Re: [cas-user] Attribute fetching from LDAP

[Ray Bon]

Eric,

Looks like userFilter was changed to searchFilter, 
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#ldap-authenticationsearch-settings

Ray

On Wed, 2019-10-09 at 13:11 -0700, Eric Jiang wrote:
Hi there,
  I am new to CAS, been setting up the server(5.3.0) in the past days to work 
with LDAP, now we would like to simply retrieve one extra attribute .e.g email 
from the LDAP server. I have configured the server like this according to the 
blog : 
https://apereo.github.io/2018/02/20/cas-service-rbac-attributeresolution/ , but 
ran into  these on startup the server.


2019-10-09 15:40:14,377 INFO [org.apereo.cas.web.CasWebApplication] - 
2019-10-09 15:40:14,461 INFO [org.apereo.cas.web.CasWebApplicationContext] - 

2019-10-09 15:40:19,268 WARN [org.apereo.cas.web.CasWebApplicationContext] - 


I highlighted the nested exception to help you quickly spot the root cause.  I 
checked the documentations and so on, can't figure out why the property is not 
writable.  Regards !

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5b5695fbc484d229befe8756cb2250b7b17d0186.camel%40uvic.ca.

[cas-user] Attribute fetching from LDAP

[Eric Jiang]

Hi there, 
  I am new to CAS, been setting up the server(5.3.0) in the past days to 
work with LDAP, now we would like to simply retrieve one extra attribute 
.e.g email from the LDAP server. I have configured the server like this 
according to the blog : 
https://apereo.github.io/2018/02/20/cas-service-rbac-attributeresolution/ , 
but ran into  these on startup the server.  


2019-10-09 15:40:14,377 INFO [org.apereo.cas.web.CasWebApplication] - 
2019-10-09 15:40:14,461 INFO [org.apereo.cas.web.CasWebApplicationContext] 
- 
2019-10-09 15:40:19,268 WARN [org.apereo.cas.web.CasWebApplicationContext] 
- 

I highlighted the nested exception to help you quickly spot the root 
cause.  I checked the documentations and so on, can't figure out why the 
property is not writable.  Regards !

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4e26b985-22bd-4e9d-a58a-df0b19585621%40apereo.org.

[cas-user] Re: Apereo CAS Deployer Survey: 2019 Edition

[Misagh Moayyed]

Survey results are now published:
https://apereo.github.io/2019/10/09/cas-survey-results2019/

On Tuesday, September 3, 2019 at 9:10:41 PM UTC+4, Misagh Moayyed wrote:
>
> Survey is now closed. Thank you all for participating. Aggregated, 
> anonymized results as well as a brief post-mortem analysis will be posted 
> on the Apereo blog shortly, with a link to follow-up here.
>
> On Wednesday, August 28, 2019 at 2:10:35 PM UTC+4:30, Misagh Moayyed wrote:
>>
>> Final reminder; The survey will close in less than a week. Thank you to 
>> all who have submitted answers so far.
>>
>> If you have not participated in the survey, please consider doing so by 
>> next Monday EOD. If you do need more time, please reach out to me directly.
>>
>>
>> On Monday, July 15, 2019 at 10:36:19 AM UTC+3, Misagh Moayyed wrote:
>> > CAS Community,
>> > 
>> > 
>> > The CAS project management committee has prepared a survey to request 
>> feedback from CAS deployers:
>> > 
>> > 
>> > http://bit.ly/2XJAJRh
>> > 
>> > 
>> > The intention is to help clarify specific areas in the CAS ecosystem 
>> that need attention, understand user demographics and common use cases and 
>> explore opportunities to support and prioritize funding of development 
>> activities.
>> > 
>> > 
>> > There is no due date yet though ideally, it would be best to finalize 
>> the results before September and periodically, I will send out reminders to 
>> the list here.
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/79adfa21-276a-4f3d-b8d4-1e43b720cc26%40apereo.org.

[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback

[Kevin Imbrechts]

JAAS is a Java standard authentication and authorization API. JAAS is 
configured via externalized plain text configuration file.

https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html

I think CAS attempts to use another authentication support but I don't know 
why...

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/059bb000-4cf5-4072-aa2e-5dfb89dad749%40apereo.org.

Re: [cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback

[Ray Bon]

java authentication authorization service

On Wed, 2019-10-09 at 04:22 -0700, vallee.romain wrote:
What is JAAS ?

Le mercredi 9 octobre 2019 11:11:19 UTC+2, Kevin Imbrechts a écrit :
I have a JAAS config file using Kerberos and I changed my cas.properties file 
like this :
cas.authn.jaas[0].realm=MY.DOMAIN
cas.authn.jaas[0].kerberosKdcSystemProperty=ad.MY.DOMAIN
cas.authn.jaas[0].kerberosRealmSystemProperty=MY.DOMAIN
cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/login.conf
cas.authn.jaas[0].principal.principalAttribute="uid=usr-docker,dc=my,dc=domain"

Still doesn't work.

Le mardi 8 octobre 2019 16:49:53 UTC+2, Kevin Imbrechts a écrit :
Hello,

With my CAS 5.3.10, I want to authenticate with SPNEGO when it's possible. But 
it can happen that some users can't use SPNEGO. I want to use login form as a 
fallback when SPNEGO failed authentication.
I see the login form, but when I submit the form, I have an error "bad 
login/password".
Any idea ? What I've misconfigured ?

Thanks.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9a8170b1017464d7b7acfda21fc8ce17574a824.camel%40uvic.ca.

