Re: [cas-user] Google + API Being Depreated in pac4j library, any plan to update CAS before Google+ shutdown?

[Andy Ng]

Hi Jérôme

> That said, as CAS v5.3.9 and v6.0.2 releases are planned for March 01, 
2019, I think we can update them before.
That's great if it can be done!

> Then, you just need to pull the pac4j-* v3.6.0 dependencies along your 
current version of CAS (pac4j v3.x is backward compatible). There is no 
"hotfix", nor "patch".
Ok I understand now.

Thanks Jérôme for clearing things up!

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d2936a40-3922-4534-b700-cd4ca8232584%40apereo.org.

Re: [cas-user] Google + API Being Depreated in pac4j library, any plan to update CAS before Google+ shutdown?

[Jérôme LELEU]

Hi,

A pac4j v3.6.0 release will be cut before end of February to handle the
Google+ API deprecation.

Then, you just need to pull the pac4j-* v3.6.0 dependencies along your
current version of CAS (pac4j v3.x is backward compatible). There is no
"hotfix", nor "patch".

That said, as CAS v5.3.9 and v6.0.2 releases are planned for March 01,
2019, I think we can update them before.

Thanks.
Best regards,
Jérôme


Le ven. 15 févr. 2019 à 03:28, Andy Ng  a écrit :

> Hi CAS team,
>
> Reference here: https://github.com/pac4j/pac4j/issues/1228, Google+ API
> is being depreated. And will be shutdown on *March 7, 2019*.
> So the Google delegate authentication for CAS will most likely not able to
> work anymore if not patch before March 7, 2019.
>
> pac4j is plan to upgrade before end of Feb to cater this problem, but are
> there any plan for CAS to put out a new release of 5.3.x and 6.0.x before
> the Google+ API shutdown?
>
> The organization that I worked with relies heavily on google delegate
> authentication, so will be greatly appreciated if there is an patch
> before the shutdown.
> In the worst case scenario we can customized CAS to hotfix it ourselves,
> but it would be less than ideal. Thanks!
>
> Cheers!
> - Andy
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/696f46c5-509c-49ba-9c92-972d352387f6%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxMPGZmc_e5QJp%2BsHWrghKmkhsU4wm6DChcyo8FLsfYxQ%40mail.gmail.com.

[cas-user] Cas upgrade from 5.2.3 to 5.3.7 not returning oauthCode

[john]

Hi, I have upgraded cas war from 5.2.3 to 5.3.7 and i am using the 
URL 
http://localhost:8080/cas/oauth2.0/authorize?response_type=code_id=_uri=http://localhost:8080/test
 
which was working in 5.2.3 and returns OAuthCode. But in 5.3.7 the url  
does not return oauthcode. 

Any advise or guidance would be greatly appreciated

Thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ecac9b9d-86b9-4e91-bbca-adcd086a051b%40apereo.org.

[cas-user] Google + API Being Depreated in pac4j library, any plan to update CAS before Google+ shutdown?

[Andy Ng]

Hi CAS team,

Reference here: https://github.com/pac4j/pac4j/issues/1228, Google+ API is 
being depreated. And will be shutdown on *March 7, 2019*. 
So the Google delegate authentication for CAS will most likely not able to 
work anymore if not patch before March 7, 2019.

pac4j is plan to upgrade before end of Feb to cater this problem, but are 
there any plan for CAS to put out a new release of 5.3.x and 6.0.x before 
the Google+ API shutdown?

The organization that I worked with relies heavily on google delegate 
authentication, so will be greatly appreciated if there is an patch before 
the shutdown.
In the worst case scenario we can customized CAS to hotfix it ourselves, 
but it would be less than ideal. Thanks!

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/696f46c5-509c-49ba-9c92-972d352387f6%40apereo.org.

Re: [cas-user] Format of Logs Routed to SysLog

[Matthew Uribe]

Hi Ray,

Thanks for these options. I'm experimenting a little with both. I like the 
simplicity of the first option. Since you pointed it out, I did find it in 
the CAS documentation, but I don't think I would have noticed that without 
your having mentioned it. I also like the second option since it doesn't 
necessarily effect my text logs on the server. Both options are very 
appreciated.

