Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

[Francois Campbell]

Posting to an old thread, but I too struggled to get attributes visible in 
php

After making the following changes mine came through
If you have specified the CAS version in /etc/httpd/conf.d/cas.conf, 
comment it out.
# CASVersion 2

CASValidateUrlhttps:///cas/samlValidate
CASValidateSAML   On

In CAS itself ensure that the following are also present for each LDAP 
config, in etc/cas/config/cas.properties
cas.authn.attributeRepository.merger:   ADD
cas.authn.ldap[0].principalAttributeList=cn,sn,mail

For me the attributeRepository.ldap attributes did not display on the 
client side.
e.g cas.authn.attributeRepository.ldap[0].attributes.

On Friday, 16 February 2018 02:13:37 UTC+2, dhawes wrote:
>
> On Thu, Feb 15, 2018 at 2:51 PM, Mukunthini Jeyakumar 
> > wrote: 
> > Thanks dhawes. 
> > 
> > I'm using the php code to print the values retuned in the header 
> >   > foreach (getallheaders() as $name => $value) { 
> > echo "$name: $value\n"; 
> > } 
> >   ?> 
> > 
> > I've no issues if I use serviceValidate, but I'm only getting the 
> username, 
> > I do not see the rest of the attributes released 
> > 
> > CASValidateURL https://:8443/cas/serviceValidate 
> > CASValidateSAML   Off 
>
> Do you see the attributes in the validation response? You can see this 
> in the debug logs. 
>
> Note that only the code in master supports CASv2 attributes. If you 
> see the attributes in the validation response, try mod_auth_cas 
> master. 
>
> > if I use SAML then I get error 
> > 
> > CASValidateURL https://:8443/cas/samlValidate 
> > CASValidateSAML   On 
> > 
> > 
> > I already built CAS with SAML 1.1 by adding  cas-server-support-saml, 
>
> This sounds like a CAS server issue. Have you verified /samlValidate 
> is working? What does the validation response look like? 
>

-- 


See OpenCollab email disclaimer at 
http://www.opencollab.co.za/email-disclaimer 


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0cce1c-fed1-4bb7-9e12-2ab4d67bf823%40apereo.org.

[cas-user] Re: Deploying Apereo CAS document updated (finally)!

[Francois Campbell]

Thanks so much David.

Your documentation has been a great help and the updates be of tremendous 
help in the future.

On Thursday, 18 October 2018 21:14:34 UTC+2, David Curry wrote:
>
>
> For those of you who have been waiting (and waiting, and waiting, ...) for 
> me to update my *Deploying Apereo CAS* documentation, I have finally 
> gotten enough time to do that. Aside from dozens of minor updates and 
> corrections accumulated over the last 8 or 9 months, the following major 
> sections have been completed/added:
>
>- Customizing the CAS user interface
>   - How CAS themes work
>   - How Thymeleaf layouts work
>   - Add a new theme to the overlay
>   - Build and deploy the overlay
>   - Develop the custom theme
>- Google Apps (G Suite) integration
>   - Generate keys and certificates
>   - Configure Google single sign-on
>- Moving to production
>- Configuration changes
>   - Problems encountered
>
> As always, the documentation can be found here:   
> https://dacurry-tns.github.io/deploying-apereo-cas/ 
>
> This pretty much does it for now -- the document more or less reflects 
> what we're running in production (CAS 5.2.*x*), and we don't plan to go 
> to CAS 5.3 unless something forces us to. The next major release for us 
> will be CAS 6.*something.* I will almost certainly be updating the 
> document once we start working on that, since we use it internally as a 
> reference as well. But that probably won't happen until the end of this 
> year or the beginning of next year at the earliest (sorry). 
>
> Enjoy,
> --Dave
>
>
>
-- 


See OpenCollab email disclaimer at 
http://www.opencollab.co.za/email-disclaimer 


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f864fbb7-140e-4ea3-bc94-c8cfa12a759c%40apereo.org.

Re: [cas-user] Re: Service Registry -- Getting the 1st Application Entered

[Francois Campbell]

can you set your LDAP logger to debug level

in /etc/cas/config/log4j2.xml +- line 93
e.g. 

Restart and test, you should see a great deal more information.

