Re: [cas-user] HTTPSandIMAPS-10000001.json keeps coming back

[Luís Costa]

Hello,

 

Despite this issue being old, I leave here my 2023 experience with CAS 
server 667 and CAS management 662.

 

I was having the same problem described here, every time I started CAS 
management 662, the two following services apeared, even after I previously 
and successfully deleted them on CAS management web app:

 

(1) Apereo

Service Name: Apereo

Service URL: ^https://www.apereo.org

Description: Apereo foundation sample service

 

(2) HTTPS and IMAPS

Service Name: HTTPS and IMAPS

Service URL: ^(https|imaps)://.*

Description: This service definition authorized all application urls that 
support HTTPS and IMAPS protocols.

 

The solution for me was simply place the following config

 

*cas.service-registry.core.init-from-json=false*

 

on my* “/etc/cas/config/management.properties”* CAS management 
configuration file.

 

Best regards to all
A sexta-feira, 28 de setembro de 2018 à(s) 08:33:55 UTC+1, Ganesh Prasad 
escreveu:

> I used the same solution, and it works for me :-).
>
> It's probably worth clarifying for the benefit of other folks (who may 
> think like me) that "empty file" doesn't mean a completely empty file (zero 
> bytes) but a file containing just an open curly brace and a close curly 
> brace. The former causes CAS to fail on startup.
>
> As an aside, CAS should operate in locked-down mode by default. We 
> shouldn't have to do extra things to secure it.
>
> Regards,
> Ganesh
>
>
> On Wednesday, 24 May 2017 18:17:42 UTC+10, Ben Howell-Thomas wrote:
>
>> Don't know if it's the best solution but we've created blank (ie empty 
>> file) versions of those files in our project so the originals get 
>> overridden.
>>
> On 24 May 2017 at 07:14, Petr Gašparík - AMI Praha a.s.  
>> wrote:
>>
> That's exactly my question, that is not covered by docs, AFAIK.
>>>
>>> Misagh or Dima, please, let us know how to turn off creation of these 
>>> files.
>>>
>>> So far we use this workaround: on overlay, create empty files in this 
>>> location:
>>> src\main\resources\services\HTTPSandIMAPS-1001.json
>>> src\main\resources\services\Apereo-1002.json
>>>
>>>
>>> --
>>>
>>> s pozdravem
>>>
>>> Petr Gašparík
>>> solution architect
>>>
>>> gsm: [+420] 603 523 860
>>> e-mail: petr.g...@ami.cz
>>> 
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel.: [+420] 274 783 239
>>> web: www.ami.cz
>>> 
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> [image: AMI Praha a.s.] 
>>> 
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
>>> výhradně písemnou formu.
>>>
>>>
>>> 2017-05-24 0:45 GMT+02:00 RJ :
>>>
 Guys,

 In the latest version 5.0.5 or 5.1.0-RC4, the default 
 service,HTTPSandIMAPS-1001.json, gets auto created during the startup. 
 We kept deleting it but it comes back. It wasn't the case in the past. How 
 to turn the auto creation off ?

 HTTPSandIMAPS-1001.json
 Apereo-1002.json

 Thanks

 -- 
 - CAS gitter chatroom: https://gitter.im/apereo/cas
 - CAS mailing list guidelines: 
 https://apereo.github.io/cas/Mailing-Lists.html
 - CAS documentation website: https://apereo.github.io/cas
 - CAS project website: https://github.com/apereo/cas
 --- 
 You received this message because you are subscribed to the Google 
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to cas-user+u...@apereo.org.
 To view this discussion on the web visit 
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiM%2BaigyqPB30YPwM6OaYtw9jdr4UX9%2BFgFatThyRx4E%2BmQ%40mail.gmail.com
  
 
 .

>>>
>>> -- 
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines: 
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>>
>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABAspd1cmC6VAjsnfZ%3DcrfAS6cKrHO_Ujb8fyFjUyKpP2W7nJw%40mail.gmail.com
>>>  
>>> 
>>> .
>>>
>>
>> This email is sent on behalf of Northgate Public Services (UK) Limited 
>> and its 

Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

[Ray Bon]

Niral,

TGT is for life of cas login session, not application session. I am not sure if 
cas can send logouts to services when TGT expires - that would create strange 
issues in the client applications.

These settings will allow cas session length to increase beyond 30m only if 
user logs in to other services or visits cas to refresh a service, etc. (The 
values are in seconds. I seem to recall that the minimum value is 2m.)

cas.ticket.tgt.primary.max-time-to-live-in-seconds=some-value-greater-than-1800
cas.ticket.tgt.primary.time-to-kill-in-seconds=1800

For viewing the reports, some additional info can be found, 
https://apereo.github.io/cas/6.5.x/monitoring/Monitoring-Statistics.html

Ray

On Tue, 2023-05-30 at 08:30 -0700, 'Niral Kunadia' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hello,

I would like to set, if server is idle/no activity for 30 mins, users should 
automatically logoutand session should expire.

If there is activity user stay login without logout.

