.location=
>> file:/etc/cas/config/surrogates.json
>>
>> When I go to log into a service I enter "mary+bob" in the username field
>> along with bob's password and I get taken to the service successfully as
>> bob (unfortunately not mary) and this is what I see in the logs...
>>
>>
>> 
>>
>> WHO: (Real user: [bob], Surrogate user: [mary])
>> WHAT: Supplied credentials: [[surrogateUsername=mary]]
>> ACTION: AUTHENTICATION_SUCCESS
>> APPLICATION: CAS
>> WHEN: Tue Jan 22 16:14:47 EST 2019
>> CLIENT IP ADDRESS: 
>> SERVER IP ADDRESS: 
>> 2019-01-22 16:14:47,559 *WARN
>> [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] -
>> > value and is not collected>*
>>
>> 
>>
>> Any ideas on what I'm missing? I don't think I need the
>> surrogate-authentication-rest dependencies since I believe that has to do
>> with building a web page with surrogate users to choose from and in our
>> case we are explicitly referencing the target's name with the
>> personA+PersonB syntax.
>>
>> Thanks!
>>
>>
>>
>>
>> On 1/11/2019 9:07 AM, Tepe, Dirk wrote:
>>
>> I can't speak to 5.1.x, we've been experimenting with surrogate since 5.2
>> and only using it actively since 5.3.
>>
>> I can say that any user can be a surrogate, it is not restricted to admin
>> users. The only restriction is the authorization.
>>
>> We use a REST endpoint to authorize surrogate requests. Our POM includes
>> both the surrogate-workflow and surrogate-authentication-rest dependencies.
>> Could you need another dependency to enable the actual authorization? When
>> working on a proof of concept, I used a json file. It seemed to provide
>> more flexibility.
>>
>> If the primary user authentication succeeds, then CAS will need to
>> resolve attributes for the given target. If CAS cannot identify the given
>> target, I'm not sure what to expect in the logs. A useful test is to use
>> the form '+primary_username' which, if the user is authorized, will show a
>> list of the users eligible for impersonation.
>>
>> Also keep in mind that not all properties can be applied on the fly. Some
>> changes in the cas.properties file require a restart.
>>
>> -dirk
>>
>> On Thu, Jan 10, 2019 at 2:08 PM Brian Gibson <
>> gibson_br...@wheatoncollege.edu> wrote:
>>
>>> Hi all,
>>>
>>> Couple of questions regarding Surrogate Authentication
>>>
>>> 1. Does the user that logs in have to also be a CAS admin? I'd like to
>>> map a specific non-admin user to another non-admin user.
>>>
>>> 2. If I am using LDAP authentication in CAS 5.1.2 do I have to do the
>>> surrogate mapping via LDAP as well? I've pulled in the surrogate dependency
>>> in my pom.xml file and added this to my cas.properties file...
>>>
>>> cas.authn.surrogate.separator=+
>>>

[cas-user] CAS 5.3.7 - Problem for OIDC delegated authentication

2019-01-23 Thread Matthieu Borez 


Hello,

 

I am currently working with the latest version of branch 5.3.X of CAS and 
FranceConnect (OIDC). I would like to delegate FranceConnect authentication 
to CAS. When I apply this configuration, no problem the application starts 
well.

 

However, when I click on the delegation button, the FranceConnect service 
sends me an answer: 

{"status": "fail", "message": "The following fields are not supposed to be 
present : delegatedclientid"}

 

The redirection URL is composed of redirect_uri and delegatedClientId. 

1. Is *delegatedClientId* mandatory in the authentication process and/or 
how to ignore it?

2.* redirect_uri* only takes */cas/login?client_name=FranceConnect* instead 
of sending *https://cas-server.com/cas/login?client_name=FranceConnect*

 

Thank you in advance,

Matthieu

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c28d690-913f-4a41-b065-cb9cc2740423%40apereo.org.

Re: [cas-user] masquerade as different user

2019-01-23 Thread Brian Gibson 

Hi Dirk,

Unfortunately when I add the "cas-server-support-surrogate-webflow" 
dependency to my pom.xml file I get the following error when I do "mvn 
clean package"


/[ERROR] Failed to execute goal on project cas-overlay: Could not 
resolve depende//
//ncies for project org.apereo.cas:cas-overlay:war:1.0: Could not find 
artifact or//
//g.apereo.cas:cas-server-support-surrogate-webflow:jar:5.1.2 in 
sonatype-releases//

// (http://oss.sonatype.org/content/repositories/releases/) -> [Help 1]//
//[ERROR]/

From what I remember reading, the 5.1.x docs only mentioned the 
"cas-server-support-surrogate-authentication" dependency in the 
Surrogate setup directions and the other surrogate webflow and rest 
dependencies only started appearing (I think) in the 5.2 docs and above.





