If it fits your use case it's perfect.
In our case we want Spnego for all internal accesses so CAS needs to
stop and does not offer login/password if Spnego fails.
Regards.
Le 14/02/2017 à 15:22, Felix Schumacher a écrit :
> Am 13.02.2017 18:45, schrieb 'Philippe MARASSE' via CAS Commun
Hello,
We have the same problem here, which version of CAS do you use ?
Regards.
Le 13/02/2017 à 16:13, Felix Schumacher a écrit :
> Hi all,
>
> I have configured a simple webapp overlay with ldap and spnego enabled.
>
> When I try to login with a SPNEGO enabled browser (that has no valid
>
:
- casSpnegoNegotiateView.html (first 401 view)
- casSpnegoAuthenticationFailureView.html (auth failure view)
- casSpnegoErrorView.html (all other errors view)
Regards.
Le 13/02/2017 à 18:07, Felix Schumacher a écrit :
>
> Am 13. Februar 2017 17:28:44 MEZ schrieb 'Philippe MARASSE' via CAS Community
>
Hello,
After disabling spnego, I wanted to test MFA yubikey with CAS
5.1.0-SNAP, unfortunately I get authenticated without MFA :
2016-11-17 11:51:36,559 DEBUG
[org.apereo.cas.web.flow.resolver.impl.RegisteredServiceAuthenticationPolicyProviderResolver]
-
2016-11-17 11:51:36,569 DEBUG
Hello,
Thanks implementing MFA bypass in CAS 5.1.0, I'm moving on to test it on
our actual test case : SPNEGO or Login/Password + yubikey.
If I'm not mistaken, after reviewed up to date documentation, I've added
a line in my cas.properties :
or SWF).
>
> --Misagh
>
> -Original Message-
> From: 'Philippe MARASSE' via CAS Community [mailto:cas-user@apereo.org]
> Sent: Wednesday, November 16, 2016 3:20 AM
> To: CAS Community <cas-user@apereo.org>
> Subject: [cas-user] CAS 5.1.0-SNAPSHOT - SPNEGO broken ?
&g
--Misagh
>
>
> -Original Message-
> From: 'Philippe MARASSE' via CAS Community [mailto:cas-user@apereo.org]
> Sent: Thursday, November 17, 2016 4:37 AM
> To: CAS Community <cas-user@apereo.org>
> Subject: [cas-user] CAS 5.1.0-SNAPSHOT no more mfa-yubikey ??
>
> H
Hello,
Fortunately, I've found that this property :
spring.cloud.config.server.native.searchLocations=file:/etc/cas5/config
placed in bootstrap.properties file do the job.
on Mac, once JDK (dmg file from Oracle) and Tomcat (from tar.gz) are
installed, catalina.sh script should work. Don't
Hello,
As issues #2126 & #2127 are solved, this morning, another issue arises :
Yubikey MFA is bypassed when I use LdapAuthenticationHandler (via login
form), but not when I use Spnego ?? relevant cas.properties line is :
t; MFA based on the Ldap handler, that pretty much confirms my theory.
>
>
>
> File an issue either way please. (And since you’re on SNAPSHOT, let’s
> move this to dev)
>
>
>
> --Misagh
>
>
>
> *From:*'Philippe MARASSE' via CAS Community [mailto:cas-user@aper
Hello,
I don't think it make a lot of differences, as dkopylenko said.
But have you overloaded application.properties ? your log shows
AcceptUsersAuthenticationHandler which is not related to LDAP but is
related to default distribution of CAS which works out of the box with
casuser/mellon user.
Hello,
The reference documentation is
https://apereo.github.io/cas/development/installation/Configuration-Properties.html#ldap
cas.authn.ldap[0].ldapUrl=ldap://ldap1.mydomain.com
ldap://ldap2.mydomain.com
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
Hello,
How does look like step 2 dialog box ? I suspect it could be NTLM dialog
box shown by the browser. Have you disabled NTLM ?
If you need login/passwd fallback, enable MixedMode Authentication.
Regards.
Le 06/04/2017 à 10:46, Petr Gašparík - AMI Praha a.s. a écrit :
> Hi,
> we integrated
You should set packetSize at the same value on application server and in
your web server (we use 16384 in our organization for years).
