Re: [cas-user] [6.x] [REST Protocol] [Request a Service Ticket] HTTP 200 - empty body

2020-01-30 Thread Raheem Shaik 
Michele/Dmitriy,

I have found  how to pass to my header 'Accept: text/plain' while using 
POST method but after getting the jwt token not able to retrieve Payload 
data due to that our authentication is failing  

Did you faced this issue?, if not can you please let me know what should be 
added to my end to get it work properly 

On Tuesday, January 28, 2020 at 12:41:41 AM UTC+5:30, Raheem Shaik wrote:
>
> Hi Michele,
>
> I am also facing the same issue on cas 6.0.x , can you please let me know 
> where i have to add the header 'Accept: text/plain'
>
> Regards,
> Raheem
>
> On Tuesday, January 29, 2019 at 8:01:25 PM UTC+5:30, Michele Melluso wrote:
>>
>> Hi,
>>
>> i confirm that adding the header 'Accept: text/plain'
>>
>> works perfectly :)
>>
>> Thank you
>> Michele
>>
>> On Tuesday, January 29, 2019 at 3:08:14 PM UTC+1, Dmitriy Kopylenko wrote:
>>>
>>> Hi,
>>>
>>> there was one custom HttpMessageConverter added in 6.0 which messes up 
>>> with the body of a response on the way back during content negotiation (if 
>>> by default Accept header value is set to */*): 
>>> https://github.com/apereo/cas/blob/master/core/cas-server-core-services-api/src/main/java/org/apereo/cas/services/util/RegisteredServiceYamlHttpMessageConverter.java
>>>
>>> Set the Accept header value to text/plain and you should be good to go.
>>>
>>> I don’t know yet if it’s a “bug” or “feature”.
>>>
>>> Cheers,
>>> D.
>>>
>>> From: Michele Melluso 
>>> Reply: cas-...@apereo.org 
>>> Date: January 28, 2019 at 8:51:25 AM
>>> To: CAS Community 
>>> Subject:  [cas-user] [6.x] [REST Protocol] [Request a Service Ticket] 
>>> HTTP 200 - empty body 
>>>
>>> Hi all, 
>>>
>>> we're trying to integrate Rest Protocol as described here:
>>>
>>> https://apereo.github.io/cas/6.0.x/protocol/REST-Protocol.html
>>>
>>> in 5.3.6 everything works just fine, we obtain TGTs and STs also in Jwt 
>>> format.
>>>
>>> in all 6.x versions we manage to get a TGT (also in JWT format) but when 
>>> we try to get an ST we receive a 200 response with empty body.
>>> Our java version is java-11-openjdk-11.0.1.13-10.fc29.x86_64
>>>
>>> the Api is called exactly as in 5.3.6 version:
>>>
>>> curl -X POST \
>>>   https://localhost:8443/cas/v1/tickets/TGT-1-sF-... \
>>>   -H 'Content-Type: application/x-www-form-urlencoded' \
>>>   -H 'cache-control: no-cache' \
>>>   -d 'service=https%3A%2F%2Flocalhost..=true'
>>>
>>> the result is:
>>> HTTP/1.1 200 
>>> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
>>> Pragma: no-cache
>>> Expires: 0
>>> Strict-Transport-Security: max-age=15768000 ; includeSubDomains
>>> X-Content-Type-Options: nosniff
>>> X-Frame-Options: DENY
>>> X-XSS-Protection: 1; mode=block
>>> Content-Type: application/vnd.cas.services+yaml;charset=UTF-8
>>> Content-Length: 0
>>> Date: Mon, 28 Jan 2019 13:48:52 GMT
>>> Server: Apereo CAS
>>>
>>>
>>>
>>>
>>> Cas log says that the ticket is created:
>>> =
>>> WHO: {myuser}
>>> WHAT: [status=200-OK,body=ST-1-GiBOLycp8wL.]
>>> ACTION: REST_API_SERVICE_TICKET_CREATED
>>> APPLICATION: CAS
>>> WHEN: Mon Jan 28 14:34:39 CET 2019
>>> CLIENT IP ADDRESS: 127.0.0.1
>>> SERVER IP ADDRESS: 127.0.0.1
>>> =
>>>
>>>
>>> Debugging the following class i can see a nicely populated 
>>> ResponseEntity :
>>>
>>> [image: Screenshot from 2019-01-28 14-41-40.png]
>>>
>>>
>>>
>>> org.apereo.cas.support.rest.resources.ServiceTicketResource.createServiceTicket
>>>
>>> return this.serviceTicketResourceEntityResponseFactory.build(tgtId, 
>>> service, authenticationResult);
>>>
>>> but no body is returned.
>>>
>>>
>>> any help is welcome
>>> thanks in advance
>>> Michele
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2e774cc6-7cab-454a-9f13-850654bed7d7%40apereo.org
>>>  
>>> 
>>> .
>>>
>>>
-- 