On 1/22/2019 9:05 PM, Tepe, Dirk wrote:
Just to be clear, you did include 
'cas-server-support-surrogate-webflow' in your dependencies, right? 
While you don't need the REST dependency, you do need that one.


-dirk

On Tue, Jan 22, 2019 at 4:30 PM Brian Gibson 
> wrote:


Hi everyone,

Dirk, thanks for all the suggestions, I 'think' I am close. I
created the c:\etc\cas\config\surrogates.json file and it looks
like this...

{
    "bob": ["mary", "jim"]
}

and I am referencing the surrogates.json file from my
cas.properties file like this...

cas.authn.surrogate.separator=+

cas.authn.surrogate.json.config.location=file:/etc/cas/config/surrogates.json

When I go to log into a service I enter "mary+bob" in the username
field along with bob's password and I get taken to the service
successfully as bob (unfortunately not mary) and this is what I
see in the logs...




WHO: (Real user: [bob], Surrogate user: [mary])
WHAT: Supplied credentials: [[surrogateUsername=mary]]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Jan 22 16:14:47 EST 2019
CLIENT IP ADDRESS: 
SERVER IP ADDRESS: 
2019-01-22 16:14:47,559 */WARN
[org.apereo.cas.authentication.DefaultAuthenticationResultBuilder]
- /*



Any ideas on what I'm missing? I don't think I need the
surrogate-authentication-rest dependencies since I believe that
has to do with building a web page with surrogate users to choose
from and in our case we are explicitly referencing the target's
name with the personA+PersonB syntax.

Thanks!




On 1/11/2019 9:07 AM, Tepe, Dirk wrote:

I can't speak to 5.1.x, we've been experimenting with surrogate
since 5.2 and only using it actively since 5.3.

I can say that any user can be a surrogate, it is not restricted
to admin users. The only restriction is the authorization.

We use a REST endpoint to authorize surrogate requests. Our POM
includes both the surrogate-workflow and
surrogate-authentication-rest dependencies. Could you need
another dependency to enable the actual authorization? When
working on a proof of concept, I used a json file. It seemed to
provide more flexibility.

If the primary user authentication succeeds, then CAS will need
to resolve attributes for the given target. If CAS cannot
identify the given target, I'm not sure what to expect in the
logs. A useful test is to use the form '+primary_username' which,
if the user is authorized, will show a list of the users eligible
for impersonation.

Also keep in mind that not all properties can be applied on the
fly. Some changes in the cas.properties file require a restart.

-dirk

On Thu, Jan 10, 2019 at 2:08 PM Brian Gibson
mailto:gibson_br...@wheatoncollege.edu>> wrote:

Hi all,

Couple of questions regarding Surrogate Authentication

1. Does the user that logs in have to also be a CAS admin?
I'd like to map a specific non-admin user to another
non-admin user.

2. If I am using LDAP authentication in CAS 5.1.2 do I have
to do the surrogate mapping via LDAP as well? I've pulled in
the surrogate dependency in my pom.xml file and added this to
my cas.properties file...

cas.authn.surrogate.separator=+
cas.authn.surrogate.simple.surrogates.casuser=mary,bob

I thought I could then put "mary+bob" in the username field
along with bob's password and I'd be logged in as mary but I
just end up getting logged in as bob with nothing mentioned
about mary in the log files.

Thanks for any help you can provide.


On 1/9/2019 9:29 PM, Tepe, Dirk wrote:

We are successfully using surrogate authentication with CAS
5.3.x. Beginning with 5.3.0, the CAS audit log includes the
surrogate authorization details, which was important for our
ISO.

[cas-user] Re: I have a question about monitoring or logging.

2019-01-23 Thread James Mackerel 
1. don't know, never used a monitor before.

2. yes, I think you are talking about "audit". see documents here: 
https://apereo.github.io/cas/5.3.x/installation/Audits.html#audits

what's more, you can put your log4j2.xml in config path. default is 
/etc/cas/config, and you may override the default one by using 
--cas.standalone.configurationDirectory=/path/to/config command line 
parameter.