Regards;
Le 30/09/2019 à 11:40, Fabrice Bacchella a écrit :
> I'm getting the following error on CAS 5.3 with AJP:
>
> 2019-09-30 11:19:19,411 ERROR
Hi,
Is it possible to :
- fetch an attribute from LDAP, ciphered with a symmetric key, then
decipher to get it in clear text
- release an attribute (not the username, nor the password) to a
service, ciphered with service's public key ?
Use case : deliver user-dependent credentials to apache
Hello,
this u2f-jpa hack solved an issue I've encoutered with CAS v6.1.5 (also
with 6.1.6-SNAP) + U2F (with JSON backend for testing). The raised
exception was different :
2020-04-09 17:39:49,592 DEBUG
[org.apereo.cas.web.FlowExecutionExceptionResolver] -
2020-04-09 17:39:49,595 DEBUG
to do yet.
Philippe.
Le 16/04/2020 à 17:52, Ray Bon a écrit :
> Philippe,
>
> I do not know the exact answer. But check how clear pass works. It
> encrypts the password with the service's public key.
>
> Ray
>
> On Thu, 2020-04-16 at 16:49 +0200, 'Philippe MARASSE' via CAS
error of requiring the Incommon
> Federation certificate as a requirement to start.
>
>
>
> If you search the for incommon.pem over the last few weeks discussion
> you’ll find several answers to this problem.
>
>
>
>
>
>
>
> *From:*'Philippe MARASSE' via CAS
ava:48)
at java.util.Optional.map(Optional.java:265) ~[?:?]
Regards.
Le 06/10/2020 à 17:51, 'Philippe MARASSE' via CAS Community a écrit :
> Folks,
>
> I'm testing the possibility to let the user choose MFA token to use, in
> fact between u2f and google authenticator.
>
> I h
Folks,
I'm upgrading my management webapp from 6.1.0-RC4 to 6.2.2, but
unfortunately, webapp does not start anymore, raising an exception :
06-Oct-2020 14:45:32.552 GRAVE [Catalina-utility-2]
org.apache.catalina.startup.HostConfig.deployWAR Erreur lors du
déploiement de l'archive
Folks,
I'm testing the possibility to let the user choose MFA token to use, in
fact between u2f and google authenticator.
I have a PHP test page used tho retrieve and show me some attributes. At
the time I use cas.authn.mfa.provider-selection-enabled=true, I cannot
get validated by CAS :
Hi,
Here we use 2FA, either U2F or TOTP/Gauth, to grant access to a specific
service. The 2FA is mandatory but the method is given by a LDAP attribute.
What is your use case ? 2FA for all services triggered by a LDAP
attribute (I believe it's possible in service configuration) ?
Regards.
Le
In service definition, something like this exists :
multifactorPolicy:
{
@class:
org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
multifactorAuthenticationProviders:
[
java.util.HashSet
[
mfa-gauth
]
]
failureMode: UNDEFINED
https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f>).
>
> Pavlos
>
> On Tue, Mar 9, 2021 at 10:19 PM 'Philippe MARASSE' via CAS Community
> mailto:cas-user@apereo.org>> wrote:
>
> Folks,
>
> Since we've installed our new cas
Folks,
Since we've installed our new cas v6.3.0 with MFA (gauth or u2f), we've
ran into a strange issue :
- TOTP registering works fine, first check of TOTP code is verified ok
(a bad code is rejected, as expected)
- TOTP input before accessing a service is asked, but whatever
numerical input
whoops :-), just forgotten some other modifications, here's the whole
diff file :
https://dpaste.com/GWJ5L7F59
Regards.
Le 13/04/2021 à 16:04, Bartosz Nitkiewicz a écrit :
> I have cloned CAS sources and
> copy
>
Hello,
It has been fixed there
https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f
Verify that you version of CAS is newer than that commit, it should be fine.
Regards
Le 13/04/2021 à 13:04, Bartosz Nitkiewicz a écrit :
> Hi,
> The setup looks like this:
>
> CAS +
A good question indeed :-)
I've took a look over my overlay, it seem that I only overloaded the
flawed class from the commit :
cas-overlay/src/main/java/org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidator.java
CAS 6.3.2 is older than the patch I think.
So :
-
28 matches
Mail list logo