casuser/Mellon
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method
It was funny to learn where that password word came from :)
As for SSL, do not forget to uncomment the SSL section in server.xml.
If it doesn't help. dig deeper.
Hi Misagh,
As long as wiki documentation is a part of repository, there should also be
„Changelog“ page for new version, being filled throughout the development
of this version.
Best regards, PEtr
PS: Misagh, I sometimes wonder – how many lives you have? Being able to do
so many things J
Hi,
If I have two applications,
- AppC connected to CAS server via CAS client (CAS protocol),
- AppO second connected to CAS server via OAuth protocol,
does the Web SSO work?
Is user logged into AppC automatically logged into AppO?
If not, it is possible to do it in some way?
This
Sorry, cruel typo…
…so far we have NO problem J
As for the customers, I don’t understand the question, but feel free to
write to me in private.
--
regards
Petr Gašparík
*From:* Vipin Jain [mailto:vjsat...@gmail.com]
*Sent:* Thursday, March 3, 2016 1:59 PM
*To:* Petr Gašparík - AMI
Hi,
in my understanding, SLO ensures that once user is logged out from CAS
server, s/he is also automatically logged out from application.
Please, help me understand it better:
1. Is it the best practice, to point "Log Out" button in application to
"/cas/logout" URL?
2. /cas/logout lands on CAS
I don't think so. If it is not here : https://apereo.github.io/cas/4.2.x/
it is not anywhere.
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image:
Hi,
is it possible to define searchLocation in overlay project?
...so I can change file:///etc/cas/config right in the build.
thanks!
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation
Martin,
is that applicable also to CAS 4.1? Do you have an experience with that?
thanks, Petr
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image:
Thank you for your answer.
To rephrase my question, can I use latest CAS 5.0 client on Java 6
machines?
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
Hi,
is the term gateway in Jasig wiki the same as proxy term in Apereo wiki?
I am looking for the man-in-the-middle scenario, where app does not
communicate directly with the CAS server.
regards
Petr Gašparík
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list
Hi,
is there a list of events in log files?
I searched wiki but I have found only some sample like
WHO:
org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@6cd7c975
WHAT: TGT-9-qj2jZKQUmu1gQvXNf7tXQOJPOtROvOuvYAxybhZiVrdZ6pCUwW-cas01.example.org
ACTION:
Hi all,
what is the dependence between Java version on CAS server and CAS client?
For example, if I have installed CAS server 5.0 in Java EE 8 enviroment,
and I want to connect Java client running in Java EE 6 enviroment, will it
work?
Or do I have to upgrade client env to Java 8 in first
Hi,
does anyone successfully *authenticated user with certificate *in
non-interactive way?
Scenario: Service Provider handles CAS user certificate and CAS compare
this certificate against LDAP/AD to find matching user.
If, what approach did you use? SAML 2 or something else? Could you spare
It will hurt. Better reimplement it. A lot of changes...
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image: AMI Praha a.s.]
[image: AMI Praha
Hi,
in CAS 4.2 there was this property:
password.policy.url=https://password.example.edu/change
I believe, that is points to URL where the user is redirected, when his/her
password is about to expire or expired.
*What is name of this property in Apereo 5.1?*
Thank you!
Petr
--
- CAS gitter
*Solved*. It was on client side.
So, if you want to skip login dialog, do this in every related zone (or
all, internet, intranet, trusted)
Custom level: User Authentication -> Logon -> Automatic logon with current
user name and password
[image: Vložený obrázek 1]
--
s pozdravem
Petr Gašparík
Hi,
what says the log file?
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image: AMI Praha a.s.]
[image: AMI Praha a.s.]
No, sorry. I was just hoping to look into log file for something that hit
me.
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image: AMI Praha a.s.]
Hi, if you are upgrading from 3.5, be aware, that there is a lot of things
changed (for example, service json files are not default option).
GlobalSSO works out of the box, so try to configure CAS server from the
scratch in 5.1
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603
Hi,
better *append *whole log file.
P.
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
[image: AMI Praha a.s.]
[image: AMI Praha a.s.]
Hi,
What is best practice for signing and encryption key in HA enviroment (2
CAS nodes behind VIP router)?
No signing and encryption works ok, but what if we want more security?
Do we have to use encryption and signing the same? Does TGC works this way
(theres hostname in TGC value) ?
thanks!
Hi Aarton,
you can do it in service json file.
just find default one (HTTPSandIMAPS-1001.json)
just change
"serviceId" : "^(https|imaps)://.*",
to
"serviceId" : "^(http|https)://.*",
--
s pozdravem
Petr Gašparík
solution architect
gsm: [+420] 603 523 860
e-mail: petr.gaspa...@ami.cz
Hi,
it is pretty much possible.
In our implementation, the loadbalancer is configured something like this:
[image: image.png]
--
s pozdravem
*Petr Gašparík*
solution architect
gsm: [+420] 603 523 860
e‑mail: petr.gaspa...@ami.cz
*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6
tel.: [+420]
Hi Misagh,
that's what I don't know for sure.
Can be REST used for issuing TGT for different user than authenticated one?
Like "sudo make TGT for userX" ?
I studied wiki, I think sudoer needs to know user's password.
--
s pozdravem
*Petr Gašparík*
solution architect
gsm: [+420] 603 523 860
Oh! I know!
https://apereo.github.io/cas/6.0.x/installation/Surrogate-Authentication.html#preselected
It is done simply by +user in REST authentication request, right? Genial!
Petr
On Wednesday, August 28, 2019 at 9:42:17 AM UTC+2, Petr Gašparík - AMI
Praha a.s. wrote:
>
> Hi Misagh,
> that's
Hi,
in my proof of concept, I want piece of code (program library) to *log in
user to CASified application without user's password.*
That could be done in this way:
1. library authenticates to CAS with its login/password
- CAS responds with OK/fail
2. library requests to generate TGT
Hi,
the solution was not selected for PoC.
--
s pozdravem
*Petr Gašparík*
konzultant IT bezpečnosti
gsm: [+420] 603 523 860
e‑mail: petr.gaspa...@ami.cz
*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6
tel.: [+420] 274 783 239 | web: www.ami.cz
[image: AMI Praha a.s.]
Textem tohoto e‑mailu
Maksim,
you definitely need to set up High Availability with ticket registry
replication:
https://apereo.github.io/cas/6.1.x/high_availability/High-Availability-Guide.html#high-availability-guide-haclustering
We use Ehcase for this (just two nodes), so we have:
- cas.properties:
Hi Maksim,
I have no experience with >2 nodes. Quick searching on Google (because
Apereo docs has broken links) leads me to:
https://www.ehcache.org/documentation/2.8/replication/rmi-replicated-caching.html
best regards
--
s pozdravem
*Petr Gašparík*
konzultant IT bezpečnosti
gsm: [+420] 603
Second option (IMHO better, but that's point of view) is to use
Evolveum's midPoint.
It possesses a flexible authentication mechanism (
https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration),
so you can use Apereo CAS as SAML IdP and Evolveum midPoint as SAML SP, for
Hi,
we use *X.509 authentication on REST interface* of Apereo with LDAP
repository for attribute fetching (X509CredentialsAuthenticationHandler).
In general, it works, but *we have troubles getting special attributes:
nsRole, nsRoleDN and dn*.
When REST interface of Apereo is called with
Solved.
Attributes need to be defined in attribute resolution configuration - if
nothing is used, then all attributes are fetched EXCEPT for some (f.e.
operational)
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap
On Wednesday, April 14, 2021 at 2:48:41 PM
32 matches
Mail list logo