Hi there,
We have a Spring MVC based web app., that is protected by CAS 4.1.7 overlay
setup.
We are exposing the server side REST API to our clients, the Web App UI
also calls server side REST API to render the pages. The web pages work
well, but the issue is with the REST API. Even with
e below sets it to 3 minutes:
>
> *st.timeToKillInSeconds=180*
>
> This could be the same problem with your REST clients - by the time they
> perform /serviceValidate the ST had already expired.
>
> Cheers,
> D.
>
> On Jun 1, 2016, at 10:48 AM, Yan Zhou <yana...@gmail.
Hi there,
With CAS4 + Overlay, I want to create a separate webflow when user wants to
reset password (without going through login flow). Such as
https:///cas/resetpassword.
I am having trouble mapping URL /resetpassword to this new flow. This
could be a spring web flow issue,
Hi there,
I want to define a subflow in CAS' main login flow to reset user password.
The reason I want to define it as a subflow is because I do not want the
URL to change in browser. And, after user completes password change, and
login successfully, he should be redirected to the original
Hi there,
I am using JPA service registry to store services in a DB table. (Oracle),
with CAS 4.1.5 overlay setup.
The JPA class AbstractRegisteredService makes reference to a table:
RegisteredServiceImplProperty, via join
table DefaultRegisteredService_Properties. Neither table is mentioned
Hi,
I am overlaying 4.1.5 CAS and using JPA service registry. I have had
success with JSON file based service registry. Now I am moving all service
definition into Oracle tables.
How should values be stored in DB table columns? Do I just copy the JSON
data and paste it there?
I have this
Hi there,
We have several apps using CAS 4.1.5. Different apps have different idle
session timeout setting, some timeout after 30 minutes, other 1 hour, etc.
Two questions.
1. when user Logout from a web app., it provides best user experience if
the app logs out the user AND logs out CAS
Hi,
I am using 4.1.8 snapshot CAS, because that is the only version that has
fixed the "Identifier too long" bug in JPA Service Registry for Oracle.
But I run into this error when login to CAS, did anyone have the same
problem?When I switch back to 4.1.5 release of CAS, it works fine (but
Hi there,
With my CAS 4.1.7 overlay, getting this exception intermittently. I do not
know which value this exception is referring to.
The host.name entry in cas.properties is correctly specified.
Any suggestions?
Yan
My cas.properties look like this, host.name does have the FQDN.
-granting cookie. Its value cannot be parsed.
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Yan
> Zhou
> *Sent:* Friday, April 22, 2016 2:11 PM
> *To:* CAS Community <cas-user@apereo.org>
> *Subject:* [cas-user] CAS, 4.1.7, JoseException:
Hi,
What does CAS community recommend for Cache Based Ticket Registry?
We currently use memcached, but I have found intermittent issues that
ticket cannot be found when it should be in the registry. This happens when
a server is looking up a ticket on a different server. Instead of getting
Hi there,
I am writing java code to simulate login to CAS protected web app., so that
our QA automation team can use that to test apps protected by CAS, without
manually login to CAS over and over.
I have carefully preserved the cookie and tickets values in each calls as
browser would.,
Hello,
We are experiencing intermittent ticket error issue with CAS 4.1.7 overlay
setup. The same issue exists in our app based on CAS 3.1.5. I am not saying
that is JASIG CAS issue, most likely it is something in our configuration.
But I cannot find out why.
We have two servers running CAS
Hi there,
I am using CAS 4.1.8 overlay and JAAS module for authentication. We have
some customized behavior such as adding # of failed login attempts,
auditing, retrieving a mapped (real) user id in database from a
user-provided user id, thus none of the provided authentication providers
Figured it out. Thanks for the documentation.
Yan
On Tuesday, May 10, 2016 at 10:36:49 AM UTC-4, Yan Zhou wrote:
>
> Hi there,
>
> I am unable to get REST API to work with my CAS 4.1.7 overlay setup. I do
> have a local copy of web.xml.
>
> All I did was to add this
Hi there,
I am unable to get REST API to work with my CAS 4.1.7 overlay setup. I do
have a local copy of web.xml.
All I did was to add this in my overlay pom.xml: the jar does show up in
my CAS web-inf/lib directory. The other required changes are already in
my Web.xml.
Hi there,
I thought I figured it out, but not quite. It works on my local Tomcat
7.0.59, but on our dev server, getting error.
When I post to /cas/v1/tickets, I get 400 bad request in response.
TicketsResource class is throwing error. Why is this?
java.net.URISyntaxException: Illegal
olution.html
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Yan
> Zhou
> *Sent:* Friday, April 15, 2016 1:33 PM
> *To:* CAS Community <cas-user@apereo.org>
> *Subject:* [cas-user] CAS 4.1.8 snapshot overlay does not include
> commo
econd time to login.
In 4.1.x CAS, nothing like that, you can wait for a long time, and type in
user credentials, it just works, because flow is resumed and variables are
restored.
Yan
On Thursday, July 28, 2016 at 11:03:19 AM UTC-4, Yan Zhou wrote:
>
> Hi there,
>
> Is this a correct stat
Hi there,
Is this a correct statement? I have observed difference.
CAS 4.1.x using web flow encryption to capture flow states and stores them
on the client side. Therefore, even after http session expires, the flow
can resume and continue. This means, I can walk away for hours, and as
long
Hi there,
I intermittently run into this error with my CAS 4.1.9 overlay when
deployed on two CAS servers with load balancer in the front. Memcached are
running on each CAS server.
cas.properties has entry like this:
Hi,
I am using Hazelcast as the ticket registry for my CAS 4.1.9 overlay. On
my local instance of CAS, in the cas.properties, I specified this:
hz.cluster.members=localhost
When starting up CAS, it works fine, but I see these error messages, It
fails to connect on ports 5702, 5703, etc.
Hello,
I am running CAS Overlay 4.1.9. Instead of configuring CAS Authentication
modules (JDBC/LDAP), I extend
AbstractUsernamePasswordAuthenticationHandler, wrote my class and
implemented authentication by looking up both database and LDAP for my
business needs. I have attached some code
Hello,
CAS 4.1.x documentation does not say anything about integrating with
Hazelcast management center.
https://apereo.github.io/cas/4.1.x/installation/Hazelcast-Ticket-Registry.html
I tried to place hazelcast.xml into a directory and use system property
hazelcast.config to indicate the
Hello,
I like to extend CAS login flow, using CAS5 overlay template with my
customized authenticator (it does database lookup), but having trouble
getting Spring Data Repository work.
I added the following class in cas5-overlay. I am using jndi data source
lookup. The JNDI data source is
Hi,
We are running CAS 4.1.9 overlay. Our security team, after app scanning,
has reported that CAS has a security vulnerability: Cross-frame scripting
which allows clickjacking. Basically, CAS allows itself to be framed in
another app.
If I understand it correctly, an attacker will use
Hi,
I have integrated with Hazelcast for my CAS 4.1.9 overlay, but seeing this
message.
I am not using DefaultTicketRegistry, why does it shows up?
Thx,
Yan
2016-08-18 19:19:31,850 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Beginning ticket cleanup.
Hello,
I want to allow any authenticated user to see /status and /statistics. I
know this is not a good idea, but it is very straightforward in a non-PROD
environment.
but it doesnot work for me. Am I missing anything?
this works:
s%2Flogin%2Fcas
HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
172.18.58.87 - - [22/Aug/2016:14:17:57 +] "GET
/cas-services/login/cas?ticket=ST-33-RTRnMOsbyzrU6j339QE0-devcas02
Hi,
CAS enables login throttling by IP, but, what if a relatively big number of
users (in an organization) all sit behind one proxy?
Can I configure throttling like this: no more than 5 login failures within
3 seconds, and decrement the count every second.
Thx!
Yan
Thx!
Yan
--
-
Hi
We have CAS 4.1.x overlay. We have one webapp and one backend services. Two
different WAR files, both apps are casified.
Webapp runs at localhost:8080/myapp, backend service runs at
localhost:8080/xyzservice (same domain).
After user login successfully into /myapp, its
Hello,
It was said that the TGT cookie (TGC) is hidden, so that we won't see it.
I am curious how browser can send such hidden cookie to CAS, when user goes
to apps? If browser can see it, there should be a way for us to see it.
The reason I am asking is because I noticed that Ajax
4ddfd79b68
> I wrote some doc on this, alas in french: http://prigaux.github.io/prese
> ntation-web-widgets-cas-jsonp/index.html#/7
>
> Happy CAS,
> cu
>
> On 01/11/2016 20:22, Yan Zhou wrote:
>
>> Hello,
>>
>> CAS protocol does not let the apps (C
to manage.
Thanks,
Yan
On Thu, Nov 3, 2016 at 12:02 PM, Pascal Rigaux <pascal.rig...@univ-paris1.fr
> wrote:
> On 02/11/2016 21:12, Yan Zhou wrote:
>
> Can you elaborate on JSONP?
>>
> > Would app. B now have to know user's password?
>
> No need.
> JSONP is pre-CO
Hi there,
I am a little confused on SAML support on CAS 4.1.x. It maybe my
understanding of SAML is very beginning, too.
I have viewed CAS as an Enterprise SSO solution, rather than a Federated
SSO solution (across enterprises). But, I hear different things about SAML
support in CAS.
CAS
Hello,
I have noticed that CAS is very popular in academic world, with lots of
universities using it.
I do not see much use of CAS in commercial world, there maybe one or two,
but that is really it. I personally like CAS and we are actively adopting
it in the corporate world.
Has anyone
sv wrote:
>
> Hello Yan,
>
> you would have missed some configurations in cas.properties. Please
> share properties so that can we can review and let you know the issue.
>
> Thanks
> Seshu
>
> On 5 January 2017 at 20:17, Yan Zhou <yana...@gmail.com >
>
wrote:
1. Keys must be the same across all nodes.
2. Your previous error says something about webflow decryption. Your
config has no keys defined for that purpose.
--
Misagh
From: Yan Zhou <yanand...@gmail.com> <mailto:yanand...@gmail.com>
Reply: cas-user@apereo.org <cas-
Hello,
When you submit CAS4 login page, sometimes you got “Decode flow execution
error”. For a long time, I have been struggling as to why this happens. I
think we have an answer.
This most likely happens in a cluster environment when you have multiple
active CAS4 servers. They each has a
Hi there,
CAS Overlay 4.1.9, I generated webflow encryption key below.
java -jar json-web-key-generator-0.4-SNAPSHOT-jar-with-dependencies.jar -t
oct -s 256
I can generate another TGC signing key that works fine, but Webflow signing
key gives me this error.
SEVERE:
Hello,
By default, TGC cookie does _not_ have HttpOnly. If the app. (using CAS
for authentication) has XSS vulnerability, someone could inject JS and read
TGC cookie and submit to CAS server, even though it is encrypted and
signed, CAS server will not know this TGC cookie is from an attacker.
I added httpOnly flag in the XML, that worked for me.Does this solution
sound right?
> Hi there,
>
> I have a CAS 4.1.X overlay, servlet API version 3 in POM.xml, and CAS
> running on tomcat7.
>
> I observed that TGC cookie is set to Secure, but NOT httpOnly. Tomcat7
> default to
Hi there,
I have a CAS 4.1.X overlay, servlet API version 3 in POM.xml, and CAS
running on tomcat7.
I observed that TGC cookie is set to Secure, but NOT httpOnly. Tomcat7
default to HttpOnly for session cookie but it does not know about CAS TGC
cookie, so the CAS web app's session cookie
Hi,
CAS 4.1.9 overlay with Hazelcast as ticket registry. Two instances of CAS
running on each server. With two servers, four instances of CAS, and
request round robin to the four CAS servers.
in cas.properties on each CAS instance:
hz.cluster.members=server1.com,server2.com
First of all, is
Hi,
CAS 5.2.X has embedded tomcat, but it does not have JDNI enabled. How do I
add the customization of making an jndi entry available?
Thx!
Yan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
-
Hello,
With previous CAS4.x and 5.2.x, go to /cas will redirect to /cas/login
automatically. That is quite nice.
But, with 5.3.3, this is no longer happening, it comes up with an "Access
Denied" page and provides a link to /cas/login.
How do I configure the auto-redirect?
Thx!
Yan
--
-
.
>
> To debug, I recommend upping the log level to debug in your log4j2.xml for
> the core cas packages.
>
> Hope this helps,
>
> Jon
> On 6 Sep 2018 19:26, "Yan Zhou" > wrote:
>
>
> Yes, I do have the dependency.
>
> I also removed cas.ser
Hello,
I am enabling JWT Service Ticket in CAS 5.3 server. My flow stops here:
http://localhost:8080/myapp/login/cas?redirect=true=
I suppose the client (myapp) has to change something in order to read the
JWT ticket? But I did not see any documentation on that, does App need to
Hello,
I got CAS 5.3.3 overlay, this works: mvn spring-boot:run.
However, I need to customize CAS, so I had to add additional dependencies,
and "mvn spring-boot:run" no longer works. Is this by design?
I finally see this in README of CAS build.
Be careful with this method of deployment.
HNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
> On Thu, Sep 6, 2018 at 2:13 PM Yan Zhou >
> wrote:
>
>> Hello,
>>
>> This is my external c
See
> https://apereo.github.io/cas/5.3.x/installation/Configuration-Server-Management.html#standalone
> In default 5.3, I do not see application.yml. Do you need it? Does
> cas.properties load if you delete application.yml?
>
> Ray
>
> On Fri, 2018-09-07 at 07:44 -0700, Yan Zhou wrote:
Hello,
We are running CAS 4.1.9. An external vendor wants to do SSO with us. User
login on their side, and they will send us SAML assertion, so that user can
SSO to our App. without login again.
Can CAS (without Shibboleth) consume such SAML 1.x and/or 2.0 assertion?
I think CAS 5.x can, is
;
> Skip backporting. It's only going to make you age faster...and not like
> Clooney.
>
> --Misagh
>
> --
>
> *From: *"Yan Zhou" <yana...@gmail.com >
> *To: *"CAS Community" <cas-...@apereo.org >
> *Sent: *Thurs
Hello,
I built CAS 4.1.9 overlay webapp. In order to test transition among the UI
screens using browser Back button, I enabled AUP flow just so I can have a
couple screens to navigate with.
Login Screen -> Accept User Agreement -> Success Page.
When I am in the 2nd screen, I can use
not go back to it from Success Page because that would require resubmitting
>> the login form.
>> If you really want to be able to go back to Accept User Agreement, you
>> could have a link on Success Page or perform some redirection/javascript
>> reloading of Accept U
Hello,
I followed the build process on CAS page, doing the build on Windows.
This is my command, running from cas-server directory: gradlew build
install --parallel -x test -x javadoc -x check -offline
Here is the error.
> Task :webapp:cas-server-webapp-eureka-server:compileJava
Errors
Hi,
How do you get cas-mangement to create tables?
I have an overlay of CAS-management 5.3.3, the following are
management.properties, when I start it up, I do not see tables being
created, cas-management fails because there is not any table.
Hello!
We run CAS 5.3 Management wit JPA service registry, the tables are on
Oracle, the management app. is failing because some of the columns have
long names that does not work for Oracle.
Is this something we can change in CAS 5.3 Management?
Thx!
Yan
--
- Website:
Hello,
Looking at CAS 5.3 source code, I need to customize action class, so I
create a class with the same name/package in my overlay, but I cannot
resolve compile error on LOGGER.
I understand with Lombok and @Slf4j, I get object: log for free. But, I do
not know how LOGGER is defined in
Hello,
I seem to have a catch-22 problem with CAS 5.3.4 management overlay.
I am using JPA service registry on Oracle, the SAML dependencies in CAS
5.3.4 management is introducing column names longer than 30 characters,
that is not support on Oracle 11.
After I removed SAML dependencies,
Hi,
I have application.properties read like this:
spring.jpa.hibernate.naming_strategy=org.hibernate.cfg.EJB3NamingStrategy
spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl
never mind, some problem with build, the old class file was not cleared.
Yan
On Tuesday, November 6, 2018 at 2:08:02 PM UTC-5, Yan Zhou wrote:
>
> Hi,
>
> This is a big strange, defining a bean is one of the simplest thing in
> Spring Boot projects, but I seem to have probl
Hi,
This is a big strange, defining a bean is one of the simplest thing in
Spring Boot projects, but I seem to have problem in CAS 5.3.3 overlay.
I defined the following configuration class, specified in
META-INF/spring.factories. The UrlHandlerMapping works, as I can see code
stops there as
Hello,
I need to run cas5.3.3 management app on a context root, different from the
default cas-management.
I think I need to have a local manage.html in my cas 5.3.3 management app
overlay, but I do not know where do I place it. It seems to have a
different building process.
Suggestions?
Hello,
CAS 5.3 has "forgot password" link on the login page, that link takes to an
external site that does not yet exist.
On the other hand, CAS 5.3 doc says this: Those who have forgotten their
account password may receive a secure link with a time-based expiration
policy at their
Hello,
CAS 5.3.3 management app is loading service registry in database. That
works correctly. But when edit and save, got error.
this is my management.properties.
mgmt.enableVersionControl=false
mgmt.enableDiscoveryEndpointCall=false
cas.serviceRegistry.initFromJson=false
Hello!
I am using CAS 5.3.3 overlay, but got this error on application.properties.
It has: server.connection-timeout=PT20S, this is default but giving this
error. What did I miss?
Binding to target
org.springframework.boot.autoconfigure.web.ServerProperties@109952a1 failed:
Property:
Hello,
I need to extend my overlay of CAS 5.3.3, to support an additional endpoint.
MyController looks like this. User login to CAS already. I want to get the
authenticated user Id when user comes to this endpoint.
But, I am unable to get TGT below. What would be the right approach?
Thx!
Figured out, the cookie is secure, so it is only sent via TLS. I was
running CAS on Plain HTTP.
Yan
On Tuesday, September 25, 2018 at 2:54:17 PM UTC-4, Yan Zhou wrote:
>
> Hello,
>
> I need to extend my overlay of CAS 5.3.3, to support an additional
> endpoint.
>
> My
Hello!
I wish to figure out how CAS 5.x loads an externalized log4j2.xml based on
the setting in cas.properties.
logging.config=file:///... some location... /config/log4j2.xml
As far as Spring doc., it says: An ApplicationContextInitializer that
configures a logging framework depending on
t; building on Windows. I couldn't find a solid answer as to the impact on the
> final build or any workarounds. I ended up moving my build environment to
> linux to get building working much more smoothly and without errors.
>
>
> On Thursday, September 27, 2018 at 12:22:15 PM UTC
Hello!
This is a known issue:
https://github.com/spring-projects/spring-boot/issues/9172
I am seeing that with CAS5.3.4 overlay, which defaults to log4j2 version
2.11.x and Spring Boot 1.5.16, Is this just me or a known issue with CAS?
When you start up CAS5, does it complain about this?
Hello,
I have CAS Management 5.3.4 overlay, just Oracle database as service
registry.
REGEXREGISTEREDSERVICE table LOGOUT_TYPE is a NUMBER column, has value 1.
When I login to CAS Management, LOGOUT_TYPE drop down does not show
anything. What should be the valid value?
Thx!
Yan
--
-
Hello,
I am under the impression that, if I type /cas/logout in browser, it logs
me out of CAS, then, CAS goes through all services, look for LOGOUT_URL and
LOGOUT_TYPE.
Any service has a LOGOUT_URL and LOGOUT_TYPE defined (e.g., Back Channel),
CAS will POST to that URL.
Is that how it
Hello,
When an app directs to CAS, the CAS login URL is appended "service"
parameter for later redirect.
In CAS4., state transition from Login page preserves the "service"
parameter, the URL does not change as the flow transitions to different
states.
But in CAS5, any state transition from
Hello,
I am running CAS 5.3.3, but latest management web app is 5.3.1.
My management web app will not start up. It just hangs there. What did I
miss?
Here is the log file.
2018-09-12 15:48:11,936 INFO
[org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator]
-
ng to give management app some attention next week.
>
> On Wed, Sep 12, 2018 at 1:00 PM Travis Schmidt > wrote:
>
>> Looks like you have configured your CAS server and the management app to
>> run on the same host and the same port.
>>
>> On Wed, Sep 12, 2018, 1
Hello,
CAS 5.3.3 overlay on tomcat8. I wish to display an error message on CAS
login that says you have one more attempt or two more attempts to login,
before get locked out.
I defined two new exception classes below in cas.properties.
Hello,
I am able to get access token through /token endpoint, but I do not see a
way to get both refresh token and access token.
This is the response of CAS5 /token endpoint. I do not see refresh token
there. How do I get refresh token, either separately or get it returned
along with access
Hello!
CAS4, for SLO, CAS server POSTs (back-channel SLO) to each service to
perform SLO. It works because there is a CAS client in the application
that intercepts such SLO requests, it can find the app. session Id based on
the CAS service ticket Id.
Is there any requirement on the part
Hello,
CAS 5.3.x, CAS-management. I imported a OIDC service definition to UI.
Looks like this. But the UI is asking me to provide JSON Web KeyStore,
Encryption Algorithm, and Encryption Encoding Algorithm. What are these?
On both cas.properties and management.properties, I have defined
ner, maybe it can manage session
> replication (tomcat can do this).
> Another, maybe less desirable option, perhaps the load balancer can look
> for /logout and broadcast to all members of the cluster.
>
> Ray
>
> On Tue, 2019-04-02 at 07:53 -0700, Yan Zhou wrote:
>
>
Hello,
I am debugging an issue that CAS intermittently says that a ST does not
exist, and therefore /serviceValidate fails. I am running cas 4.1.9 on
hazelcast ticket registry. I have multiple instances of CAS running behind
a load balancer, each CAS process also runs hazelcast embedded as
Hello,
I am experimenting with CAS5 OpenID connect support with the overlay
project of 5.3.8.
I put this url in browser, CAS login page comes up, after I enter
user/password, the next screen is: http://localhost:8180/ (this is where
my CAS5 runs).
hello,
I set up CAS 5.3.x overlay for OpenId Connect for authorization code flow.
When I do POST, CAS login page comes up, I enter credential and authorize
access, I successfully got the authorization code, but when I call POST or
GET to get access token or Id token, I keep getting 401, "No
backAuthorize.*]>
here is my POST
https://localhost:8543/cas5/oidc/authorize?client_id=demoOIDC_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug=openid_type=code%20id_token_mode=form_post=gb63gw2hmqk
Thanks!
On Tuesday, March 12, 2019 at 2:38:35 PM UTC-4, Yan Zhou wrote:
>
> hello,
>
>
Hello,
CAS5, one client uses OpenID connect and the other client uses CAS
protocol. Can they achieve SSO?
With CAS protocol, the TGT is in a cookie on the browser side, that is how
SSO is achieved. With OpenID Connect, is there a cookie being generated,
having the same TGT?
Thx!
--
-
hout the query parameters. There is also a
> redirectToLogin as well.
>
>
> Given that you have started invalid credentials then its more than likely
> going down the " to="handleAuthenticationFailure"/>" code and not even hitting your code.
>
&g
Login
On Thursday, February 7, 2019 at 5:12:32 PM UTC-5, rbon wrote:
>
> Yan,
>
> In the preserved parameter log, checkForPswdResetToken exists between
> initializeLoginForm and viewLoginForm. It is missing in yours.
>
> Ray
>
> On Thu, 2019-02-07 at 12:04 -0800
g.QuestCasSupportActionsConfiguration
Thx!
On Wednesday, February 6, 2019 at 1:35:57 PM UTC-5, rbon wrote:
>
> Yan,
>
> Can you post your code?
>
> Ray
>
> On Wed, 2019-02-06 at 10:00 -0800, Yan Zhou wrote:
>
> Hi there,
>
> I extended CAS 5.3.4. The app.
Hi there,
I extended CAS 5.3.4. The app. redirects to CAS login page with service
parameter.
When I type incorrect credential, I saw the invalid credential message, but
I lost service parameter, the screen refreshes to have only the CAS url.
What could be missing in my code?
Thx!
--
-
, rbon wrote:
>
> Yan,
>
> Use your browser development tools to see if there is an unexpected
> redirect. If there is, that would be where the service param is lost.
> The service is part of the url and not a form variable.
>
> Ray
>
> On Thu, 2019-02-07 at 16:04 -08
ou on now? With the right modules and
> configuration, a CAS server could support Open ID and SAML 2.0, in addition
> to CAS.
>
>
>
> Tom
>
>
>
> *From:* cas-...@apereo.org >
> *On Behalf Of *Yan Zhou
> *Sent:* Wednesday, February 13, 2019 10:28 AM
> *To:* CA
Hello!
We have been using CAS in our enterprise quite well. Various apps inside
our corporation use the CAS protocol to achieve SSO.
A vendor wants to integrate with us and they agree that CAS is the single
identity provider. But, they want Open ID Connect or SAML2, not CAS
protocol. It is
Where is 'checkLoginUserAction' defined?
>
> Ray
>
> On Wed, 2019-02-06 at 11:02 -0800, Yan Zhou wrote:
>
> Hi,
>
> I made some customization on the login flow, see all login related
> code/configuration below.
>
> I read this in CAS 5.3.X documentation: If
Hello,
Say, one webapp using CAS protocol to authenticate against CAS 5.3,
another native mobile app uses OpenID Connect to authenticate.
When user gets into Mobile app, can he SSO to webapp?
Thx,
Yan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
Hello,
CAS has a nice diagram explains CAS protocol, how it achieves SSO, by using
cookie.
With CAS5, I can achieve SSO with two clients, one speaking CAS protocol,
the other speaking OpenID Connect.
How did CAS do that, is that by the use of cookie as well? I do not think
OpenID Connect
;
> Ray
>
> On Thu, 2019-05-02 at 15:38 -0700, Yan Zhou wrote:
>
> Hello,
>
> CAS has a nice diagram explains CAS protocol, how it achieves SSO, by
> using cookie.
>
> With CAS5, I can achieve SSO with two clients, one speaking CAS protocol,
> the
2 AM UTC-4, rbon wrote:
>
> Yan,
>
> Do you mean they both try to come up with 5701 or the second one complains
> the port is already taken?
>
> Perhaps hazelcast tries to grab selection of ports. Maybe set one to 4701.
>
> Ray
>
> On Thu, 2019-07-11 at 07:26 -0700,
Hello,
CAS5.3.X, one client uses CAS protocol and the other uses OpenId Connect.
Both Clients are SSO.
The openID connect client does not want to call /cas/logout, because they
prefer an OpenId Connect approach.
Does CAS provide logout for OpenId Connect clients? I do not see it,
1 - 100 of 191 matches
Mail list logo
