[cas-user] Question: what is the maven dependency difference from [CAS 5.2.0-RC3] to [RC2 or below]?

Hi all, Today when I try upgrading from CAS 5.2.0-RC2 to RC3, I was faced with lots of symbols not found error in my custom Java code during the compilation stage. So I go ahead and download a fresh CAS War Maven Overlay 5.2.x (branch) to test out the problem.

[cas-user] Re: Secure endpoints with LDAP - getting "You are not authorized to be authorized" error

I can't help to solve your problem, but I can help you reduce your scope. In the case of normal login. If you want to trigger the service defined, you need to do this: https:// cas.developer.local/cas/

[cas-user] Re: Migrating CAS 4.x to 5.1 - Problem with jdbc attribute mapping

Hi Sebastian, >From dev of CAS, here's is an tutorial on how to set up jdbc in CAS 5.1.x: https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/ Just for more reference, here is my settings: cas.authn.jdbc.query[0].sql=SELECT * FROM test_users WHERE uid=?

[cas-user] Re: Rejecting based on attributes

Hi Marcus, If you are using 5.0.x or later , there should be a requiredAttributes field mentioned in the doc "https://apereo.github.io/cas/5.1.x/installation/Configuring-Service-Access-Strategy.html;. You will need to group all your users that need the restriction to the same service, then do

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

Would like to report that this problem is indeed fixed in RC3, thanks a lot! -Andy On Wednesday, 30 August 2017 10:41:24 UTC+8, Andy Ng wrote: > > Instead of only change the properties from 5.2.0-RC2 to > 5.2.0-RC3-SNAPSHOT, do I still need to do anything? I ask this becasue in >

[cas-user] Re: CAS 5.1.x Custom template. Anyone get this working?

To my recall, there has been a lot of theme related posts in this group. I also tried to make theme works on my project when I work on 5.1.x, which lead to failed. However, when I updated my project to 5.2.0-RC3, I actually make theme works, and here how the folder and file in my project is

[cas-user] CAS 5.2.0-RC3 saml 2.0 response KeyInfo how to configure

Hi all, Version: CAS 5.2.0-RC3 Scope: SAML 2.0 Problem: I am connecting my SAML 2.0 sp using CAS 5.2.0-RC1 without problem, but when I

[cas-user] Re: CAS 5.2.0-RC3 saml 2.0 response KeyInfo how to configure

l I want to export. -Andy On Tuesday, 19 September 2017 17:52:21 UTC+8, Andy Ng wrote: > > Hi all, > > Version: CAS 5.2.0-R

[cas-user] Re: Service registry initialisation using JSON files. Help needed

Hi Didier, Seems like your service registry config location is invalid. In my application.properties I always uses file:/ instead of file:// and it works. Maybe you can tries *cas.serviceRegistry.config.location=file:/etc/cas/json* if not ok, you can also try

[cas-user] Re: Oauth profile response structure

Looking at the source code, it seems like the default behavior is to put attributes on the attributes parameters, and can't change by settings for now *OAuth20UserProfileControllerController.java* (line:158 ) protected Map writeOutProfileResponse(final AccessToken

[cas-user] Re: Migrating CAS 4.x to 5.1 - Problem with jdbc attribute mapping

gt; Got it to work with a little trying. > > First I got confused because the field and attributes names in this > tutorial are the same... > Lack of documentation on cas attributes... > > > Sebastian > > Am Freitag, 15. September 2017 10:50:19 UTC+2 schrieb Andy Ng: >

[cas-user] Re: CAS drops named anchors

I am not using the name anchor in my use case, but after some testing: I think that saving the named anchor is not a feature that is implemented for all login methods for CAS. For example, in my website: normal login (username & password) will preserve the name anchor (I have checked that both

[cas-user] SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

Hi all, here's my problem: _ Background: Version: CAS 5.2.0-RC2 Topic: SAML 2.0 Problem: When I tried to upgrade from CAS 5.2.0-RC1 to CAS 5.2.0-RC2 (CAS 5.2.0-RC1 works completely fine). I have some error with

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

n my maven and I don't want to & I don't have time to fix them now. For now I will revert back to RC1, as that version have all the essential feature for my project. Thanks again! Andy On Monday, 28 August 2017 18:16:45 UTC+8, Andy Ng wrote: > > Hi al

[cas-user] Re: CAS 5.1.0 with SAML delegation - Help!

