Re: [cas-user] CAS Protocol Question

On Mon, 11 Jan 2016, David Abney wrote: I am fairly new to CAS and had some questions about the CAS protocol. We are currently using CAS version 4.0.7 and looking at using CAS for SSO with WorldShare Management Services (WMS). WMS says that they support CAS2, but other versions may not be

Re: [cas-user] Login with both uid, and email etc

On Sat, 16 Jan 2016, YunQiang Su wrote: Hi, http://www.udel.edu/it/help/CAS/usernames.html says that they can login with both email and uid etc to login. I am wonder how to archive this? I cannot find any documents about this. We do something similar here. Our CAS server authenticates

RE: [cas-user] Cas Login using UPN or SamAccountName

, but nothing comes through. would you be willing to share your deployerconfigcontext.xml section with me? From: Andrew Morgan [mor...@orst.edu] Sent: Tuesday, February 02, 2016 9:41 AM To: Stephen Meier Cc: cas-user@apereo.org Subject: Re: [cas-user] Cas Login

Re: [cas-user] Cas Login using UPN or SamAccountName

On Tue, 2 Feb 2016, Stephen Meier wrote: Good Morning all, Does anyone use both or either the UPN or the SamaccountName for their users to login? Sure. We do something similar against our LDAP service. Search against both attributes, like this: in your case: Always make sure

Re: [cas-user] Why the need for service ticket in CAS?

Another important point - often the CAS server and the CAS client application have different DNS domains. Cookies cannot be shared between domains. Andy On Fri, 11 Mar 2016, Fredrik Jönsson wrote: I did not design the protocol, but to my understanding, the protocol is designed to

Re: [cas-user] Migrating CAS clients to shib idp v3 cas service

On Wed, 2 Mar 2016, Marvin Addison wrote: On Wed, Mar 2, 2016 at 9:43 AM Pierce, Eric wrote: From what I understand of the CAS support in IdPv3, it only supports the published standard for CAS v2, correct? It supports the attribute release "extension" supported by many

Re: [cas-user] CAS for Jira 7

, Andy On Fri, 29 Jul 2016, Andrew Morgan wrote: I'm trying to configure Jira v7.1.6 to use CAS. I followed the docs at: https://github.com/apereo/java-cas-client#atlassian-integration and I used the Jira44CasAuthenticator as documented on the old jasig wiki page. However, Jira doesn't seem

Re: [cas-user] Demo CAS server giving error

On Tue, 8 Nov 2016, Harish Reddy wrote: Even though the demo app has a SSL certificate.CAS app still displays this error

Re: [cas-user] Re: Cas client fails to communicate in TLS mode

Java 7 supports TLS v1.0, v1.1, and v1.2. See: https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https What did you change on the CAS Server (Tomcat) to disable other versions of TLS? Thanks, Andy On Sun, 23 Oct 2016, Guru Prashanth Thanakodi wrote: Hi

Re: [cas-user] Re: Cas client fails to communicate in TLS mode

On Tue, 25 Oct 2016, Guru Prashanth Thanakodi wrote: I am using CAS 3.4.11. I faced issues with 1.8 JRE. Aspectj version had issues with 1.8 JRE. Now we don't have support to get the latest minor version of 1.7. So I am stuck as of now. Thanks Andy for your help... I'm not sure if you're

Re: [cas-user] Re: Cas client fails to communicate in TLS mode

, Andrew Morgan <mor...@orst.edu> wrote: Java 7 supports TLS v1.0, v1.1, and v1.2. See: https://blogs.oracle.com/java-platform-group/entry/diagnosin g_tls_ssl_and_https What did you change on the CAS Server (Tomcat) to disable other versions of TLS? Thanks, Andy On Sun, 23 Oct 2016

Re: [cas-user] where is CAS TGC cookie stored in brower?