Regards
*Francois Campbell*
Teaching and Learning Product Lead






On Fri, 31 Aug 2018 at 17:26, abdellhak tlili 
wrote:

> that not solve the problem !!
>
>
> Le vendredi 31 août 2018 16:11:09 UTC+2, Francois Campbell a écrit :
>>
>> Not sure if it just a typo, but your example repeats ldap protocol twice.
>> cas.authn.ldap[0].ldapUrl=*ldap:ldap*://localhost:10389/dc=XXX,dc=com
>>
>> You may also require cas.authn.ldap[0].bindDn
>> e.g.
>> cas.authn.ldap[0].bindDn: CN=ADMIN_USERNAME,cn=Users,dc=XXX,dc=com
>>
>> 
>> Regards
>> *Francois Campbell*
>> Teaching and Learning Product Lead
>>
>>
>>
>>
>>
>>
>> On Fri, 31 Aug 2018 at 16:02, abdellhak tlili 
>> wrote:
>>
>>> Hi All ,
>>> i'm trying to configure CAS 5.1.9 with LDAP authentication  , i have add
>>> ldap support dependency in pom.xml  also i have add ldap configuration into
>>> cas.properites , and when i try to connect LDAP i have this 2  messages in
>>> cas.log
>>>
>>> *cas.properites:*
>>>  cas.authn.ldap[0].principalAttributeList=sn,cn:admin
>>>  cas.authn.ldap[0].collectDnAttribute=false
>>>  cas.authn.ldap[0].principalDnAttributeName=dc=XXX,dc=com
>>>  cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
>>>  cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
>>>  cas.authn.ldap[0].credentialCriteria=
>>>
>>>  
>>> cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>>>
>>> #
>>> # Authentication
>>> #
>>> cas.authn.accept.users=
>>> cas.authn.ldap[0].type=AD
>>> cas.authn.ldap[0].ldapUrl=ldap:ldap://localhost:10389/dc=XXX,dc=com
>>> cas.authn.ldap[0].useSsl=false
>>> cas.authn.ldap[0].baseDn=ou=Users,dc=XXX,dc=com
>>> cas.authn.ldap[0].userFilter=uid={user}
>>> cas.authn.ldap[0].bindCredential=userPassword
>>>
>>>
>>>
>>> *cas.log*
>>> 1- /***/
>>> N [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> >> authentication handler that supports [admin@**.com] of type
>>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>> 2018-08-31 14:51:28,279 INFO
>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >> trail record BEGIN
>>> /**/
>>>
>>> 2-/**/
>>> 2018-08-31 14:51:28,285 ERROR
>>> [org.apereo.cas.web.flow.AuthenticationExceptionHandlerAction] - >> translate handler errors of the authentication exception
>>> [org.apereo.cas.authentication.AuthenticationException: 0 errors, 0
>>> successes]Returning [UNKNOWN]>
>>> /***/
>>>
>>>
>>>
>>> *pleas HELP HELP*
>>>
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8baed680-b5ec-405a-8f13-b2b3054e7a88%40apereo.org
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8baed680-b5ec-405a-8f13-b2b3054e7a88%40apereo.org?utm_medium=email_source=footer>
>>> .
>>>
>>
>>
>> --
>> See OpenCollab email disclaimer at
>> http://www.opencollab.co.za/email-disclaimer
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
>

Re: [cas-user] Re: Service Registry -- Getting the 1st Application Entered

[Francois Campbell]

Not sure if it just a typo, but your example repeats ldap protocol twice.
cas.authn.ldap[0].ldapUrl=*ldap:ldap*://localhost:10389/dc=XXX,dc=com

You may also require cas.authn.ldap[0].bindDn
e.g.
cas.authn.ldap[0].bindDn: CN=ADMIN_USERNAME,cn=Users,dc=XXX,dc=com


Regards
*Francois Campbell*
Teaching and Learning Product Lead






On Fri, 31 Aug 2018 at 16:02, abdellhak tlili 
wrote:

> Hi All ,
> i'm trying to configure CAS 5.1.9 with LDAP authentication  , i have add
> ldap support dependency in pom.xml  also i have add ldap configuration into
> cas.properites , and when i try to connect LDAP i have this 2  messages in
> cas.log
>
> *cas.properites:*
>  cas.authn.ldap[0].principalAttributeList=sn,cn:admin
>  cas.authn.ldap[0].collectDnAttribute=false
>  cas.authn.ldap[0].principalDnAttributeName=dc=XXX,dc=com
>  cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
>  cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
>  cas.authn.ldap[0].credentialCriteria=
>
>  
> cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>
> #
> # Authentication
> #
> cas.authn.accept.users=
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].ldapUrl=ldap:ldap://localhost:10389/dc=XXX,dc=com
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].baseDn=ou=Users,dc=XXX,dc=com
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].bindCredential=userPassword
>
>
>
> *cas.log*
> 1- /***/
> N [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>  authentication handler that supports [admin@**.com] of type
> [UsernamePasswordCredential], which suggests a configuration problem.>
> 2018-08-31 14:51:28,279 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> /**/
>
> 2-/**/
> 2018-08-31 14:51:28,285 ERROR
> [org.apereo.cas.web.flow.AuthenticationExceptionHandlerAction] -  translate handler errors of the authentication exception
> [org.apereo.cas.authentication.AuthenticationException: 0 errors, 0
> successes]Returning [UNKNOWN]>
> /***/
>
>
>
> *pleas HELP HELP*
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8baed680-b5ec-405a-8f13-b2b3054e7a88%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8baed680-b5ec-405a-8f13-b2b3054e7a88%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 


See OpenCollab email disclaimer at 
http://www.opencollab.co.za/email-disclaimer 
<http://www.opencollab.co.za/email-disclaimer>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFQxT-%2BZtJU67vjsTEoBPu-nF_EfcxeV96QC40O9hu965GiuOg%40mail.gmail.com.

Re: [cas-user] Service Registry -- Getting the 1st Application Entered

[Francois Campbell]

Hi.

I believe only one of the two should be in the pom.xml file at a time.

Regards
*Francois Campbell*
Teaching and Learning Product Lead






On Fri, 31 Aug 2018 at 13:05, 党田力  wrote:

> I had test on 5.2.6 adn 5.2.7 version
> Only append `cas-server-support-json-service-registry` to pom.xml, the '
> cas.serviceRegistry.initFromJson=true' is worked.
> Only append `cas-server-support-jpa-service-registry` to pom.xml, the
> database is worked.
> But I append both them, the services defined in json is not loaded.
>
> On 5.1.9 version works.
>
>
> 在 2018年5月15日星期二 UTC+8下午8:15:55，David Curry写道：
>>
>> Lionel and Jann,
>>
>> Did you ever have the JSON service registry working? If not, I recommend
>> that you take all the JPA stuff out of pom.xml and cas.properties and get
>> that working correctly first, so that you're only trying to debug one thing
>> at a time. Once you have the JSON service registry working correctly, for
>> both the main server and the management webapp, then it's time to move
>> things to JPA.
>>
>> The basic steps for moving to JPA *should* be this:
>>
>> 1. REMOVE the "cas-server-support-json-service-registry" dependency from
>> pom.xml (server and management webapp)
>>
>> 2. Add the "cas-server-support-jpa-service-registry" dependency and
>> whatever other dependencies go with it to pom.xml (server and management
>> webapp)
>>
>> 3. Rebuild the server and management webapp
>>
>> 4. In the server's cas.properties file, include BOTH of these lines:
>>
>> cas.serviceRegistry.json.location: file:/etc/cas/services
>> cas.serviceRegistry.initFromJson:  true
>>
>>
>> The first line should already be there (since before you start these
>> steps you're using the JSON service registry), but you must add the second
>> line.
>>
>> 5. Add all the lines you need to configure the JPA service registry to
>> the server's cas.properties file.
>>
>> 6. Start the CAS server (do not start the management webapp). You should
>> see it load the services from the JSON files (again, this should already be
>> working before you start) and then it will magically save them into the JPA
>> registry.
>>
>> 7. Shut the server down.
>>
>> 8. Check the database to see that the services actually got loaded there.
>> If not, this is where you need to start debugging. And the first step of
>> that would be setting the log level to "debug" in log4j2.xml, and adding
>> whatever Logger configuration you need to make the Oracle JDBC library log
>> for you as well.
>>
>> Once you've got the services loaded into the database
>>
>> 9. Remove the "cas.serviceRegistry.json.location" and
>> "cas.serviceRegistry.initFromJson" properties from the server's
>> cas.properties file.
>>
>> 10. Remove the "cas.serviceRegistry.json.location" property from, and add
>> all the JPA properties to, the management webapp's management.properties
>> file.
>>
>> At least, that's the procedure I followed to get the MongoDB service
>> registry working (see
>> https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html).
>> I've not used the JPA stuff at all, so no guarantees, but I don't see why
>> it should be any different.
>>
>> --Dave
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel 
>> wrote:
>>
>>> Changing in "cas.properties"
>>> 'cas.serviceRegistry.json.location:file:/etc/cas/services' to
>>> 'cas.serviceRegistry.json.location:foobar:/etc/cas/services'
>>>
>>> The above does not generate an error message --- is that a sign it's not
>>> loaded?
>>>
>>>
>>> On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote:
>>>>
>>>> I'm working with Jann -- attached is our pom file (we call the jar
>>>> my-cas -- which is reflected in the URLs).
>>>>
>>>> It does not look like the JSON file is loaded -- I don't think it's pom
>>>> related --- but at the moment we are both stumped so anything goes.
>>>>
>>>> 2018-05-14 20:23:17,715 WARN
>>>> [org.apereo.cas.services.web.ServiceThemeRes

[cas-user] CAS Version Changelog

[Francois Campbell]

Good day.

Could anyone please refer me to a change log or list of improvements from 
version 3.4.7 to the current version.


-- 

--
See OpenCollab email disclaimer at 
http://www.opencollab.co.za/email-disclaimer

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/40199926-c91a-4780-b9d6-1a88faf212c7%40apereo.org.