 

*Inmar Confidentiality 
Note*:  This e-mail and any attachments are confidential and intended to be 
viewed and used solely by the intended recipient.  If you are not the 
intended recipient, be aware that any disclosure, dissemination, 
distribution, copying or use of this e-mail or any attachment is 
prohibited.  If you received this e-mail in error, please notify us 
immediately by returning it to the sender and delete this

Re: [cas-user] Externalizing custom messages

2020-01-30 Thread Dustin J Luck 
Thanks, Ray. That did the trick. The dot in the file name was a typo; my 
custom_messages file was named properly. I just needed to fix the value for 
file.



On Wednesday, January 29, 2020 at 4:10:56 PM UTC-8, rbon wrote:
>
> Dustin,
>
> Should your file be custom_messages.properties (note '_')?
>
> Then maybe cas.messageBundle.baseNames = 
> file:/etc/cas/messages/custom_messages,classpath...
>
> You could also put your custom file in src/main/resources/ and it will end 
> up in the classpath (would this negate setting 
> cas.messageBundle.baseNames?).
>
> Ray
>
> On Wed, 2020-01-29 at 12:33 -0800, Dustin J Luck wrote:
>
> I am trying to externalize as many of the customizations to CAS as 
> possible. I have figured out how to do so for UI templates 
>  
> using the cas.view.templatePrefixes[0] property, but am having trouble 
> figuring out a similar technique for custom_messages.properties. I tried 
> using the cas.messageBundle.baseNames property as described in this thread 
> ,
>  
> but couldn't get that to work. Am I missing something or is there another 
> method I should try? 
>
> *Actual property value set*
>
>
> cas.messageBundle.baseNames = 
> file:/etc/cas/messages,classpath:custom_messages,classpath:messages
>
>
> *File location on server:*
>
> c:\etc\cas\messages\custom.messages.properties
>
>
>
> If it isn't possible to externalize custom messages, what are the 
> downsides to including my customized text as literals in the UI templates 
> rather than bringing them in as custom messages?
>
>
> Thanks
>
>
> *My environment:*
>
>- Standalone CAS 6.0.5 build
>- Windows Server 2012 R2
>- Tomcat 9 running as a service
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca 
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2a368e76-573d-4b8e-8817-93e89914de21%40apereo.org.

[cas-user] CAS 5.3 Support for external hazelcast.xml config

2020-01-30 Thread Juan Quintanilla 
Hi,

We are using CAS 5.3 and wanted to make use of the hazelcast management center, 
on 5.1. we did this by specifying an external hazelcast.xml config file with 
the property value cas.ticket.registry.hazelcast.configLocation.

Was this taken out in CAS 5.3, we get an error when we try to use that field? 
Is there a work around to be able to tell CAS to use a different config.

Thanks!

___
Juan Quintanilla
jquin...@fiu.edu

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN6PR05MB310747C0FCA40A6117419C8D86040%40BN6PR05MB3107.namprd05.prod.outlook.com.

Re: [cas-user] CAS, Chrome 80 and SameSite cookies policy

2020-01-30 Thread Richard Frovarp 
>From what I gather, it's mostly an SP issue. The SSO part might be an issue 
>with the IdP, and the fix for it might kill some versions of Safari. It's best 
>to test with Firefox as it doesn't have a two minute grace period. This is 
>what I've gleaned from the Shibboleth list. Their documentation is here:

https://wiki.shibboleth.net/confluence/display/IDP30/SameSite
https://wiki.shibboleth.net/confluence/display/SP3/SameSite

On 1/30/20 4:58 AM, Tobias Johansson wrote:
Hi!

I'm wondering what impact the new same site cookie policy in Chrome 80, to be 
released soon, will have?
I get warnings in the chrome console regarding CAS cookies without SameSite 
attribute. But I'm having trouble finding any information regarding this.
Should I be worried and how can I solve this? Any help would be greatly 
appreciated!

Thanks!
/Tobias
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/221198ba-1cb6-42e8-ae57-8193c32176f5%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9d60d946-7398-099e-d87a-ec1ff9c0d208%40ndsu.edu.

Re: [cas-user] Service Registry - Store in MySQL database

2020-01-30 Thread Ray Bon 
Bob,

You can see what SQL is being created, 
https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties-Common.html#hibernate--jdbc.
 Also turn up logging, maybe for org.springframework.orm.jpa, or add an entry 
for hibernate.

Ray

On Thu, 2020-01-30 at 04:00 -0800, Bob wrote:
Thanks Misagh and Ray,

I cloned the cas-overlay-template in a new location and used the settings 
Misagh suggested but I still have the same problem that my casdb still has an 
empty regex_registered_service table.
Here's what I'm using:

Here's what I'm using:

CAS Version: 6.1.0
CAS Branch: 6.1.x
CAS Commit Id: c92590730249df0cf26fd1b4bebd8aea8447b256
CAS Build Date/Time: 2019-10-28T02:43:18Z
Spring Boot Version: 2.2.0.RELEASE
Spring Version: 5.2.0.RELEASE
Java Home: C:\Programs\Java\amazon-corretto\jdk11.0.3_7
Java Vendor: Amazon.com Inc.
Java Version: 11.0.3

My dependencies in build.gradle:

dependencies {
// Other CAS dependencies/modules may be listed here...
compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
compile 
"org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
compile 
"org.apereo.cas:cas-server-support-jpa-service-registry:${project.'cas.version'}"
}

My minimum cas.propertie (I omitted the LDAP part since that's working fine):

cas.server.name: https://localhost:8443
cas.server.prefix: ${cas.server.name}/cas

logging.config: file:/etc/cas/config/log4j2.xml

server.ssl.key-store=file:/etc/cas/keystore.jks
server.ssl.key-store-password=
server.ssl.key-password=xxx

cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/etc/cas/config/services

cas.serviceRegistry.jpa.user=xx
cas.serviceRegistry.jpa.password=xxx
cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver
cas.serviceRegistry.jpa.url=jdbc:mysql://localhost:3306/casdb?allowPublicKeyRetrieval=true=UTF-8=FALSE
cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL57InnoDBDialect
cas.serviceRegistry.jpa.ddlAuto=update

When I run CAS 6.1.0 I see:

[org.apereo.cas.services.AbstractServicesManager] - 

I can then use CAS to login to my application, but it does not insert any 
Service Registry into the MySQL casdb.
Do you see anything wrong in my setup?
Thanks,

Bob

On Wednesday, January 29, 2020 at 11:21:24 AM UTC+1, Misagh Moayyed wrote:

Something along the following lines should work:

cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/etc/cas/config/services

- Then, make sure your JSON files are in the above noted directory.
- Then, make sure your overlay contains a reference to the JPA service registry

(You do not need to include the JSON service registry, IIRC, in the overlay)

Then, on startup, CAS will import your JSON files from that directory over to 
the real (JPA) service registry.

YMMV.


On Wednesday, January 29, 2020 at 12:56:11 AM UTC+4, rbon wrote:
Bob,

We are using the 5.1.5 version of cas management. You only need to upgrade it 
if you want newer features, etc.
I also have grumblings about the 6.x version. I put off upgrading cas 
management until it settles.

Ray

On Tue, 2020-01-28 at 12:34 -0800, Bob wrote:
Hi Ray,

No, I'm currently just using the cas overlay (6.1.x).
I did try to get cas management working but had some issue with a pre-defined 
service registry in some kind of git repo.
Whenever I tried to enter a service via cas management, there was no option to 
save it to my database. All it ever did was show this 1 entry from a git repo.
SInce I did get it working (reading my json file and store it in MySQL 
database) without cas management for version 5.3.9, I assumed it would work for 
version 6 as well.
Do you think cas management is the only way to get it stored in the database? I 
might have another look at it then.
Thanks,

Bob


On Tuesday, January 28, 2020 at 8:31:44 PM UTC+1, rbon wrote:
Bob,

Are you using the cas management server, 
https://github.com/apereo/cas-management-overlay?
If you are, what do the logs say when you try to save?

Ray

On Tue, 2020-01-28 at 03:50 -0800, Bob wrote:
Hello,

We are upgrading to CAS 6.1.x.
Most things seem to work fine (LDAP and reading Service Registry from json 
file) but we cannot get it to save the Service Registry in a MySQL casdb.
Is there a way to manually enter a Service Registry into a MySQL database?

Running CAS has created 3 tables in our MySQL database:

regex_registered_service
regex_registered_service_regex_registered_service_property
regex_registered_service_registered_service_impl_contact

Table regex_registered_service has the following columns:

+--+
| COLUMN_NAME  |
+--+
| access_strategy  |
| attribute_release|
| description  |
| environments |
| evaluation_order |
|

Re: [cas-user] Re: Ask for authenticating at every login

2020-01-30 Thread Ray Bon 
Alex,

I have not used the interrupt system. I have modified the webflow to do some 
post authentication processing.

If a user is being asked for credentials a second time, it means that the 
service is configured to not participate in SSO or that the TGC (CAS session) 
has expired or that the service is asking to force authentication.
When your user logs out of the application, does the application send the 
logout to CAS? This will end the CAS session.

Speaking from the perspective of a user; why would a user, who clicked on an 
application's login button, want to be asked if they want to log in? This 
disrupts the point of single sign on.

Ray

On Wed, 2020-01-29 at 23:29 -0800, Alex T wrote:
Ray,

I try to use interrupts, with json configuration. Interrupt occurs, but at 
second login user must reenter credentials. I try to change some parameters in 
json, but not succesfully. And another problem in json configuration is that it 
configured for specific user only. It documented for testing/demo/develop only.

Is there examples how to use Regex interrupt configuration? I not understand 
what I need to write in attribute name and value expressions.

On Wednesday, January 29, 2020 at 9:01:37 PM UTC+3, rbon wrote:
Alex,

There is this capability to manipulate the log in flow, 
https://apereo.github.io/cas/6.1.x/webflow/Webflow-Customization-Interrupt.html.

You can also modify the web flow, 
https://apereo.github.io/cas/6.1.x/webflow/Webflow-Customization.html

Ray

On Wed, 2020-01-29 at 06:17 -0800, Alex T wrote:
PS. If user already authenticated in CAS, I dont want to force reentering 
password. I want ask user does he want to log in in app. If yes, user 
redirected to app with token, then he became authenticated.

On Wednesday, January 29, 2020 at 5:03:22 PM UTC+3, Alex T wrote:
I create app, that use Apereo CAS server. And it works :)

But I want to do some changes. If I authenticated successfully in my app via 
CAS, than I log out in my app. Than I try to login via cas again, redirect 
occurs to cas, and redirect back with ticket, and seems that I loged in again 
without any question from sso.

I want to change CAS default behavior to ask if I want to login before redirect 
back to app. And show some information, like you logged in as , this 
 want to authenticate and so on.

Which simplest way to do it?

It is possible to do with some configuration (settings or gradle)? Or I need 
develop custom overlay for it?

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0217a2b66c178f6170b542c418306e390fce58db.camel%40uvic.ca.

Re: [cas-user] Re: CAS 5.2.6 + Delegated Authentication + SAML + Azure AD =>

2020-01-30 Thread Michael Dumdei 
I know this is an old thread, but we are trying to do the same thing. I 
would like to see a sanitized version of your configs for a starting point 
if you don't mind sharing.