On Fri, 21 Oct 2016, Yan Zhou wrote: OK, thx for explanation. I cannot see any TGC cookie in my browser. Why is that? If it is not there, how does Browser send to CAS server? You could try running something like Firefox's Live HTTP Headers add-on to view the headers sent and received when

Re: [cas-user] where is CAS TGC cookie stored in brower?

On Fri, 21 Oct 2016, Yan Zhou wrote: Hello, It was said that the TGT cookie (TGC) is hidden, so that we won't see it. I am curious how browser can send such hidden cookie to CAS, when user goes to apps? If browser can see it, there should be a way for us to see it. The reason I am asking is

Re: [cas-user] CAS for Jira 7

could provide more information about our configuration attempt if it would help. Thanks, Andy On Fri, 29 Jul 2016, Andrew Morgan wrote: I'm trying to configure Jira v7.1.6 to use CAS. I followed the docs at: https://github.com/apereo/java-cas-client#atlassian-integration and I used

Re: [cas-user] Service Ticket Validation

That is a useful setting during testing or debugging, but it should not be changed on your production CAS server. Andy On Mon, 9 Jan 2017, Gokhan Mansuroglu wrote: Hi Morgan, Setting *cas.ticket.st.numberOfUses* property a value bigger than 1 makes it possible to reuse the service

Re: [cas-user] Service Ticket Validation

On Wed, 11 Jan 2017, Gokhan Mansuroglu wrote: Thank you very much for your explanation. But this time I need to ask another question related to the protocol. Let's say I have two applications A and B. First I logon to A and get a TGT and ST. And let"s say there are links on A that opens B in a

Re: [cas-user] Shib v3, CAS protocol v2

On Tue, 21 Mar 2017, Linda Toth wrote: Is anyone using the CAS version native to Shib v3 for Ellucian Banner products? It is based on CAS apereo CAS protocol v2. I am assuming, perhaps incorrectly, that CAS protocol v2 was active until CAS v 4.2.x based on the Apereo documentation. We are

Re: [cas-user] How to setup cas.authn.samlIdp.entityId in cluster environment

On Sun, 9 Apr 2017, Robert Ohajda wrote: Hello, I am trying to prepare cluster setup for CAS with 2 instances running on following machines cas1.parket.sk and cas2.parket.sk. From documentation it is not clear to me if I can give *cas.authn.samlIdp.entityId = https://cas.parket.sk/cas/idp*

Re: [cas-user] Another MFA question

On Thu, 6 Apr 2017, inatec...@gmail.com wrote: Maybe I wrote it in the wrong way. I will give an example: you are using LDAP+GAUTH MFA. The you log in using CAS you will get first form where you need to supply your LDAP credentials. On the next page CAS will ask you for your GAUTH number... By

Re: [cas-user] CAS drops named anchors

Fragments (named anchors) are not sent to the server. Search your web server access logs - you won't see a "#" in them. :) You can read a bit about it here: http://codetunnel.io/how-to-persist-url-hash-fragments-across-a-login-redirect/ Andy On Mon, 21 Aug 2017, Dusty Edenfield

Re: [cas-user] How to achieve Single Sign On for my scenario?

On Tue, 9 May 2017, praba wrote: I have three web applications which are App1, App2 and App3 developed in SpringMVC and Apache Shiro framework. - App1: App1 has own users and roles - App2: App2 has own users and roles App1 and App2 has different users and roles. - App3: App3 doesn’t

Re: [cas-user] CAS Authentication using multiple Ldap Servers

On Mon, 15 May 2017, 'rheman puewe' via CAS Community wrote: Hello everyone. I using cas 4.1.x and I want to know ho to setup CAS Authentication using multiple Ldap Servers. Multiple LDAP servers can be specified in the ldap.url setting by separating them with spaces. For example:

Re: [cas-user] How to disable certificate check or trust a self-signed certificate?

On Tue, 30 May 2017, Emilian Mitocariu wrote: I have this message in my logs "Resource https://192.168.0.122/index.php/apps/user_saml/saml/metadata does not exist or is unreadable", and i think this problem may come from the fact that i use a self-signed certificate on the server that CAS is