在 2019年1月23日星期三 UTC+8下午1:38:09,SangHyun Kim写道:
>
> Hi 
> I use CAS 5.3.2.
> Then I need monitoring system. So, I apply CAS monitoring setting. 
> I can find session information in dashboard. 
>
> Principal  Ticket Granting Ticket 
> Authentication Date Usage Count  
> te...@test.com   TGT-3-0VCWvzEGjAhNmfEWGwcVttpqfcE4g0zxiQ... 
> 2019-01-23T00:34:52Z  0
>
> 1. Usage Count
> When I only login CAS, then usageCount is 0.
> When I login Service through CAS, then usageCount is 3. why
>
> 2. Is it possible to know? or setting log4j2???
> I want to know what service the currently logged in user has logged in to. 
>
> help me... thank you.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/90194f83-f14d-467e-8943-28f7c3771252%40apereo.org.

[cas-user] [6.0.x Documentation] Algolia search: No results found for query

2019-01-23 Thread Michele Melluso 
Hi,

it seems like in the 6.0 documentation page, the box search does not return 
any result, eg with the keyword jdbc.

https://apereo.github.io/cas/6.0.x/

Looking at the browser's console I see no errors and in the Network tab the 
query calls are correctly fired, still they return an empty result like the 
following:

{
  "results": [
{
  "hits": [],
  "nbHits": 0,
  "page": 0,
  "nbPages": 0,
  "hitsPerPage": 5,
  "processingTimeMS": 1,
  "exhaustiveNbHits": true,
  "query": "authen",
  "params": 
"query=authen=5=%5B%22version%3A%206.0.x%22%5D",
  "index": "apereo"
}
  ]
}



The search box works correctly with any other version including 
development. I tried cleaning cache and with different browsers.

thanks for you time
regards
Michele

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/62d4738a-69b3-4994-97b3-04fe240bf6ec%40apereo.org.

Re: [cas-user] CAS Attribute

2019-01-23 Thread john adz 
Ray, I check the records that the error is returned because the mail did
not come. I'm sending the log again. Is this way when the mail is gone? Or
should I see the e-mail address in the WHO: WHAT: section of the page?


2019-01-23 07:17:28,283 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,284 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,284 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,286 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,287 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,287 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,288 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,289 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,289 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,290 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,290 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,290 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -


2019-01-23 07:17:28,290 DEBUG
[org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -




On Tue, Jan 22, 2019 at 9:44 PM Ray Bon  wrote:

> John,
>
> What happens on the client side?
> Check client logs to see if email is being received.
>
> Ray
>
> On Tue, 2019-01-22 at 10:41 +0300, john adz wrote:
>
> Hi Ray,
> Thanks for your answer. I've done something, and I see e-mails in the
> logs. But I don't know how to send this email address to the application.
> Or I don't know if I'm sending it right now. log like
>
> 2019-01-22 07:28:04,472 INFO
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> 
>
> 2019-01-22 07:28:04,477 INFO
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>  with credentials [username**].>
>
> 2019-01-22 07:28:04,478 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
>
> =
>
> WHO: username**
>
> WHAT: Supplied credentials: [username**]
>
> ACTION: AUTHENTICATION_SUCCESS
>
> APPLICATION: CAS
>
> WHEN: Tue Jan 22 07:28:04 UTC 2019
>
>
> =
>
>
> >
>
> 2019-01-22 07:28:04,478 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
>
> =
>
> WHO: username**
>
> WHAT: Supplied credentials: [username**]
>
> ACTION: AUTHENTICATION_SUCCESS
>
> APPLICATION: CAS
>
> WHEN: Tue Jan 22 07:28:04 UTC 2019
>
>
> =
>
>
> >
>
> 2019-01-22 07:28:04,480 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,481 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,481 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>  attributes for username**>
>
> 2019-01-22 07:28:04,481 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>  for username**>
>
> 2019-01-22 07:28:04,482 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,482 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
>  any>
>
> 2019-01-22 07:28:04,482 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,483 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,483 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,483 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,483 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,484 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,484 DEBUG
> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] -
> 
>
> 2019-01-22 07:28:04,485 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
>
> =
>
> WHO: username**
>
> WHAT: TGT-**ys3O6zFWVi-
>
> ACTION: