Re: [cas-user] Re: CAS Proxy vs CAS Rest protocol

Maybe you should try to think if you can route existing AJAX to B via A back again to B but letting the service A resolve calls in behalf of clients of A. You can authenticate calls to B from the A back end, or if B is replicable you could do an additonal private deployment of B not casified

Re: [cas-user] Re: CAS Proxy vs CAS Rest protocol

However it should just work out of the box by only CASifying B to the same CAS service protecting A because that is the whole point of SSO (e.g. Apereo CAS). Sent from my iPhone > On 26 Jan 2017, at 07:44, Uxío <upr...@madiva.com> wrote: > > Maybe you should try to think i

Re: [cas-user] CAS 4.1 - Routing logs to SysLog - is it possible

Tweak the '4.2.x' in the link for '4.1.x' then compare the section in both articles. Given it is documented, is probably working. Sent from my iPhone > On 08 Dec 2016, at 09:46, Petr Gašparík - AMI Praha a.s. > wrote: > > Martin, > is that applicable also to CAS 4.1? Do

Re: [cas-user] configuration in Ldap, xml or database

I guess local storage is the fastest, so generally you use the other when needing to match some requirement, mostly easy integration with other systems..? f.i. we have kind of a procedure for ticket creation prevention hardwired in a CAS support module, and erasure capabilities in an external

Re: [cas-user] inspektr-jdbc-audit-config.xml

Is the new data base being served from the same host URL and port that served the original one? In case not, have you checked JDBC connectivity to that target destination host from the desired source host using another JDBC tool (not Apereo CAS) like a CLI client (the SQL*plus like alternative

Re: [cas-user] CAS 3.5 Service Registry Exception How-To

Can you post web.xml configuration? Having CAS validation filter and such..? Sent from my iPhone > On 05 Apr 2017, at 18:36, Scott Green wrote: > > We are running CAS 3.5 (old I know... working on it). It is using SQL as a > Service Registry. I have added an

Re: [cas-user] Having issues w/ trustedDevice in 5.1.2

I had a bad time trying to tweak CAS 3 with postgres ticket registry to use bytea for lobs, instead of oid, ended up using oid and assuming the included pita and believing there is a bug relating how hibernate 4 handles ticket removal when using postgres [oid] large objects (update/delete most

Re: [cas-user] Re: CAS 5.1 Mariadb runtime issues

How many applications, if it is not asking too much? Sent from my iPhone > On 27 Jun 2017, at 19:33, Richard Frovarp wrote: > > You can just include your own JDBC driver dependency instead of using the > previous version. Not having them is preferable for us as we

Re: [cas-user] Re: Tomcat and CAS Newbie Need Help with Google SSO Overlay

Coming from 3.x you are likely to have a bad time wrangling the customization stage. Since I started reading these mails about a year ago, I have read one gifted person was able to self make an upgrade path from 3 to 5. IINM most peoples rework their CAS 5 customizations from scratch and from

Re: [cas-user] How to track login failure attempts and update the failure counter in database

I might be able to give some advice, only if by a somewhat big gotcha you are referring CAS 3. If it is CAS 4 or 5, if it was me and I thought the docs were not enough about it, I would file an issue requesting the capability or, if ready, enhanced explain. Could you just use throttling of

[cas-user] What's cooking in unaffiliated@cas-user

Fast note to tell am somewhat working in a small hack branch of CAS Server 3 core in order to enable tickets' POJOs in JPA mapping under PostgreSQL to be stored as byteas instead of as oids (i.e. b?lobs). Additional tags: cas-server-core, abstractticket, ticketgrantingticket, serviceticket,

Re: [cas-user] Adding/Modifying Service Registry Entries

A CAS service of the 3.x line I help maintaining uses JDBC for the service registry, not sure why or if were there any other options for it back then. Regards, Sent from my iPhone > On 15 Nov 2017, at 18:15, Scott Gennari wrote: > >> On 11/15/2017 12:03 PM, George

Re: [cas-user] Restrincting service access based on uid

Is that a suspicious population of a list with comma separated values in string containing an implicit list instead of with an explicit list of strings? Or is it really meant to be comma separated values in string? Sent from my iPhone > On 13 Dec 2017, at 10:00, Sebastien BEAUDLOT >

Re: [cas-user] Re: CAS 5.1.3 - Map Single log out request to current client app session

If I understood correctly, you only need a very vanilla CAS deployment and you have out of the box all those features you need. Follow up in case of any misunderstanding. Hope that helped. Regards, Sent from my iPhone > On 02 Nov 2017, at 12:24, Edward wrote: > >

