Hi Dustin,
> Is there a list somewhere of which properties can/can't auto-reload? The
documentation I linked to in the original post states that "Most if not all
CAS settings are eligible candidates for reloads."
Not that I am aware of, maybe other can provide insight if they know of
such
Hi Mindaugas,
I have encounter this issue before, from what i know there are 3 ways to
handle this issue:
1. Update CAS to 5.3.x (Recommended), which will fix this issue
2. Update pac4j-oauth to latest version
- In your Maven (suppose you are using maven), add an entry to pom.xml
similar to
Hi all,
I have encounter this samesite issue as well for our 5.3.x CAS servers, and
I come up with an ugly custom fix, I am sharing here if anyone need quick
fix.
Since I manage multiple SPs for our CAS, and one SP with a different domain
use CAS inside an iframe which trigger this issue.
Hi all,
My CAS project also have the needs to include "Sign in with Apple".
CAS is using Pac4j library: https://github.com/pac4j/pac4j, and it
currently didn't have an Apple implementation.
Well, due to urgency, I extended the pac4j library to include a custom
"Sign in with Apple" component
tting okhttp jar related error whole deploying the
> application. Feel like conflict is happening. We are using CAS 6.2.2 and it
> is not happening in local and dev environment.
>
> Thank you in advance.
>
> On Wed, 23 Dec 2020, 7:40 am Andy Ng, wrote:
>
>> Hi Sobhen,
Hi all,
I have found an issue with Delegated Authentication in CAS 6.2.x branch
(Latest one, 6.2.6).
After login, I found that the UserProfile is not returned after loging in
using Deleagted Authentication, below is an example using Google as 3rd
party idp.
Hi Paul,
I am also agreeing with you that logout with CAS doesn't mean logout Google
account / other 3rd party account. However I don't spot such issue in my
implementation.
I am using Google Delegated Authentication as well, I am using CAS 6.2.6.
No such issue spotted. Maybe you should try
Hi all,
I encountered the same issue, and want to chime in with some additional
info:
I found that starting from CAS 6.2.x by default attributes from JDBC / LDAP
/ other PersonDirecotry are not by default released.
See this line
here:
Confirm is a bug, here's the PR: https://github.com/apereo/cas/pull/5003
Cheers!
- Andy
On Wednesday, 2 December 2020 at 21:14:45 UTC+8 Andy Ng wrote:
> Hi all,
>
> I was trying to implement Hazelcast Ticket Registry and reloading
> properties.
>
> I find that, when I chan
Hi all,
I was trying to implement Hazelcast Ticket Registry and reloading
properties.
I find that, when I change `cas.properties` and force a reload based on
this
tutorial: https://fawnoos.com/2020/05/02/cas62x-reloadable-configuration/,
it stopped the Hazelcast Ticket Registry instance
Hi Irvan,
Have you try adding the repo:
*maven { url "https://jitpack.io; } *
As well?
I found some old code of mine
(https://github.com/NgSekLong/SelectUrCAS/blob/master/source/cas-overlay/build.gradle#L34)
and see that jitpack.io is needed at that time, see if that would help your
issue
Hi Francisco,
If I recalled correctly, you are suppose to use CAS Management Web app
along side with CAS to allow for modification on those service stored under
JPA.
CAS Management Web app: https://github.com/apereo/cas-management
Also, although the best way to interact with service is
Hi all,
We have encountered ConcurrentModificationException for logout during our
stress test.
Putting a `synchornized(this)` block for:
https://github.com/apereo/cas/blob/v6.2.6/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/DefaultLogoutManager.java#L61
Seems to fix the
Hello,
The endpoint seems to use the *cas.server.name* properties, see:
https://github.com/apereo/cas/blob/v6.2.6/support/cas-server-support-saml-idp-core/src/main/java/org/apereo/cas/support/saml/idp/metadata/generator/BaseSamlIdPMetadataGenerator.java#L121
Have you these *cas.server.name* for
d to use the old version. I am trying to use version
> 6.1.X which is on your github. After configuring I was finally able to
> integrate between my cas server and my freeradius.