Thanks,
Matt

On Thursday, February 14, 2019 at 9:18:28 AM UTC-7, rbon wrote:
>
> Matthew,
>
> Add this to cas.properties (you will get used to the format after a while):
>
> cas.audit.useSingleLine=true
>
> Or you can use 'replace' in your logger which has the added benefit of 
> handling java stack traces:
>
>  protocol="TCP">
> 
> %level{WARN=28, DEBUG=31, ERROR=27, TRACE=31, 
> INFO=30, FATAL=25}%d{MMM dd HH:mm:ss} ${hostName} CAS: %c 
> %replace{%m}{\n+}{31CAS: TRACE: }%n
> 
> 
>
> Ray
>
> On Thu, 2019-02-14 at 07:40 -0800, Matthew Uribe wrote:
>
> Hi all,
>
> We've just recently added the appender and logger to log4j2.xml referred 
> to in the documentation to route logs to SysLog (CAS 5.2.x). However, each 
> individual line is being sent as a separate log entry. Is there a way to 
> keep all the relevant lines for an entry together?
>
> For example, each of the following lines is sent separately:
>
> =
> WHO: user
> WHAT: ST...
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Feb 13 00:00:12 MST 2019
> CLIENT IP ADDRESS: 1.2.3.4
> SERVER IP ADDRESS: 4.3.2.1
> =
>
> Only, they're not sent over in this exact order. Instead, they are all 
> jumbled with unrelated entries overlapping each other. I'm using the 
> configuration from the "Routing Logs to SysLog" section of this page: 
> https://apereo.github.io/cas/5.2.x/installation/Logging.html
> The only thing I've really changed so far is the newLine - I set it to 
> false thinking it might change this line by line behavior, but it did not. 
> My next thought is to change the format, or experiment with other layouts, 
> but rather than guess and check, I thought I'd first reach out to the 
> community. Any insights would truly be appreciated.
>
>
> ...
> 
>  port="514"
> protocol="TCP" appName="MyApp" includeMDC="true" mdcId="mdc"
> facility="LOCAL0" enterpriseNumber="18060" newLine="false"
> messageId="Audit" id="App"/>
> 
> ...
> 
> 
> 
>
>
>
> Thanks!
> Matt
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/693049b5-16f3-4cbc-986b-b89750e297dd%40apereo.org.

[cas-user] Format of Logs Routed to SysLog

[Matthew Uribe]

Hi all,

We've just recently added the appender and logger to log4j2.xml referred to 
in the documentation to route logs to SysLog (CAS 5.2.x). However, each 
individual line is being sent as a separate log entry. Is there a way to 
keep all the relevant lines for an entry together?

For example, each of the following lines is sent separately:

=
WHO: user
WHAT: ST...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Feb 13 00:00:12 MST 2019
CLIENT IP ADDRESS: 1.2.3.4
SERVER IP ADDRESS: 4.3.2.1
=

Only, they're not sent over in this exact order. Instead, they are all 
jumbled with unrelated entries overlapping each other. I'm using the 
configuration from the "Routing Logs to SysLog" section of this page: 
https://apereo.github.io/cas/5.2.x/installation/Logging.html
The only thing I've really changed so far is the newLine - I set it to 
false thinking it might change this line by line behavior, but it did not. 
My next thought is to change the format, or experiment with other layouts, 
but rather than guess and check, I thought I'd first reach out to the 
community. Any insights would truly be appreciated.


...



...






Thanks!
Matt

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c1f44156-80ad-4b4b-bd0a-2f9c9741ede9%40apereo.org.

[cas-user] Re: CAS JWT Service ticket validation getting failed

[srmudigan]

Thanks you. I will try with the new version.

Regards,
srmudigan

On Wednesday, February 13, 2019 at 3:03:35 PM UTC-5, dkopy...@unicon.net 
wrote:
>
> In just released 2.2.0-GA version of cas-client-autoconfig-support 
> library, there is a new configuration option to turn off ticket validation 
> interaction by the Java CAS client (useful for this exact use case of JWTs 
> as tickets). It looks like this: cas.skipTicketValidation=true
>
> Once that's set, after authentication transaction, client apps will 
> receive JWTs in the 'ticket' request parameter(if CAS server is set up to 
> do that, of course) and CAS client will not attempt to validate it. Then 
> you could do whatever you please with it.
>
> Best,
> D.
>
> On Wednesday, 6 February 2019 10:38:18 UTC-5, srmudigan wrote:
>>
>> Hi Michele,
>>
>> Yes you are right, cas is not internally validating the JWT. The cas 
>> client which in my case is spring boot based web app which is 
>> using cas-client-autoconfig-support and with @EnableCasClient annotation. I 
>> am using the validation-type: CAS3 in the client. And when I authenticate 
>> against cas server, the cas is generating the JWT but the client is trying 
>> to validate the JWT like ST by sending it back to cas.  Looks like the 
>> client is using Cas20ServiceTicketValidator to validate the JWT ticket 
>> which I think it should not. What changes did you do in client to not send 
>> it back to cas for validating ? 
>>
>> Thanks,
>> srmudiganti 
>>
>> On Wednesday, February 6, 2019 at 3:50:04 AM UTC-5, Michele Melluso wrote:
>>>
>>> Hi,
>>>
>>> cas is not supposed at all to internally validate the JWT, since it 
>>> should be generated by cas only after the ST is internally validated, (as 
>>> its shown on the documentation flow diagram).
>>>
>>> When it happened to me, it was because i was using a cas client which 
>>> was applying the cas protocol providing back the ticket argument to the 
>>> validation endpoint of cas.
>>> Could you check that you are not using any cas client and provide your 
>>> app code that you are using to validate the jwt?
>>>
>>> regards
>>> Michele
>>>
>>> On Monday, February 4, 2019 at 7:24:23 PM UTC+1, srmudigan wrote:

 Hi Michele,

 I have gone through the link. But before I implement reading the token 
 on client side, i need to disable the validation happening on cas side. 
 Could you help me how to disable the validation that's happening on cas as 
 it's doing JWTvalidation like ST ticket ? It looks like after JWT is 
 generated, it's getting validated on cas. The generated URL has 
 redirected=true=JWT-ticket. May be that's causing the automatic 
 validation ? It looks like the jwt ticket is not even reaching client. So 
 can you please suggest how to stop the validation ? 