Re: [cas-user] cas 5.0.8 ldap authentication error

It seems a little typo, one missing comma. Cheers, Sent from my iPhone > On 20 Sep 2017, at 10:15, mceylan wrote: > > Hi, I am using cas 5.0.8. I am working on Openldap authentication. I get an > invalid credentials error when I enter the username and password I created

Re: [cas-user] CAS 5.2

Hi, I've known a CAS customisation where after logging in from no particular CASified service an attribute would be passed for a default redirect URL to then re redirect the user to a particular default service for that particular user (the thing is really just a little bit more complicated

Re: [cas-user] Infinite loop problem between Cas Server and Cas Services Management

Bonsoir, bienvenue á la liste. > No one has a solution for my problem? Probably someone has a solution for your problem. That does not necessarily mean s/he is going to share a solution soon, even ever. Keep working on your own while you wait for answers and feel free to answer yourself to help

Re: [cas-user] CAS 3.4.3 - Delete session ticket

please reply how you did, me at least. Regards y le dejo mis dies. Uxío Prego Madiva Soluciones Cl / Serrano Galvache 56 E Abedul 4 28033 Madrid 917 56 84 94 www.madiva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off

[cas-user] Problems completing our own roadmap

will step in 4.1 because we link an in house support module from the webapp and the integration restlet and I am not sure how to drop this, so the question really might be "Is anybody really sure we should step to 4.0 before 4.1 instead of try upgrading directly to 4.1?" Thanks, regards,

[cas-user] Server and client version mapping

Hi, am in the process of upgrading CAS 3.4.10, mainly using the Java client 3.2.1, into 5.0.0.RC3, falling back to 4.2.6 in case PITA arises. IINM am seeing 3.4.1 as the last version of the Java client. This means is compatible with all CAS 3 to 5 versions right? Thanks, regards, -- CAS

Re: [cas-user] mod_auth_cas 1.1

re known to exists in this release of the software: > > * CAS Proxy Validation is not implemented in this version. > > From: Uxío Prego [mailto:upr...@madiva.com] > Sent: Saturday, December 10, 2016 1:02 PM > To: CAS Community > Cc: David Lawson; Pathe Sow; Chris Cheltenham > Subject: R

Re: [cas-user] Internally hosted applications under load balancer issue

You can try to find the way of applying sticky (https://en.wikipedia.org/wiki/Load_balancing_(computing)#Persistence) to your casified applications' load balancer, and see if that solves, but I am afraid you could be alone on that. CAS itself supports being behind a load balancer since a

Re: [cas-user] Need help CAS5 + LDAP Maven overlay misses few libraries needed for LDAP unbound Id

Are you sure the cause is a problem with libraries? Why not LDAP misconfiguration? 2017-01-08 15:49 GMT+01:00 sravani patla : > Hello Team, > > I tried to deploy CAS with LDAP server and i ended up with few > errors.Please just check the errors. I have attached the document

Re: [cas-user] Cas 5.x Target Application Selection

We do that too, since quite a time (so not 5 though) and are mostly happy C: with the results so far. Regards, > On 7 Dec 2016, at 17:59, Andrew Morgan wrote: > > On Wed, 7 Dec 2016, Gokhan Mansuroglu wrote: > >> Hi, >> >> I have the following scenario : >> >> 1. In the

Re: [cas-user] Re: CAS 3.5 Service Registry Exception How-To

I assumed your CASified application was Java-like, and meant the CASified application web.xml. But this can make the example. There are some and tags. CASified Java web applications work using a web.xml file alike. If you are using your CASified application as such, it should have several

Re: [cas-user] Supporting SAML 2.0 using CAS 3.4

you might be able to upgrade your production system to CAS 5 without impacting the existing applications that are currently integrated. I would encourage you to give some more details about your platform architecture. Uxío Prego The activity of email inboxes can be systematically tracked

Re: [cas-user] Tomcat and CAS Newbie Need Help with Google SSO Overlay

Not able to help. Make sure you already read these articles from the maintainer. https://apereo.github.io/2016/10/04/casbootoverlay/ https://apereo.github.io/2017/02/21/cas-autocfg-strategy/ https://apereo.github.io/2017/03/28/cas5-gettingstarted-overlay/ Regards, > On 11 Aug 2017, at 19:15,

Re: [cas-user] CAS 5.1.2 step by step documentation

Make sure you already read and understood these articles from the maintainer. https://apereo.github.io/2016/10/04/casbootoverlay/ https://apereo.github.io/2017/02/21/cas-autocfg-strategy/ https://apereo.github.io/2017/03/28/cas5-gettingstarted-overlay/ Uxío Prego Madiva Soluciones CL

Re: [cas-user] CAS ADFS Integration

Let us hope am wrong, but reminds me vaguely of https://groups.google.com/a/apereo.org/d/msg/cas-user/BwnFLyc8TnY/6NjFsnIEAQAJ Best of luck, > On 17 Jul 2017, at 09:23, Антон Шихмат wrote: > > Hello everyone, > > On my current project we use CAS with configured custom

Re: [cas-user] Setting up SSL

You should not be running Java with super user privileges, ever. Specially in production environments. When on Linux additional configuration is necessary to allow an operating system level user account access to well known ports in the first 1K range. OP likely to have had indeed the port held

Re: [cas-user] Need CAS 3.4.10 deployed file

Clone the git repository at GitHub/apereo/cas, then switch rev with git as `git checkout 09ead33` as seen in https://github.com/apereo/cas/commit/09ead33abdf5124c351ce37c147bb4457307ec7f which as you can see is tag 'v3.4.10'. Descend into artifact cas-server-webapp, execute (with 7>=java) `mvn

Re: [cas-user] JVM Heap Kept Growing every day

Never used hazelcast ticket registry nor 5.0.x, still those figures seem normal to me. If you just can't kill the curiosity, I recommend you saving a snapshot of your Debian GNU/Linux CAS server, then installing xorg, xserver, lightdm, and a lightweight desktop environment of your choice, and

Re: [cas-user] JVM Heap Kept Growing every day

I would reboot CAS servers nightly, if you can afford that. Try a TGT lifetime of several hours and an ST lifetime of some minutes. But I can't tell the rationale. > On 16 Aug 2017, at 19:54, Uxío Prego <upr...@madiva.com> wrote: > > Never used hazelcast ticket registry nor 5.0

Re: [cas-user] CAS 5.0.5 password warning login?execution= too long for Windows IE/Edge browsers

So lengthy HTTP GET URLs are anti pattern. I guess this advice will not be useful to you, but for other people could do. If you absolutely are to stick with those huge URLs and GET methods, and you have access to the source code of both software ends, you can easily do by creating an informal

Re: [cas-user] Re: CAS 4.2.7 ticket validating failed

Make sure service ticket not expiring by time , service ticket not expiring by max number of uses reached , service ticket not expiring because ticket granting ticket is expired (happens). Logging out parent ticket granting ticket clears all children service tickets that is a possible cause of

Re: [cas-user] JPA Service Registry Persistence (CAS 5.0.6)

There are some or at least one configuration keys named $BLAH.jpa.ddlAuto or $BLAH.jpa.ddl.auto that if are set to (or defaulting to) 'create-drop' might be causing those table dropping. > On 15 Jun 2017, at 23:32, 'Iain Workman' via CAS Community > wrote: > > I am

Re: [cas-user] wbr...@gmail.com

Yeh, go google, paste there 'apereo server and client version mapping' if you are lucky you should jump to another topic where past myself was asking similarly. Or you hit this ' https://groups.google.com/a/apereo.org/d/topic/cas-user/mLFbdpnaipY/discussion' link that I now am betting 5 dollah to

Re: [cas-user] Encrypted database password in jdbc authn

Did not cas.authn.jdbc.query[0].passwordEncoder.type=com.example.CustomPasswordEncoder (https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#query-database-authentication) suit your mileage? > On 6 Jun 2017, at 19:58, Soumya Tripathy wrote: > > Hi,

[cas-user] Re: What's cooking in unaffiliated@cas-user

up any thoughts on CAS 3 further patching. Sorry for the noise, > On 24 May 2017, at 18:11, Uxío <upr...@madiva.com> wrote: > > Fast note to tell am somewhat working in a small hack branch of CAS Server 3 > core in order to enable tickets' POJOs in JPA mapping under PostgreS

Re: [cas-user] cas.js javascript error in certain browser

+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/e96c32d0-54b4-48de-8903-0e8ebcfed924%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e96c32d0-54b4-48de-8903-0e8ebcfed924%40apereo.org?utm_me

Re: [cas-user] Is the CAS sever and client both two side need same java version?

You have to stop using the obsolete Java 6 in the client, or explicitly enable the insecure Diffie Helman 1024 configuration in the server. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity

Re: [cas-user] CAS 3 to 5 migration - properties

Are any of these blocking your CAS 5 test/dev deployment? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 <+34%20917%2056%2084%2094> www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by coll

Re: [cas-user] Looking for french consulting

with your migrations, regards, Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic

Re: [cas-user] Re: InvalidTicketException while searching for Service ticket

Why would you want not to iterate TGTs? Aren't you using the default ticket registry? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked

Re: [cas-user] InvalidTicketException while searching for Service ticket

Is it possible the ticket doesn't exist once you try to reach it? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners

Re: [cas-user] CAS Management Service Showing 'localhost:8080' on Redirection to Login Page

Maybe grepping the CAS itself (not the overlay) helps..? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners

Re: [cas-user] Integrating CAS SSO with Office 365

..? Regards, Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic loading of images

Re: [cas-user] Best Practice for protecting external applications - REST API or CAS Proxy Authentication or something else?

Can't you do this just by using the CAS client from the java application like you would do by using the CAS client from the web java (CASified) application? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com

Re: [cas-user] CASv5.1.x embedded Tomcat - Extended access log valve - Log rotation?

Move the rotate responsibility to logrotate out of Tomcat and CAS. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

I’m a little lost now. Are you sure you need to waste that much energy investigating so many ticket registry alternatives? Shouldn’t you be trying to just assess the feasibility of using that data base with which you feel more comfortable? To be more clear, let’s say it works better using

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

Do you mean it is buggy because Redis was refusing to write -1 for expiration times? If you have a lot of time I guess you could write your test case and request pull. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com

Re: [cas-user] CAS 5.2.x

quivalent of that. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic loading of images

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

I'm sorry I can't help you, but it would be very sweet if you could share your effective serviceticket or ticketgrantingticket table schema from the times when you were using PostgrelSQL as ticket registry for CAS 5... Regards, Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

Oh... Goodness. I was hoping the ORM software to be at last using BYTEA instead of LO/OID. Thank you, you are very much kind. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes

Re: [cas-user] CAS 3.5.2 returning mail as user name

I don't know. Does your CAS 3 deployment provide a custom class extending AbstractUsernamePasswordAuthenticationHandler? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can

Re: [cas-user] CAS 3.5.2 returning mail as user name

I still operate version 3 of CAS using relational as service registry, yet I don't understand what you ask. I can't grep the sources anyhow, today. I hope you find whatever you are looking for. > On 16 Feb 2018, at 18:53, Toby Archer wrote: > > We have an application

Re: [cas-user] CAS 5.1.6 - throttling and jdbc audit bug

I noticed days ago the GitHub issues system seems disabled there. Because that GitHub central mirror is heavily customized with a lot of goodies, the message is clear, and it is _bug tracking is no longer there_. I assume you are reporting the problem and if there is no answer is because no

Re: [cas-user] Re: Recommendations for CATALINA_OPTS for cas 5.x with tomcat 8.5.x

a deployment problem (maybe not). I think 8G should be enough for your case, but I don't really know. While you keep investigating, maybe adding swap and more memory can help you... maybe not! Good luck with it, Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID

Re: [cas-user] CAS PostgreSql Connection Problem

Can you confirm psql connectivity between the data base and the Java application server (i.e. CAS)? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically

Re: [cas-user] Issue handling Browser Back button in CAS UI flow

Yeah take control of the browser back button and send the user to wherever you find appropriate: https://stackoverflow.com/questions/25806608/. Regards, Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com

Re: [cas-user] CAS PostgreSql Connection Problem

I don't know. In Maven environments I would expect the declaration of a postgresql artifact from the org.postgresql group ID. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes

Re: [cas-user] CAS problem with abnormal memory increase

Apart from the virtual memory increase, which is the profile of actual memory use increase and (if applicable) swap space use increase? In other words, are you really sure a virtual memory use increase is a problem? Which is the operating system where you are running that? Uxío Prego Madiva

Re: [cas-user] [cas 5.1.8] Issue encountered with the customization of the theme

to a trusted proxy where HTTPS is handled. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off

Re: [cas-user] JPA Ticket Registry

In line with the error message, it can hopefully be tackled by rewriting the schema LOCKS.LOCKVER as integer. I would issue ALTER TABLE .LOCKS MODIFY LOCKVER NUMBER(19, 0); Best, Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94

Re: [cas-user] CAS incorrect redirection behind reverse proxy

. In other words; if you can not fix it in time, roll forward that way without fixing anything. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked

Re: [cas-user] JPA Ticket Registry

Do you need to support CAS 3 and 5 at the same time for a while, or can you afford a *migration*? Can you afford CAS downtime when migrating the users to CAS 5? Have you tried to add LOCKVER to CAS_OWN.LOCKS? Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033

Re: [cas-user] JPA Ticket Registry

ood luck with the migration, Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic load

Re: [cas-user] CAS 3.5.2 returning mail as user name

I don't know. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic loading