>
> Thanks again Andy!
> Cheers,
>
> Irvan
> Pada Senin, 21 Desember 2020 pukul 14.16.49 UTC+
np, glad it helps - Andy
On Tuesday, 22 December 2020 at 23:36:41 UTC+8 yap.s...@gmail.com wrote:
> Yes, changing cas.server.name does the trick. Thanks a lot!
>
> Andy Ng 在 2020年12月22日 星期二下午10:29:37 [UTC+8] 的信中寫道:
>
>> Hello,
>>
>> The endpoint seems to
Hi Sobhen,
Would like to know more about your setup first, see if the below correctly
describe your setup:
- You setup your properties in:
https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#ldap-authentication
- You extend the LdapAutheticationHandler and make your
Hi all,
I am reading on the importance of preventing replay attack
https://www.idm-360.com/idm360/the-dangers-of-saml-replay-attacks/, which
is a requirement from our client.
I was wondering if CAS natively already prevent such attack for SAML 2.0
protocol acting both as *sp *or as *idp*.
Hi Irvan,
Please check if the following insight helps:
*1. *In order to use JSON as service registry, you need to *enable it*
first using
this
https://apereo.github.io/cas/6.2.x/services/JSON-Service-Management.html#json-service-registry
Put this in your build.gradle:
Hi Rafiek,
I can think of 3 methods of implementing your requirement:
1. *Using Principal Transformation:*
1. e.g.
https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#authentication-principal-transformation
for Principal transformation for
s found" and "service is not found".
>
> Do I need to use a valid service provider? or is this just my fault in
> configuring the service?
>
> Previously, thank you Andy for your response.
>
> Cheers,
> Irvan
>
> Pada Kamis, 31 Desember 2020 pukul 13
Hi all,
Would like to know anybody got "Sign in with Apple" working in CAS natively?
I got it working my doing some customization (I will attach below) because
of some weird issue which I cannot understand.
While I would like to investigate on submiting a PR, but I am not sure if I
am the
Hi Paul,
Thanks for the contribution! We soon also need to setup delegate auth to
Azure, so that section is going to be useful to me.
Now whenever people asking for a CAS 6 guide I know where to point them to
:)
Cheers!
- Andy
On Thursday, 13 May 2021 at 05:12:14 UTC+8 chauvetp wrote:
> Hi
> Much appreciated .
>
> Regards,
> Omer AlMatary
>
> On Thursday, April 11, 2019 at 10:02:52 PM UTC-4 Andy Ng wrote:
>
>> Hi Yan,
>>
>> We have built something like this before,
>>
>> And the answer is: yes you can! When user login to weba
"Terimakasih". In Indonesian
> "Terimakasih" means "Thank you". And I want to thank all of you who have
> helped me in solving the problems I have found, to Mr. Misagh Moayed, Andy
> Ng, Ray Bon, and anyone else that I can't mention.
>
> Cheers,
> Irvan :)
>
Hi John,
It will use Ajax for frontend call, see
this:
https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/templates/logout/casPropagateLogoutView.html
Note that, due to the recent 3rd party cookie blocking enforced in some of
the popular browser,
Hi Anusuya,
> Q1. What is the default timeout value of CAS cookie after login & its
related property?
CAS is relatively complicated in this part, so basically:
- There are TGC cookie which is a cookie stored in user browser indicating
they have login, that one expired when user close the
Hello,
Can you try turn the `auto-redirect` property to true see if that match
your needs?
Ref:
https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#delegated-authentication-settings
Cheers,
- Andy
On Wednesday, 2 June 2021 at 23:54:06 UTC+8 Ray Bon wrote:
>
Hi Fernando,
We use something like this:
==
"accessStrategy": {
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"delegatedAuthenticationPolicy" : {
"@class" :
Hi all,
I have created a new project called "*Select Ur CAS*", want to share it
here to get some feedback :)
Github link: https://github.com/NgSekLong/SelectUrCAS
Video introduction: https://www.youtube.com/watch?v=0c-QbP4igzU
"Select Ur CAS" is a project aims to provide a customizable full
wrote:
> Andy,
>
> Here is a similar project,
> https://fawnoos.com/2021/02/28/cas64-cas-initializr/
>
> Ray
>
> On Sat, 2021-07-03 at 07:30 -0700, Andy Ng wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be
Hi Baron,
Ray suggestion is good.