Although I don't have an answer to your problem and I can't really help you most likely, I still want to suggest you try implementing something to see if it works or not. In CAS 5.2.0-RC1 or above, there is a feature called "Attribute Repository Merging"

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

ame issue is there, you > will likely need to wait another 3-4 weeks until RC4 and beyond. > > On Tuesday, August 29, 2017 at 6:11:50 AM UTC+4:30, Andy Ng wrote: >> >> Thanks for the reply, Misagh! >> >> Since the release of RC3 is coming, I think I will wait till then and

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

isplay/MAVEN/MojoFailureException --- On Tuesday, 29 August 2017 21:52:55 UTC+8, Andy Ng wrote: > > Oh yeah, you are right, I will diagnose it tmr once I am back at my > office, Thanks! > > On Tuesday, 29 August 2017 19:29:14 UTC+8, Misagh Moayyed wrote: >> >> I'd say it's in your be

[cas-user] Re: Disable status/monitoring endpoints

You can enable/disable or set sensitivity on different endpoint based on these below: https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#cas-endpoints https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#spring-boot-endpoints I think by

[cas-user] Re: Global post authentication processing

For orgin, if you don't mind to use 5.2.0-RCx: *Pac4j:* you can see this (https://apereo.github.io/cas/development/installation/Configuration-Properties.html#facebook) You can see that there is a field called [clientName], which actually will let you define the name of your pac4j providers. But

[cas-user] Re: Global post authentication processing

owever, I probably cannot use the RC > version (policy reasons). Is there any workaround around this? > > On Tuesday, October 10, 2017 at 3:40:05 AM UTC+2, Andy Ng wrote: >> >> For orgin, if you don't mind to use 5.2.0-RCx: >> *Pac4j:* >> you can see this ( >> https

[cas-user] Re: Cas 5.1 How to get client's service url.

I also don't know a way to retrive the hostname. However I would like to know what is your use case for the hostname If, for example, you have 3 hosts that need 3 different customized authentication 1) https://i-only-use-saml.example.com 2) https://i-only-use-oauth.example.com 3)

[cas-user] Re: Cas 5.1 How to get client's service url.

In that case, I would suggest using a custom template. And make all the username, password parameters to be hidden. Or maybe create a loading ... so user know they are being redirected. Here are how to set up custom template:

[cas-user] Re: Cas 5.1 How to get client's service url.

URL Hope this helps you! -Andy On Monday, 27 November 2017 06:50:25 UTC+8, Andy Ng wrote: > > In that case, I would suggest using a custom template. And make all the > username, password parameters to be hidden. Or maybe create a > loading > ... so user know they are being redi

[cas-user] Re: CAS 5.1.x Custom template. Anyone get this working?

I have tested Cas 5.2-RCX to be working. Seems like CAS 5.1.x also works. In any case, you can check it yourself. And you don't need to edit all the files, only the necessary one, and let the default handle other files. -- - Website: https://apereo.github.io/cas - Gitter Chatroom:

[cas-user] Re: SSO problems with CAS 5.1.3

Did you configure your properties file to the correct port? You can do so with making a file application.properties in src/main/resources And add these things here: https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#cas-server On Wednesday, 1 November 2017 15:17:27

Re: [cas-user] Clustering nodes between two server have high traffic CAS 5.2.0-RC4

UTC+8, rbon wrote: > > Andy, > > Have you configured a caching mechanism for the logs? > Do you have your application servers (tomcat) clustered? > CAS 5.x has good session management and does not need to be on a clustered > environment. > > Ray > > On Thu, 2017-12

[cas-user] Clustering nodes between two server have high traffic CAS 5.2.0-RC4

Hi all, *Background:* Today I have deployed our CAS 5 server (5.2.0-RC4) to production, to replace the existing CAS 4, we are using a load balancer with 2 clustering node by Hazelcast. *Problem:* there is a problem of increasing network traffic (a near straight slope) since the next morning

[cas-user] Re: Cas 5.1.6 to 5.20 JSON Service Theme Parameter Not Working as Expected

I also encounter this problem, working on CAS 5.2.0-RC4 and not worked on CAS 5.2.0, I think the problem lies in this file here: https://github.com/apereo/cas/blob/master/support/cas-server-support-themes/src/main/java/org/apereo/cas/services/web/RegisteredServiceThemeResolver.java On line