[cas-user] Service Access Strategy with several attributes and OR logic

[Sébastien BEAUDLOT]

Hi,

I want to filter access on a CAS service from ldap attributes for some 
users and uid for other users (i don't want to allow all group for those 
few users).

Is it possible to apply a OR logic to Service Access Strategy ? 
Documentation only show an exemple with AND logic and two attributes : 
https://apereo.github.io/cas/5.3.x/installation/Configuring-Service-Access-Strategy.html

I am on CAS 5.3.11.

Regards?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/921aa159-fcbd-4dbb-97cf-2f7cd169ce82%40apereo.org.

[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback

[vallee.romain]

What is JAAS ?

Le mercredi 9 octobre 2019 11:11:19 UTC+2, Kevin Imbrechts a écrit :
>
> I have a JAAS config file using Kerberos and I changed my cas.properties 
> file like this :
> cas.authn.jaas[0].realm=MY.DOMAIN
> cas.authn.jaas[0].kerberosKdcSystemProperty=ad.MY.DOMAIN
> cas.authn.jaas[0].kerberosRealmSystemProperty=MY.DOMAIN
> cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/login.conf
>
> cas.authn.jaas[0].principal.principalAttribute="uid=usr-docker,dc=my,dc=domain"
>
> Still doesn't work.
>
> Le mardi 8 octobre 2019 16:49:53 UTC+2, Kevin Imbrechts a écrit :
>>
>> Hello,
>>
>> With my CAS 5.3.10, I want to authenticate with SPNEGO when it's 
>> possible. But it can happen that some users can't use SPNEGO. I want to use 
>> login form as a fallback when SPNEGO failed authentication.
>> I see the login form, but when I submit the form, I have an error "bad 
>> login/password".
>> Any idea ? What I've misconfigured ?
>>
>> Thanks.
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d5ea36e-5285-47d6-83b5-75a4717a207a%40apereo.org.

[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback

[Kevin Imbrechts]

I have a JAAS config file using Kerberos and I changed my cas.properties 
file like this :
cas.authn.jaas[0].realm=MY.DOMAIN
cas.authn.jaas[0].kerberosKdcSystemProperty=ad.MY.DOMAIN
cas.authn.jaas[0].kerberosRealmSystemProperty=MY.DOMAIN
cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/login.conf
cas.authn.jaas[0].principal.principalAttribute="uid=usr-docker,dc=my,dc=domain"

Still doesn't work.

Le mardi 8 octobre 2019 16:49:53 UTC+2, Kevin Imbrechts a écrit :
>
> Hello,
>
> With my CAS 5.3.10, I want to authenticate with SPNEGO when it's possible. 
> But it can happen that some users can't use SPNEGO. I want to use login 
> form as a fallback when SPNEGO failed authentication.
> I see the login form, but when I submit the form, I have an error "bad 
> login/password".
> Any idea ? What I've misconfigured ?
>
> Thanks.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8475df2d-a7d4-4369-8590-1cdb720c55bb%40apereo.org.
SIDEN.INT {
  com.sun.security.auth.module.Krb5LoginModule sufficient
refreshKrb5Config=TRUE
useTicketCache=TRUE
renewTGT=TRUE
useKeyTab=TRUE
doNotPrompt=FALSE
keyTab=/etc/cas/config/cas.HTTP.keytab
storeKey=TRUE/FALSE
principal="uid=usr-docker,dc=my,dc=domain"
debug=TRUE;
};

[cas-user] Re: Noob question about{...}

[vallee.romain]

I thought it was a new feature of version 6 !

Le mercredi 9 octobre 2019 09:11:00 UTC+2, Andy Ng a écrit :
>
> Hello,
>
> > what you mean is that this configuration key is only present in the doc, 
> not in the configuration file
> Yup. ${configurationKey} is not a working mechanism, *don't put 
> ${configurationKey}.cluster.instanceName in your cas.properties file, 
> instead, put this cas.ticket.registry.hazelcast.cluster.members.*
>
> ${configurationKey} is just the way of CAS like to document their 
> properties...
>
> - Andy
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/feed0123-7f24-4f9f-b41f-82276a7cf3b6%40apereo.org.

[cas-user] Re: Noob question about{...}

[Andy Ng]

Hello,

> what you mean is that this configuration key is only present in the doc, 
not in the configuration file
Yup. ${configurationKey} is not a working mechanism, *don't put 
${configurationKey}.cluster.instanceName in your cas.properties file, 
instead, put this cas.ticket.registry.hazelcast.cluster.members.*

${configurationKey} is just the way of CAS like to document their 
properties...

- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/54bf4d6d-afaf-40a9-8d19-66923bdb858a%40apereo.org.

[cas-user] Re: Noob question about{...}

[vallee.romain]

thank you for your answers !!
what you mean is 
that this configuration key is only present in the doc, not in the 
configuration file



Le mardi 8 octobre 2019 21:53:28 UTC+2, vallee.romain a écrit :
>
> Hello.
> I spend a lot of Time to configure 5.x cas, and,now,i have to configure 
> 6.0 with some news in cas.properties like this stuf :
> ${configurationkey}
> I understand that a "shortcut" to a configuration path, but where can we 
> find this path ?
>
> In documentation, impossible to find complete path to this :
>
> {configurationKey}.dialect (for jpa ticket)
>
> Thank you so much
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/be67901a-24e3-48a6-a085-baf177b06585%40apereo.org.