Another way might work is to add this logging property in your host:
https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties.html#logging
In your case would be something like this:
logging.level.org.apereo.cas.web.flow=INFO
Which should be
Hi Paul,
The document is awesome, can't wait for the complete version :)
Cheers!
- Andy
On Friday, 30 April 2021 at 21:55:31 UTC+8 ro...@mun.ca wrote:
> Fantastic documentation!
>
>
>
> *From:* cas-...@apereo.org *On Behalf Of *Paul
> Chauvet
> *Sent:* Thursday, April 29, 2021 12:39 PM
Hi there,
While it is CAS 6.2.x and it is quite a long time ago so I forget about
most of what I did.
But these configuration is what I used for when I successfully login to
Radius using CAS 6.2.x during my demo project:
Hi Andrea,
Another way to achieve your requirement would be to allow user to input
either phone, email and other in the same username box.
- Then, use multiple authentication handler to handle different type of
user input.
- Since we can configured CAS to allow login when any of the
Hi Jérémie,
I saw that you are using CAS 6.4, which is still in RC. Have you try it in
CAS 6.3.2? Or even 6.2.x?
Even though 6.4.x is in RC, sometime bug do occurs and using slightly older
version might help identify your issue.
Anyway, It is not so certain what the issue is, below are some
ling you can just set upload/download max speed and
>>> latency, it looks so wierd.
>>>
>>>
>>> El viernes, 26 de marzo de 2021 a las 7:01:39 UTC-3, Andy Ng escribió:
>>>
>>>> Hi all,
>>>>
>>>> I think I also am running o
Hi BN,
Seems like you can override this file to set a custom URL.
https://github.com/apereo/cas/blob/v6.3.3/support/cas-server-support-thymeleaf/src/main/resources/templates/fragments/pwdupdateform.html#L154
However, I suspect this link can be set somewhere else as well, maybe you
can trace
Hi all,
On our side we are using 6.2.x and in production, no such problem observed.
We did implemented a customization multiple customization regarding
cookies, which are:
- Samesite = None
- 3rd party cookie
Since I cannot reproduce the issue now, if anybody is free please help try
2 and 6.3.
> Any other ideas ?
> We are desperate.
>
> Regards,
>
> Florent
>
>
> --
> *De: *"Andy Ng"
> *À: *"CAS Community"
> *Cc: *"nicol...@gmail.com" , "jrautureau" <
> jraut...@gmail.com&
Hi there,
I have managed to make external customized views works in CAS 6.2.x, I
don't have the time to test this out in CAS 6.3 yet but please try this out
see if it works:
Instead of putting *nextor *in:
- /your/external/folder/templates/*nextor*
You should do it like this:
-
Hi all,
During migration from CAS 5 to CAS 6, I encountered an issue:
- My consent table, originally called `ConsentDecision` , is now renamed
to `Consent_Decision`
- Moreover, the fields name is also changed, same pattern
We have found a solution and want to share here:
- it is
Dear Anusuya,
The best step by step guide I know of is the one from David Curry:
https://dacurry-tns.github.io/deploying-apereo-cas/introduction_sso-environment-architecture.html
- Clustered setup is included in the guide.
This document is written for CAS 5.x, but the majority of the document
s like there is a bug with the transaction management in 5.3.x?
> Or is there another jdbc parameter that I have to tweak to make it work
> with autocommit = false?
>
> Best regards,
> Lars
>
> On 01.03.21 05:39, Andy Ng wrote:
>
> Dear Lars,
>
> I have not encountered your issue,
Dear Lars,
I have not encountered your issue, but I encountered a similar issue before
(Not able to insert row to JDBC in another component)
I found that setting *autocommit *to *true *seems to fix my issue, not sure
about the root cause since JDBC is not my strong suit.