[cas-user] Re: CAS with REST API

Pretty sure what you want is this:https://apereo.github.io/cas/5.2.x/protocol/REST-Protocol.html As for safety, since this REST implementation is included as an official features, the safety risk shouldn't be that high, your mileage may vary. Moreover, you can always check the source code

[cas-user] Re: How to specify landing page (url) in json file for a service when accessStrategy requiredAttributes results in "Service Access Denied"

Well... If this is a necessary feature and you still haven't come up with a solution, here an idea that might helps you. (I think unauthorizedRedirectUrl is for other use case, hence not working, as you have tested) Any time user have this error "Service access denied due to missing

[cas-user] Re: CAS not redirecting to service after successful authentication.

Hi Neha, Would like to know in which documentation do you know about the parameter TARGET in "https://idiv-dev1:8443/cas/login?TARGET= *http%3a%2f%2flocalhost%3a60397%2f*", I didn't see this parameter in the official documentation. Maybe it is something related to ASP.NET? Anyway, the usual

Re: [cas-user] [SSO] Is it possible to make a service completely separated from other SSO services without require login every time (i.e. renew=true)

Great, I will try to do it -Andy On Friday, 27 April 2018 16:49:25 UTC+8, Misagh Moayyed wrote: > > > > Thank you for your suggestion, I will do some research on "SSO > Participation". I am Ok with doing a more customization configuration. If I > come up with something workable I will post it

Re: [cas-user] Deployment Question from the Excellent Docs at: 'dacurry-tns.github.io'

up from > '/etc/cas/config' --- relative to the cas-overlay) > > When cas.war is expanded in tomcat: '/opt/tomcat/webapps/cas' -- the > configuration files are in '/opt/tomcat/webapps/cas/etc/config'. > > Did I understand above correctly? > > > On Friday, May 11, 2018 at 6:

Re: [cas-user] Deployment Question from the Excellent Docs at: 'dacurry-tns.github.io'

Hi Jann, build.sh is what you are looking for, as documented in the overlay github https://github.com/apereo/cas-overlay-template (which I think is where you get the command from anyway). I am also deploying using WAR in Tomcat for my setup. And based on my experience, WAR to Tomcat using

[cas-user] Re: Size of maven cas-overlay-template

Hi Sam, Since the default CAS 5 server already included so many components, the large size is to be expected I think, and I also tried but failed to find any way to shrink down the size of CAS 5. However, my previous blockage is actually *I hit tomcat default max-file-size*, and actually I

Re: [cas-user] Re: CAS redirecting to multiple apps not working

erver.port=8443 > > #server.ssl.key-store=file:/etc/cas/thekeystore > > server.ssl.key-store=file:/private/etc/cas/thekeystore > > server.ssl.key-store-password=changeit > > server.ssl.key-password=changeit > > Best Regards > Érico > > > > > 2018-05-23

Re: [cas-user] CAS Login Page Cutomization

Still waiting for glorious day that this page: https://dacurry-tns.github.io/deploying-apereo-cas/ui_overview.html to come to live :) - Andy On Wednesday, 23 May 2018 20:01:29 UTC+8, David Curry wrote: > > These two threads are somewhat helpful: > > >

[cas-user] Re: CAS redirecting to multiple apps not working

Hi Érico, Likely your colleague have done some customization on CAS. Default CAS only have a username, password and some other things, and login success won't immediately have redirection links so, I think a little bit more information will be needed, in order to start solving your problem: -

Re: [cas-user] CAS Login Page Cutomization

hould have a lists of names to recognize > those that have been very supportive of the CAS community. > > On Wednesday, May 23, 2018 at 7:20:21 AM UTC-7, Andy Ng wrote: >> >> Still waiting for glorious day that this page: >> https://dacurry-tns.github.io/deploying-ap

Re: [cas-user] New Error -- I broke it LOL

Hi Jen, One more thing to note, next time you might want to double check your debug log before posting. I saw that you deliberately cross out "ldaps://xxx.campus.bridgew.edu:636", so I think you recognized that uri to be confidential. But I can clearly see the actual ldap server in your debug

[cas-user] Re: CAS 5 Gradle Overlay - Custom Theme

dded the JS folder and uncommented that line and tried again and > it gave the same error. > > Do I need to enable any extra dependency or change in the configuration to > have it activated? > > Best Regards, > Mohannad > > On Monday, May 28, 2018 at 10:49:

[cas-user] Re: CAS 5 Gradle Overlay - Custom Theme

/css/admin.css > cas.javascript.file=/themes/hbmsu/js/cas.js > > > Simply i copied all CSS and JS files from the default theme to change them > later. > > Best Regards, > Mohannad > > On Sunday, May 27, 2018 at 6:53:18 PM UTC+4, Andy Ng wrote: >> >> Hi

[cas-user] CAS 5 Gradle Overlay - Custom Theme

Hi Mohannad, I think the problem might be some of your files / folder is put on the wrong directory. See if you can write out how your files layouts, that might be helpful to solving your problem. Meanwhile, you can also check out some theme customization discussion post, to see if it is

Re: [cas-user] [SSO] Is it possible to make a service completely separated from other SSO services without require login every time (i.e. renew=true)

dont have a record, then challenge, ... or not". > > --Misagh > > ------ > > > >> On Wed, 2018-04-25 at 02:20 -0700, Andy Ng wrote: >> >> Hi all, >> >> So I have done some research on this group and still doesn't find other >>

[cas-user] Re: JSON registered services infos not appearing in the login page!!

Are you directly accessing your site like this: https://www.example.com/cas Instead of giving it a service param https://www.example.com/cas?service=https://www.yourpage.com If you want your website "https://www.example.com/cas; to have your logo, and not giving a service paramter you might

[cas-user] Re: User-Interface-Customization

Hi, When I need to read stuff from properties file, I use this: https://stackoverflow.com/questions/21726119/how-to-access-system-properties-in-thymeleaf-template ${@environment.getProperty('myPropertyName')} I use it something like this: See if that fit your needs? - Andy On Tuesday, 6

Re: [cas-user] Custom Authentication

Good to hear that you make it working! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS

[cas-user] Re: Question: what is the maven dependency difference from [CAS 5.2.0-RC3] to [RC2 or below]?

: > > I have the same problem. Have you solve the problem yet? > > Andy Ng於 2017年9月15日星期五 UTC+8上午11時58分04秒寫道： >> >> Hi all, >> >> Today when I try upgrading from CAS 5.2.0-RC2 to RC3, I was faced with >> lots of symbols not found error in my custom

Re: [cas-user] Custom login theme and templates for cas 5.2.2

Hi Matt, About "building your own login screen", and making it "the default in CAS", I think a better approach will be to use "*theme" *as specified here: https://apereo.github.io/cas/5.2.x/installation/User-Interface-Customization-Themes.html This might help you about the theme edit:

[cas-user] Re: jsp views instead of thymeleaf

Hi psv, I also used to have a bunch of jsp file inside my CAS and needs to update it to thymeleaf. Unfortunately, my final solution is to just go along with thymeleaf, since CAS 5 pretty much already switch over their own view file all from .jsp to .html (thymeleaf) Even if I manage to sneak

[cas-user] Re: CAS 5.x - regular expressions

Hi Jeff, Would like to know what exactly you want to catch using regex for the two links? (Maybe give some example?) The first link you provided, when translate to regex only matches something like these: https://my.service.edu, http://my.service.edu///

[cas-user] Re: SessionMonitor: WARN

Hi Jeff, I just searched the above keyword "is above threshold " in the CAS 5.2.x source code, and found that the parameter that control this is: # cas.monitor.tgt.warn.threshold=10 FYI:

[cas-user] Re: Execute Javascript when the login is successful

e I put what you mention to me? > > El jueves, 9 de agosto de 2018, 23:06:18 (UTC-3), Andy Ng escribió: >> >> Hi Fernando, >> >> I previously also tried to execute some JavaScript after user login >> successful and before redirected back to service, and I succe

Re: [cas-user] What's the stable CAS 5.x GA version?

Hi Rao, I would check this for the latest 5.3.x version: (https://github.com/apereo/cas/milestones?state=closed) Which is 5.3.2. As for whether 5.3.x is a stable version, well imo it is stable, but if you are scared than you can opt for 5.2.x, it's up to you. Cheers! - Andy On Thursday,

Re: [cas-user] CAS 5.2.3- Enable CAS SAML IDP

Hi Rao, *For the SAML question,* David already answer it, *"**cas-server-support-saml-idp**"* is the right one. Some more info: Other than David's guide, you can also see the dependency documented in CAS official documentation

[cas-user] Re: Execute Javascript when the login is successful

Hi Fernando, I previously also tried to execute some JavaScript after user login successful and before redirected back to service, and I successfully created an example. However, I didn't need to know whether it is Facebook, Google, or Email, unlike your requirement. I just need to execute

[cas-user] Re: CAS 5.3.2 Service registry with mongo db.