On Thursday, December 20, 2018 at 8:32:58 PM UTC-6, Raghavan TV wrote:
>
> Hi Jason 
>
> We configured the CAS server as SP with used Azure AD SAML endpoint as 
> the Idp. There was issues in the latest 5.2.6 and I remember falling 
> back to 5.2.3 (will cross check) 
> Let me know if you still facing issues and I shall share our configuration 
>
> Thanks 
> -Raghav 
>
> On Tue, Dec 4, 2018 at 2:57 AM Jason Brooks  > wrote: 
> > 
> > We're looking at integrating CAS with Azure AD for authentication. How 
> did you get CAS linked up with Azure AD? We've not been able to find any 
> docs to help on this. 
> > 
> > Thanks, 
> > J 
> > 
> > 
> > 
> > On Wednesday, September 19, 2018 at 3:34:41 PM UTC-4, Raghavan TV wrote: 
> >> 
> >> Hi All 
> >> 
> >> Am testing CAS 5.2.6 to work on a delegated authentication mode against 
> Azure AD 
> >> 
> >> When we get a SAML response back from the Idp, am getting redirect to 
> CAS > UnAuthorized Access page 
> >> 
> >> The logs indicate the following errors 
> >> 
> >> 2018-09-19 19:28:09,358 ERROR 
> [org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator] -  assertion validation failed, continue with the next one> 
> >> org.pac4j.saml.exceptions.SAMLException: Signature is not trusted 
> >> at 
> org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSignature(SAML2DefaultResponseValidator.java:704)
>  
> ~[pac4j-saml-2.3.1.jar:?] 
> >> ... 
> >> ... 
> >> 2018-09-19 19:28:09,363 DEBUG 
> [org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction] 
> -  
> >> org.pac4j.saml.exceptions.SAMLException: No valid subject assertion 
> found in response 
> >> ... 
> >> ... 
> >> 
> >> Any pointers on which cert should be imported into the keystore ? 
> >> 
> >> 
> >> Thanks 
> >> Raghavan 
> >> 
> >> 
> >> 
> > -- 
> > - Website: https://apereo.github.io/cas 
> > - Gitter Chatroom: https://gitter.im/apereo/cas 
> > - List Guidelines: https://goo.gl/1VRrw7 
> > - Contributions: https://goo.gl/mh7qDG 
> > --- 
> > You received this message because you are subscribed to a topic in the 
> Google Groups "CAS Community" group. 
> > To unsubscribe from this topic, visit 
> https://groups.google.com/a/apereo.org/d/topic/cas-user/hTqhOVubd88/unsubscribe.
>  
>
> > To unsubscribe from this group and all its topics, send an email to 
> cas-...@apereo.org . 
> > To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/acedfef4-3f18-41d8-923b-f7b94feec03c%40apereo.org.
>  
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/94543874-9df9-4473-9663-4be14edf7c6b%40apereo.org.

[cas-user] CAS 5.3.14 java.util.Collections$UnmodifiableList.get(Collections.java:1311)

2020-01-30 Thread Brian T. Huntley 
Hello - 

We're running CAS 5.3.14 with the self-executing cas.war on CentOS7 and 
OpenJDK 1.8.0-232-b09  The war file was built with the maven overlay.

This environment has has little change since November, but just in the last 
few weeks, we have started to see more and more errors like this that 
causes CAS to become non-functional and return 500 errors to clients:

cas.war: 2020-01-30 08:19:20,909 ERROR [org.apache.catalina.core.
ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - 
cas.war: java.lang.StackOverflowError: null
cas.war: at java.util.Collections$UnmodifiableList.get(Collections.java:1311
) ~[?:1.8.0_232]
cas.war: at java.util.Collections$UnmodifiableList.get(Collections.java:1311
) ~[?:1.8.0_232]
cas.war: at java.util.Collections$UnmodifiableList.get(Collections.java:1311
) ~[?:1.8.0_232]
cas.war: at java.util.Collections$UnmodifiableList.get(Collections.java:1311
) ~[?:1.8.0_232]
cas.war: at java.util.Collections$UnmodifiableList.get(Collections.java:1311
) ~[?:1.8.0_232]
cas.war: at java.util.Collections$UnmodifiableList.get(Collections.java:1311
) ~[?:1.8.0_232]
cas.war: at java.util.Collections$UnmodifiableList.get(Collections.java:1311
) ~[?:1.8.0_232]



All Google has been able to tell me is a memory issue, but the CAS 
dashboard indicates I have between 1-2GB of Java heap available.

A restart of CAS resolves the issue for a few days.

Anyone else ever run into this?

Thank you!
Brian

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c5ec6130-4cad-4a94-9e73-3cbdba70292f%40apereo.org.

[cas-user] cas.authn.pm.reset.expirationMinutes=60 but expires in 5 minutes

2020-01-30 Thread Jack Bakker 
In v6.1.1, I have in cas.properties cas.authn.pm.reset.expirationMinutes=60 
but the TST* ticket expires in 5 minutes.
Logs in DEBUG level does show "Link is only active for the next [60] 
minute(s)" on generating the password reset URL.
Is there another relevant config setting I should become aware of ?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/52fc5ebb-6e6b-40ce-ac7d-cda309e416bd%40apereo.org.