 Thank you for your help.

 Regards,
 srmudiganti



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f36032a8-6994-44c5-bc5e-c80483596e1b%40apereo.org.

[cas-user] Re: CAS 5.3.7 Issue Pac4J OIDC + SAML2 Delegation

[kyra1510]

Hi all,

I upgrade my CAS version 5.2.7 to 5.2.8 and everything is working fine.

Le mercredi 6 février 2019 08:56:47 UTC+1, kyra1510 a écrit :
>
> Hy all,
>
> I apologize for my French English.
>
> I have a problem when I upgrade my CAS 5.2.x to CAS 5.3.7 with the SAML 
> delegation.
> My Cas 5.3.7 is configure to use the OpenIdConnect authentication but it 
> is possible to delegate the authentication to an IDP SAML2.
> I have no problem with the delegation in CAS 5.2.x 
>
> When I use the OIDC authentication without delegation, the workflow is 
> correct.
> Workflow:
> 1 The user enter its password and login in the authentication page
> 2 The user is redirect to a consent page
> 3 When click on the button "allow", an authorization code is returned
>
> But when I use the SAML2 delegation, I am not redirect to the consent page:
> 1 The user click on the button which redirect to the correct IDP
> 2 The user logged on the IDP SAML  
> 3 After the user is returned to my CAS 5.3.7 and arrived on the page 
> service?ticket=ST-x 
> xxx
>  
> and I have a code 302
>
>
> I found this issue in the github which seems to correspond to my problem 
> https://github.com/apereo/cas/pull/3664.
> It describe the same issue in CAS 5.3.x in the SAML2 protocol before the 
> bug was fixed. It didn't concern the delegation.
> Could it be this problem is related to my issue?
>
> Thanks for any help.
>
> Kyra
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fa4db08-3d34-4042-a1e9-8a3443556fd3%40apereo.org.

[cas-user] Re: After a month, no tickets created in 4.2.2?

[Abylay]

Hi.
I'm getting the same exception on CAS 5.2.0.
Does anyone know the solution?

On Wednesday, July 20, 2016 at 4:09:59 AM UTC+6, Jeffrey Wong wrote:
>
> After about a month of working perfectly on 4.2.2 deployed to tomcat7, 
> running under java8, randomly the in-memory ticketing system would not 
> create any more tickets. Restarting the tomcat instance fixed it, but I'm 
> wondering why CAS would randomly break on me after working so well! Using a 
> LDAP (AD) backed user base with a mysql backed attribute DB. We have pretty 
> minimal traffic, so I'm not sure why I am seeing issues after such a small 
> amount of time.
>
> Despite having an , no errors have been thrown at 
> the time of issue.
>
> Unfortunately, I've only had the org.springframework.jdbc logger set to 
> debug, and all others at info, so I have very minimal logging around the 
> issue.
>
> I'm noticing both the ldap auth AND the jdbc handlers returning without 
> issues (no errors). ...But no tickets?
>
> Here's a sample of the logs:
>
> 2016-07-19 16:28:16,399 INFO 
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
>  
> 2016-07-19 16:28:16,400 DEBUG [org.springframework.jdbc.core.JdbcTemplate] - 
>  
> 2016-07-19 16:28:16,400 DEBUG [org.springframework.jdbc.core.JdbcTemplate] - 
>  ID,username,FirstName,LastName,Email FROM User WHERE UserName = ?]> 
> 2016-07-19 16:28:16,400 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils] -  Connection from DataSource> 
> 2016-07-19 16:28:16,401 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils] -  Connection to DataSource> 
> 2016-07-19 16:28:19,015 INFO 
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
>  
> 2016-07-19 16:28:19,015 DEBUG [org.springframework.jdbc.core.JdbcTemplate] - 
>  
> 2016-07-19 16:28:19,015 DEBUG [org.springframework.jdbc.core.JdbcTemplate] - 
>  ID,username,FirstName,LastName,Email FROM User WHERE UserName = ?]> 
> 2016-07-19 16:28:19,015 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils] -  Connection from DataSource> 
> 2016-07-19 16:28:19,017 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils] -  Connection to DataSource> 
>
> Immediately before this, I've seen tickets that are created (an audit log 
> is posted that a ticket granting ticket has been created and validated, and 
> all is good). There are no exceptions thrown between when the tickets were 
> able to be created and when there was this bottleneck.
>
> On the front end, after the logs say 'success' without a ticket created, 
> they are redirected to the main cas login page. Reproducing this is also 
> difficult as it will stop intermittently, without warning.
>
> What are the best ways to debug or resolve these sorts of issues? What 
> could be causing this issue?
>
> Thanks in advance,
> Jeff
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/355de671-ae64-4b26-863b-b933a056a649%40apereo.org.