I tried to set these two properties in .properties file but it still logout 
user even if there is activity.

management.endpoint.ticketExpirationPolicies.enabled=true
management.endpoints.web.exposure.include=ticketExpirationPolicies
cas.ticket.tgt.primary.max-time-to-live-in-seconds=120
cas.ticket.tgt.primary.time-to-kill-in-seconds=30

I also added decency - 
implementation"org.apereo.cas:cas-server-support-reports:${project.'cas.version'}"
 from CAS - Configuring Ticket Expiration Policy Components 
(apereo.github.io)

Please any advice.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca.

[cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5

['Niral Kunadia' via CAS Community]

Hello,

I would like to set, if server is idle/no activity for 30 mins, users 
should automatically logoutand session should expire.

If there is activity user stay login without logout.

I tried to set these two properties in .properties file but it still logout 
user even if there is activity.

management.endpoint.ticketExpirationPolicies.enabled=true
management.endpoints.web.exposure.include=ticketExpirationPolicies
cas.ticket.tgt.primary.max-time-to-live-in-seconds=120
cas.ticket.tgt.primary.time-to-kill-in-seconds=30

I also added decency - implementation
"org.apereo.cas:cas-server-support-reports:${project.'cas.version'}" from CAS 
- Configuring Ticket Expiration Policy Components (apereo.github.io) 


Please any advice.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/55ef22ca-449a-44ce-847e-4db5df974c19n%40apereo.org.

Re: [cas-user] Potential new features

[Ray Bon]

Jérôme,

We have not needed these features. But, they do seem useful.

Ray

On Tue, 2023-05-30 at 08:26 +0200, Jérôme LELEU wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi,

Thanks for the feedback. Let me clarify though.

I did these two customisations for one of my customers and we talked with 
Misagh about the relevancy of integrating them in the Open Source project.

So the question is: have you ever needed one of these two features?

Thanks.
Best regards,
Jérôme


Le sam. 27 mai 2023 à 00:50, Ray Bon mailto:r...@uvic.ca>> a 
écrit :
Feature 1: The second login should alert (or at least be configurable) the user 
that the first login will be terminated and should trigger the SLO process. The 
lost first TGT also happens with the DUO oauth2 process (not with the iframe 
implementation), thus orphaning the ST records created before DUO second factor 
and preventing those services from taking part in SLO (we added some behaviour 
to the login flow to transfer the pre DUO services to the post DUO TGT).

Feature 2: The log in page could be displayed with a password field and an 
uneditable username field filled with the current user's login id and a link 
saying 'switch user' or 'if this is not you ...'. If the the user wants to 
change the login id, then a warning is displayed saying that SLO will be 
performed.

Ray

On Thu, 2023-05-25 at 11:08 +0200, Jérôme LELEU wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi,

I'd like to make some kind of poll to know if some people might be interested 
by the two following new features:

Feature 1: I open the login page in two tabs of my browser and log in in the 
first tab and then in the second tab: the second authentication currently just 
erases the first one. Should we have better behavior? Like displaying a warning 
to indicate that we keep the existing authentication or replace it by a new one?

Feature 2: I call the login page with the renew parameter. If the new logged 
user is different from the old one, should I perform a SLO?

Feedback will be welcome.

Thanks.
Best regards,
Jérôme



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
tocas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fdbc5e6f00342eb38f4a6f663f910c1988d4504.camel%40uvic.ca.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7bd46d5c90d270105158606291975393a50e2fa2.camel%40uvic.ca.

Re: [cas-user] Potential new features

[Jérôme LELEU]

Hi,

Thanks for the feedback. Let me clarify though.

I did these two customisations for one of my customers and we talked with
Misagh about the relevancy of integrating them in the Open Source project.

So the question is: have you ever needed one of these two features?

Thanks.
Best regards,
Jérôme


Le sam. 27 mai 2023 à 00:50, Ray Bon  a écrit :

> Feature 1: The second login should alert (or at least be configurable) the
> user that the first login will be terminated and should trigger the SLO
> process. The lost first TGT also happens with the DUO oauth2 process (not
> with the iframe implementation), thus orphaning the ST records created
> before DUO second factor and preventing those services from taking part in
> SLO (we added some behaviour to the login flow to transfer the pre DUO
> services to the post DUO TGT).
>
> Feature 2: The log in page could be displayed with a password field and an
> uneditable username field filled with the current user's login id and a
> link saying 'switch user' or 'if this is not you ...'. If the the user
> wants to change the login id, then a warning is displayed saying that SLO
> will be performed.
>
> Ray
>
> On Thu, 2023-05-25 at 11:08 +0200, Jérôme LELEU wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi,
>
> I'd like to make some kind of poll to know if some people might be
> interested by the two following new features:
>
> Feature 1: I open the login page in two tabs of my browser and log in in
> the first tab and then in the second tab: the second authentication
> currently just erases the first one. Should we have better behavior? Like
> displaying a warning to indicate that we keep the existing authentication
> or replace it by a new one?
>
> Feature 2: I call the login page with the renew parameter. If the new
> logged user is different from the old one, should I perform a SLO?
>
> Feedback will be welcome.
>
> Thanks.
> Best regards,
> Jérôme
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fdbc5e6f00342eb38f4a6f663f910c1988d4504.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyWW7D6k1xJEUGv%2Bhd0w58fAQUK%2B66YStdcyGLnK2wrCQ%40mail.gmail.com.