[cas-user] CAS 6.X jwt issue with base64 encoded

2020-01-30 Thread Raheem Shaik 
Hi,

I am trying to upgrading from 5.2.x t0 6.x version for my testing but 
getting but getting issue with  base64 encode which is not working 
properly, When i try to decode the jwt token it is not able to get the 
payload data. But in earlier version 5.2.x i did not have any issues 

can somebody help me on this.

build.gardle dependencies

 compile 
"org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
 compile "org.apereo.cas:cas-server-support-rest:${project.'cas.version'}"
 compile 
"org.apereo.cas:cas-server-support-rest-tokens:${project.'cas.version'}"
 compile 
"org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
 compile 
"org.apereo.cas:cas-server-support-token-tickets:${project.'cas.version'}"
 compile 
"org.apereo.cas:cas-server-support-rest-authentication:${project.'cas.version'}"

cas.authn.token.crypto.enabled=false
cas.authn.token.crypto.encryptionEnabled=false
cas.authn.token.crypto.signing.key=
cas.authn.token.crypto.signing.keySize=512
cas.authn.token.crypto.encryption.key=
cas.authn.token.crypto.encryption.keySize=256

and 

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : https://.*.example.com;,
  "name" : "myApplication",
  "id" : 1001,
  "description" : "This service definition authorized all application urls 
that support HTTPS protocol.",
  "evaluationOrder": 2
  "proxyPolicy" : {
"@class" : "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
  },
  "usernameAttributeProvider" : {
"@class" : 
"org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
  },

  "attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
  "principalAttributesRepository" : {
  "@class" : 
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
"logoutType" : "BACK_CHANNEL",
"accessStrategy" : {
"@class" : 
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
},  
  "properties" : {
"@class" : "java.util.HashMap",
"jwtSigningSecret" : {
  "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
  "values" : [ "java.util.HashSet", [ "9qzDlSwNx" ] ]
},
"jwtAsResponse" : {
  "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
  "values" : [ "java.util.HashSet", [ "true" ] ]
}
}

Regards,
Raheem 


-- 






 

*Inmar Confidentiality 
Note*:  This e-mail and any attachments are confidential and intended to be 
viewed and used solely by the intended recipient.  If you are not the 
intended recipient, be aware that any disclosure, dissemination, 
distribution, copying or use of this e-mail or any attachment is 
prohibited.  If you received this e-mail in error, please notify us 
immediately by returning it to the sender and delete this copy and all 
attachments from your system and destroy any printed copies.  Thank you for 
your cooperation.



 

*Notice of Protected Rights*:  The removal of any 
copyright, trademark, or proprietary legend contained in this e-mail or any 
attachment is prohibited without the express, written permission of Inmar, 
Inc.  Furthermore, the intended recipient must maintain all copyright 
notices, trademarks, and proprietary legends within this e-mail and any 
attachments in their original form and location if the e-mail or any 
attachments are reproduced, printed or distributed.

 




-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/94f4ceb2-9146-4ef8-a9f9-501f38e2b7dc%40apereo.org.

Re: [cas-user] Service Registry - Store in MySQL database

2020-01-30 Thread Bob 
Thanks Misagh and Ray,

I cloned the cas-overlay-template in a new location and used the settings 
Misagh suggested but I still have the same problem that my casdb still has 
an empty regex_registered_service table.
Here's what I'm using:

Here's what I'm using:

CAS Version: 6.1.0
CAS Branch: 6.1.x
CAS Commit Id: c92590730249df0cf26fd1b4bebd8aea8447b256
CAS Build Date/Time: 2019-10-28T02:43:18Z
Spring Boot Version: 2.2.0.RELEASE
Spring Version: 5.2.0.RELEASE
Java Home: C:\Programs\Java\amazon-corretto\jdk11.0.3_7
Java Vendor: Amazon.com Inc.
Java Version: 11.0.3


My dependencies in build.gradle:

dependencies {
// Other CAS dependencies/modules may be listed here...
compile 
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
compile 
"org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
compile 
"org.apereo.cas:cas-server-support-jpa-service-registry:${project.'cas.version'}"
}