Hi Viveknand, Last time then I experienmenting with MongoDB as service registrry, I need to: - change all the *@ to _*, - also *id* need to be *_id*. - And all the number becomes NumberLong() Something like this should work (tested on 5.3.x):

[cas-user] Re: [Cas 5.1.8] Unable to connect to Database for authentication.

Hi Pandu, I have also encounter a similar problem before (mine is with another database driver), and I find out that I need to include your database driver into your pom, which is also likely to be your problem. You can try the following: - find the driver by seaching "oracle.jdbc.Oracle

[cas-user] Re: [Cas 5.1.8] Unable to connect to Database for authentication.

Hi Pandu, The requirement of "Custom Password Encoder with MD5,SHA-256 based on the third party application" doesn't seems to be available out of the box yet in latest CAS version, [as seem here:

[cas-user] Re: OAuth cannot validate service ticket?

Hi Baron, Maybe some more debug logs will helps with debugging this issue? */cas/oauth2.0/callbackAuthorize* is an intermediate URL, usually no need to know about it. So that why the doc didn't specified it. Maybe you can try upgrading it to CAS 5.3 and see if the problem still exists. CAS

Re: [cas-user] Re: OAuth cannot validate service ticket?

Hi Baron, > ... shared session mechanism ... I agree with Travis, without shared session some function (e.g. OAuth, pac4j...) of CAS might not work properly. To verified that shared session might or might not be a problem, *try minimize your cluster to only a single node*, if that worked, then

[cas-user] Re: AUP and X509 authentication

Hi Curtis, I didn't use either AUP or X509 as my authentication webflow myself, so I won't comment on whether or not either of the authentication have bugs or not. However, it seems like you might have set the *CAS* *authentication policy* to *Any* (See

[cas-user] Re: AUP and X509 authentication

Hi Curtis, Please disregard my answer, I was thinking AUP is an authentication method and it is not, ops. Maybe other can help instead. - Andy On Friday, 31 August 2018 14:58:20 UTC+8, Andy Ng wrote: > > Hi Curtis, > > I didn't use either AUP or X509 as my authentication webflow

[cas-user] Re: CAS 5.2.0 and OAuth

The WARN message that you get is about "*ServiceThemeResolver*", doesn't means your service is not loaded, just your *theme *not loaded (i.e. you look is not loaded). The OAuth in general should be working in 5.2.0, since I am also using OAuth on 5.2.x. As to how to fix this, 5.3.x will fix

[cas-user] [SSO] Is it possible to make a service completely separated from other SSO services without require login every time (i.e. renew=true)

Hi all, So I have done some research on this group and still doesn't find other with my use case, so I am asking for your help. Assume we have services A, B, C and D: B, C, D are normal SSO services, each one of them authenticate success, all BCD will login success. As for A, I want that

[cas-user] Re: SSO + Local Authentication

Hello :) If your app you mean a web application, then I might able to help you. (Even if you are implementing with Android / iSO app, this might also help you) A few months back, my colleague want to understand how to check if CAS is login success without actually showing the login page to

[cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

Hi all, I am using CAS 5.2.x, and using OAuth for one service provider. The provider now would like to have a custom theme. I thought I can just do this: { "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService", "clientId": "OAuthApp", "clientSecret": "xx",

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

ervice, that is non oauth > > El miércoles, 28 de febrero de 2018, Andy Ng <lon...@gmail.com > > escribió: > >> Hi all, >> >> I am using CAS 5.2.x, and using OAuth for one service provider. The >> provider now would like to have a custom theme. >>

Re: [cas-user] [SSO] Is it possible to make a service completely separated from other SSO services without require login every time (i.e. renew=true)

t; > Ray > > On Wed, 2018-04-25 at 02:20 -0700, Andy Ng wrote: > > Hi all, > > So I have done some research on this group and still doesn't find other > with my use case, so I am asking for your help. > > Assume we have services A, B, C and D: > > B, C, D are

[cas-user] Re: param.service in templates changes between versions

Hi Ian, I don't have an answer for your question, but since nobody is commenting so I thought I will give it a try :) CAS 5.3 is using *Thymeleaf *instead of jsp in CAS 4.x, so you need some changes before making the jsp works again... If I am not misunderstanded, *param.service* in jsp

[cas-user] Re: CAS 5.3, where is LOGGER defined with @Slf4j?

