Re: [cas-user] Re: CAS Client help
APIs are handled differently from SPAs. You probably need to look at the CAS REST protocol? https://apereo.github.io/cas/6.6.x/protocol/REST-Protocol.html I would put APIs behind an API gateway. Conceptually they are the same thing as CAS + AD, but specifically designed for API calls, especially from background processes. On Fri, 2023-03-24 at 16:13 -0700, Pablo Vidaurri wrote: So how did you handle this. I too have API's behind CAS ... which is causing problems of its own. On Tuesday, November 22, 2022 at 10:56:47 PM UTC-6 Michael Remijan wrote: Hello user community, I am looking for some information on a CAS client and I haven’t been able to find it anywhere online. All CAS Client references I’ve find have been for configuring a Web App so that user login integrates with CAS for authentication. Unfortunately, this is not what I need. I have an REST API endpoint I need to integrate with in a headless/background process kind of way. Basic data integration stuff…periodically call the API throughout the day, get the data, process data. So I need an example of this kind of integration…having a background process pass the CAS authentication server what it needs to authenticate the request in a non-interactive, headless manner so my process can integrate with a REST API. Any examples like this exist? Any help would be appreciated. Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6bcdae894552b9763e2f1cbd1f0375f01abf5d4b.camel%40ndsu.edu.
[cas-user] CAS 6.6.3 - LDAPS
Hello all, I've got CAS working fine with LDAP and now I'm trying to push hard to get it to work with LDAPS. I've got a JKS store, /etc/cas/keys/store which is a JKS file, containing two keys: PDC-CA.FQDN public certificate VDC.FQDN public certificate issued from PDC-CA In my cas.properties I have... cas.authn.ldap[0].keystore=file:/etc/cas/keys/store cas.authn.ldap[0].keystorePassword=thecorrectpassword cas.authn.ldap[0].keystoreType=JKS cas.authn.ldap[0].ldapUrl=ldaps://VDC.FQDN:636 #cas.authn.ldap[0].startTLS=true Every time I run CAS, I get: 2023-03-28 11:18:15,325 ERROR [org.ldaptive.transport.netty.NettyConnection] - and an error: org.ldaptive.ConnectException: javax.net.ssl.SSLException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Do I need to add the PDC-CA certificate elsewhere? I'm kind of stumped. Thanks! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e4f7108c-88b6-470a-ac98-ac98dde6b103n%40apereo.org.
[cas-user] CAS with Duo - TLS Deprecation
Duo will end support for TLS1.0 and 1.1 after June 30th, 2023. Once Duo ends support they say that connection requests using TLS1.0 or 1.1 will not receive a response, resulting in blocked authentication. Here is a Duo article with some info: https://help.duo.com/s/article/7546?language=en_US Does anyone know if the CAS Duo module is affected by this? I'm using CAS 6.6.3. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0019a224-a887-4738-b8ae-8f67a763b479n%40apereo.org.
[cas-user] Using pkce authorization code with CAS version 6.1.7.2
Hi, I am new to using CAS. I want to implement a public client with the authorization code pkce flow so that the client does not have to use the client secret. I have read in the documentation of my version that CAS accepts the authorization code pkce flow in /oidc/authorize in the same way as it does with the authorization code flow. So I have removed the client secret from the client JSON so that I don't have to use it for the flow. My problem is that when I make requests with the Postman, it allows me to use both the authorization code pkce and the authorization code flow for that client without client secret. How can I make it so that it only supports the authorization code pkce flow and that if it does not receive a code_challenge from the client the call to /oidc/authorize fails? In other words, make the code_challenge as a mandatory parameter for this application when using the /oidc/authroize endpoint. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e60f41-66ab-4d57-9bae-876fabe36226n%40apereo.org.