My minimum cas.propertie (I omitted the LDAP part since that's working 
fine):

cas.server.name: https://localhost:8443
cas.server.prefix: ${cas.server.name}/cas

logging.config: file:/etc/cas/config/log4j2.xml

server.ssl.key-store=file:/etc/cas/keystore.jks
server.ssl.key-store-password=
server.ssl.key-password=xxx

cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/etc/cas/config/services

cas.serviceRegistry.jpa.user=xx
cas.serviceRegistry.jpa.password=xxx
cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver
cas.serviceRegistry.jpa.url=jdbc:mysql://localhost:3306/casdb?allowPublicKeyRetrieval=true=UTF-8=FALSE
cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL57InnoDBDialect
cas.serviceRegistry.jpa.ddlAuto=update


When I run CAS 6.1.0 I see: 

[org.apereo.cas.services.AbstractServicesManager] - 


I can then use CAS to login to my application, but it does not insert any 
Service Registry into the MySQL casdb.
Do you see anything wrong in my setup?
Thanks,

Bob

On Wednesday, January 29, 2020 at 11:21:24 AM UTC+1, Misagh Moayyed wrote:
>
>
> Something along the following lines should work:
>
> cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.json.location=file:/etc/cas/config/services
>
> - Then, make sure your JSON files are in the above noted directory.
> - Then, make sure your overlay contains a reference to the JPA service 
> registry
>
> (You do not need to include the JSON service registry, IIRC, in the 
> overlay)
>
> Then, on startup, CAS will import your JSON files from that directory over 
> to the real (JPA) service registry.
>
> YMMV.
>
>
> On Wednesday, January 29, 2020 at 12:56:11 AM UTC+4, rbon wrote:
>>
>> Bob,
>>
>> We are using the 5.1.5 version of cas management. You only need to 
>> upgrade it if you want newer features, etc.
>> I also have grumblings about the 6.x version. I put off upgrading cas 
>> management until it settles. 
>>
>> Ray
>>
>> On Tue, 2020-01-28 at 12:34 -0800, Bob wrote:
>>
>> Hi Ray,
>>
>> No, I'm currently just using the cas overlay (6.1.x).
>> I did try to get cas management working but had some issue with a 
>> pre-defined service registry in some kind of git repo.
>> Whenever I tried to enter a service via cas management, there was no 
>> option to save it to my database. All it ever did was show this 1 entry 
>> from a git repo.
>> SInce I did get it working (reading my json file and store it in MySQL 
>> database) without cas management for version 5.3.9, I assumed it would work 
>> for version 6 as well.
>> Do you think cas management is the only way to get it stored in the 
>> database? I might have another look at it then.
>> Thanks,
>>
>> Bob
>>
>>
>> On Tuesday, January 28, 2020 at 8:31:44 PM UTC+1, rbon wrote: 
>>
>> Bob,
>>
>> Are you using the cas management server, 
>> https://github.com/apereo/cas-management-overlay?
>> If you are, what do the logs say when you try to save?
>>
>> Ray
>>
>> On Tue, 2020-01-28 at 03:50 -0800, Bob wrote:
>>
>> Hello,
>>
>> We are upgrading to CAS 6.1.x.
>> Most things seem to work fine (LDAP and reading Service Registry from 
>> json file) but we cannot get it to save the Service Registry in a MySQL 
>> casdb.
>> Is there a way to manually enter a Service Registry into a MySQL database?
>>
>> Running CAS has created 3 tables in our MySQL database:
>>
>> regex_registered_service
>> regex_registered_service_regex_registered_service_property
>> regex_registered_service_registered_service_impl_contact
>>
>>
>> Table regex_registered_service has the following columns:
>>
>> +--+
>> | COLUMN_NAME  |
>> +--+
>> | access_strategy  |
>> | attribute_release|
>> | description  |
>> | environments |
>> | evaluation_order |
>> | expiration_policy|
>> | expression_type  |
>> | id   |
>> |

[cas-user] CAS, Chrome 80 and SameSite cookies policy

2020-01-30 Thread Tobias Johansson 
Hi!

I'm wondering what impact the new same site cookie policy in Chrome 80, to 
be released soon, will have? 
I get warnings in the chrome console regarding CAS cookies without SameSite 
attribute. But I'm having trouble finding any information regarding this.
Should I be worried and how can I solve this? Any help would be greatly 
appreciated!

Thanks!
/Tobias

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/221198ba-1cb6-42e8-ae57-8193c32176f5%40apereo.org.