Hello,
Would like to know if you are referring to multiple tenant in Active
Directory / Azure / other technology?
*If multi-tenant in Active Directory:*
CAS can be configured so to use *multiple authentication sources *and *either
one of them success *allow for login.
In here:
Maybe you can look into
this:
https://github.com/apereo/cas/tree/master/support/cas-server-support-themes-collection
Cheers!
- Andy
On Wednesday, 7 April 2021 at 11:37:02 UTC+8 程泽群 wrote:
> I look the resources
>
Hi Thatcher,
I also agree with Ray, an upgrade is necessary to bring this feature in.
In terms of why CAS 4.0.1 vs 4.2.x have this feature different:
the log4j library is at *1.2.17* on CAS 4.0.1
https://github.com/apereo/cas/blob/v4.0.1/pom.xml#L985
While the log4j library is at *2.5+* at
Hi Baron,
Agreed with Mike, as for compile v.s. implementation, for the use case of
CAS build.gradle, you should use *implementation*.
See:
https://stackoverflow.com/questions/44493378/whats-the-difference-between-implementation-and-compile-in-gradle
Cheers!
- Andy
On Wednesday, 14 April
Hi all,
About CAS Metrics:
Previously in CAS 5, we have a "perfStats.log" containing all the metrics
of CAS in a file format. Which is useful for our troubleshooting.
See:
https://github.com/apereo/cas/blob/v5.3.16/webapp/resources/log4j2.xml#L43
However, in CAS 6, the "perfStats.log" file is
Hi Richard,
I am also not aware on any native attribute trimming feature, maybe other
can chime in on that.
However, if you think groovy can solve your issue but you don't want
external files, you can always use *inline Groovy*.
Ref:
Hi William,
A shot in the dark here, since not sure if my suggestion would work.
But in your service, have you tried setting principalIdAttribute to email
and see if it would be effective?
https://apereo.github.io/cas/6.3.x/integration/Attribute-Release-Policies.html
Cheers,
- Andy
On Friday,
Hi,
Probably not possible by just editing loginform.html, as you can see here:
https://github.com/apereo/cas/blob/master/support/cas-server-support-captcha-core/src/main/java/org/apereo/cas/web/flow/ValidateCaptchaAction.java
Even if you removed the recaptchtoken on the page, it still would
>
> -Rod
>
>
> On Thu., Dec. 2, 2021, 5:58 p.m. Andy Ng, wrote:
>
>> Hi Rod,
>>
>> Agree with Ray, your cas.properties does not seems to have any out of the
>> ordinary config.
>>
>> Not able to see any issue with the log as well, but th
And... 2.17.1 is out as well.
On Tuesday, 21 December 2021 at 03:50:00 UTC+8 Pablo Vidaurri wrote:
>
> 2.17.0 is actually out now
> On Thursday, December 16, 2021 at 2:27:13 PM UTC-6 Raph C wrote:
>
>> Hi,
>>
>> You have to exclude log4j* from WEB-INF/lib form overlay plugin and add
>> correct
>
> I've attached our cleansed cas.properties file. We do use https. I'm also
> including our virtual hosts set up that shows we redirect to https if a
> http request to the CAS server comes in.
>
> Many thanks for having your eyes on this.
>
> Rod
>
> On Wednesday, 1 Dec
Hi Rod,
Usually this happen when you setup your CAS as *http *instead of https.
- When CAS is in http, SSO will not work. Making sure it is https should
make it work again.
- The services you provided seems fine, didn't see any issue on them.
- But the ssoEnabled part should be not neccesary
Hello Ben,
I am also interested in the login by badge mechanism, I am exploring if
this feature would help SEN students easier access.
It is true that the major issue with your implementation is the security
concern, making it a CAS module definitely helps with the security concern.
Another
Dear all,
An alternative method would be to modify the saml2-post-binding.vm file
directly:
In your cas project, add:
cas\src\main\resources\templates\saml2-post-binding.vm
And add hash / add nonce / do whatever you want to the file to satisfied CSP
For the actual content of
301 - 359 of 359 matches
Mail list logo