Hi Yan, To make @Slf4j works, see "https://apereo.github.io/cas/developer/Build-Process-5X.html#plugins; the *Lombok plugin *is what you want to look at. Alternatively, going back in time to *CAS 5.2.x* and you will see how LOGGER is originally implemented. Your cited class

Re: [cas-user] Deploying Apereo CAS document updated (finally)!

Nice work David! Definitely worth the wait :) - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google

[cas-user] Re: CAS 5.2.3 - Memcache monotiring

`/status/health` is the recommended endpoint to retrive health check on 5.3.x . (https://apereo.github.io/cas/5.3.x/installation/Monitoring-Statistics.html) However, if `/status/health` does not exists on 5.2.x, then your `/status` endpoint will do the monitoring job just fine for 5.2.x

[cas-user] Re: Test cas with testshib but redirect to cas.exemple.org:8443

Hi Roger, I faced that problem before, when I found the issue, I figured out that CAS SAML (also for OAuth and more) relies on redirecting back to itself, and it did so by checking the "cas.server.prefix" and "cas.server.name" config. So if you haven't set those 2, CAS will be redirected to

[cas-user] Re: Which dependencies can I remove if I am not using embedded Tomcat?

Hi Ganesh, CAS war file will run fine by just the default cas overlay pom.xml (https://github.com/apereo/cas-overlay-template/blob/5.3/pom.xml) So what to keep really depends on what you need to add beyond the barebone CAS configuration. I think for all of the one starting with "cas-server",

Re: [cas-user] Re: Which dependencies can I remove if I am not using embedded Tomcat?

Hi Ganesh, I forget to clarify, our CAS server is also using Tomcat war deployment (CAS 5.x, been running for at least 5 months now), and I don't have the following in my pom.xml - tomcat-embed-core - tomcat-embed-el - tomcat-catalina - jstl So I think it is safe to assume those

[cas-user] [CAS SAML] Does CAS support "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameIDFormat?

Hi all, *Server Info:* CAS 5.2.x *Background:* Recently our CAS is going to join up with an identity federation as an SAML idp, and I am in charge of *checking the compliance* in order for us to join. Most of the items can be check off quickly and I understand the requirements, however I

[cas-user] Re: [CAS SAML] Does CAS support "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameIDFormat?

Some update, I have look into some other organizations SAML2 metadata (which is also registered to the Identity Federation we want to join), and basically nobody brother adding the "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" entry despite the requirement. So in this case, I would

[cas-user] Re: Limit set of users allowed to login via Facebook / CAS 5.3.5

Hi Martin, I have asked this before, see here: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/SXHIyRWqsT0 We have implemented that into our CAS code, however it is very customized to our specific application, so unfortunately I cannot shared my current setup in detail with you.

[cas-user] Re: CAS 5.3.5 - Custom resources are not being applied at runtime

Hi Nick, For the part about JSON, did you tried cas.serviceRegistry.initFromJson=true? Also, do you want your service bundled inside src/main/resources/services? If so you need this: cas.serviceRegistry.json.location=classpath:/services The behavior shown in the part about casLoginView is

Re: [cas-user] Re: CAS 5.3.5 - Custom resources are not being applied at runtime

Awesome! Glad it helps -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community"

[cas-user] Re: evaluationOrder bug?

Hi Baron, Looking at the source code, you can see that *evaluationOrder *is only an integer https://github.com/apereo/cas/blob/v5.0.10/core/cas-server-core-services/src/main/java/org/apereo/cas/services/AbstractRegisteredService.java#L77 And for Java, integer have a limit to it (A quick google

[cas-user] Re: Quick Java client filter mapping question.

Hi Bryan, I did not used "Java client filter" regex mapping before, so not sure of the language of the regex needed. Anyway, I think there is a stackoverflow page that talk about what you need, see

[cas-user] Re: param.service in templates changes between versions

Hi Ian, > using javascript ... but it does work at least for my case... Great! > ... a little uglier... Well users are not going to see them, a little bit uglier will be fine I am sure :) Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom:

[cas-user] Re: Applying Custom Theme CAS 5.3.x

Hi Fahmi, Sorry I am not able to provide a solution to your problem. Mainly because there are not enough information provided. I can say for sure that 5.3.x custom theme do works (I am using 5.3.3 myself), so most likely it is not because of version problem, but is actually something in your

[cas-user] Re: CAS 5.2.3 -support for XSS protection

Hi Chava, Ops, guess I misunderstand your question then. Cool that your code worked! Cheers! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this

[cas-user] Re: CAS 5.2.3 -support for XSS protection

Hi Chava, See if these properties are what you after? https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests Also, for what each properties does what, you can reference the source code here: [

[cas-user] Re: Rules in CAS log-in flow .

Hi Vivekanand, The keyword to search for your requirement should be "*consent*" page. Something like this might be useful to you: https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-Consent.html#consent-review The above one is just for attribute release consent instead of terms

[cas-user] Re: Rules in CAS log-in flow .

sible to get the content via rest api and display it in consent > view . and is it possible to customize this view and buttons of the consent > view page ? > > On Tuesday, September 4, 2018 at 12:23:28 PM UTC+5:30, Andy Ng wrote: >> >> Hi Vivekanand, >> >> T

Re: [cas-user] Re: CAS5.1 ,Application Not Authorized to Use CAS , no service registry issue.???

Oops maybe I remember incorrectly about the service directory. Anyway, glad to help:D Cheers! -Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this

[cas-user] Re: AUP and X509 authentication

Hi Curtis, *> So I finally solved this* Great that you solve it *> essentially had to remove the cas-server-support-x509-webflow dependency... where getting rid of the spring xml configura*tion makes this more difficult There is no need to remove the entire dependency to make small changes,

Re: [cas-user] Re: AUP and X509 authentication

Hi Curtis, Ah I missed to mention something, when you tries to override a Bean inside a Configuration file, whether or not is actually override success depends on the load sequence. Which one load last will be the actual bean to be used. See:

Re: [cas-user] Re: CAS5.1 ,Application Not Authorized to Use CAS , no service registry issue.???

Hi Pedro, To see whether or not your service is being loaded, turn on CAS debugger mode and look at the logs. The (cas.serviceRegistry.x.location) is *based on CAS version*, so you should look for the config for your CAS version: cas.serviceRegistry.json.location=file:/etc/cas/services

Re: [cas-user] Re: CAS5.1 ,Application Not Authorized to Use CAS , no service registry issue.???

gt; I searched for a cas.properties file on the "target" folder, but there is > no such file there. > Should I manually copy the cas.properties file to the "target" folder? > (I'm using tomcat). > Where should the file be placed exactly? > > Thanks. > Best Regards,

Re: [cas-user] Re: CAS5.1 ,Application Not Authorized to Use CAS , no service registry issue.???

The service file should be: src/main/resources/service/myservice-1001.json -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are

Re: [cas-user] TARGET URL parameter associated with samlValidate can be misused to redirect to malicious sites (?)

Hi Ganesh, There is a default service that will secretly enable all https based service called "HTTPSandIMAPS-1001.json" https://github.com/apereo/cas/blob/master/webapp/resources/services/HTTPSandIMAPS-1001.json Refer to this to how to disable such service:

[cas-user] Re: Applying Custom Theme CAS 5.3.x

Hi, it is a bit hard to look through your directory structure, so I can't really comment on that now. However, there are examples out there with successful custom theme implementation, maybe those will help you understand the directory better:

[cas-user] Re: CAS 5.2 OAuth 2 Redirect to root - not regularly

Glad it helps! - Andy -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group.

[cas-user] Re: How to monitor cas's clustering.

Hi Toby, Seems like you are using 5.0.x from the documentation cited by you, but if not and you are using 5.3.x, you might want to read this, maybe related: https://groups.google.com/a/apereo.org/forum/?nomobile=true#!topic/cas-user/htBkshVVaFg Other than that, I have no idea too with the

[cas-user] Re: Using ajax to make cas authentication call?

You can use REST protocol to login user with API: https://apereo.github.io/cas/5.3.x/protocol/REST-Protocol.html I have also seen somewhere that Ajax using CAS protocol is possible, however I failed to find that code for you. Nevertheless it is a bit hacky so imo the above method is better.

  1   2   3   4   >