Re: [cas-user] Service Registry -- Getting the 1st Application Entered

[Man H]

where are these pointing to:

cas.serviceRegistry.json.location for 5.2.x
or
cas.serviceRegistry.config.location for 5.1.x

2018-05-14 19:41 GMT-03:00 Jann Malenkoff :

> FYI --- the following appears in 'catalina.out' when attempting to access '
> http://localhost:8080/cas-management/manage.html,'.
>
> 2018-05-14 15:39:09,152 WARN 
> [org.apereo.cas.services.web.ServiceThemeResolver]
> -  authentication.principal.SimpleWebApplicationServiceImpl@13eed7a6[id=
> http://localhost:8080/cas-management/manage.html,originalUrl=http:/
> /localhost:8080/cas-management/manage.html,artifactId=,principal=<
> null>,loggedOutAlready=false,format=XML]] or service access is
> disallowed. Using default theme [cas-theme-default]>
>
>
> On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote:
>>
>> Hi Richard:
>>
>> I have the following in 'cas.properties':
>>
>> cas.serviceRegistry.initFromJson=true
>>
>> Is that correct to enable the first read from JSON? I have been staring
>> at the screen for so long and begining to doubt myself w.r.t true/false
>> flags.
>>
>> On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp wrote:
>>>
>>> Do you have initialization on from JSON? Not sure if it will use your
>>> file or just the defaults. Either way, it should get you into the manager.
>>> Then you configure the manager service, and turn that property off.
>>>
>>> # Auto-initialize the registry from default JSON service definitions
>>> # cas.serviceRegistry.initFromJson=false
>>>
>>>
>>>
>>> On 05/14/2018 05:13 PM, Jann Malenkoff wrote:
>>>
>>> Hi All:
>>>
>>> I'm trying to get the 'http://localhost:8080/cas-management/manage.html'
>>> loaded up --- but hitting the error message:
>>> '
>>> Application Not Authorized to Use CAS
>>>
>>> The services registry of CAS is empty and has no service definitions.
>>> Applications that wish to authenticate with CAS must explicitly be defined
>>> in the services registry.'
>>>
>>>
>>> I am hoping to have a JPA service registry --- and have configured the
>>> dependencies below in the 'cas-overlay-template' pom.xml.
>>>
>>>
>>> To enable the access to 'http://localhost:8080/cas-man
>>> agement/manage.html, I have added  the JASON entry as below --- but do
>>> not see it in the database table REGEXREGISTEREDSERVICE (I have
>>> cas.serviceRegistry.config.location:file:/etc/cas/services in
>>> 'cas.properties).
>>>
>>>
>>> What could I have missed (or more likely misunderstood)?
>>>
>>>
>>> *JSON File in /etc/cas/services (copied -- slightly adjusted -- from an
>>> earlier post):*
>>>
>>> {
>>>   /*
>>>* Wildcard service definition that applies to any https or imaps url.
>>>* Do not use this definition in a production environment.
>>>*/
>>>   "@class" :"org.apereo.cas.services.Regex
>>> RegisteredService",
>>>   "serviceId" : "^(http)://.*",
>>>   "name" :  "HTTP wildcard",
>>>   "id" :20180514,
>>>   "evaluationOrder" :   9
>>> }
>>>
>>>
>>> *pom.xml -- for cas-overlay-template*
>>>
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-webapp$
>>> {app.server}
>>> ${cas.version}
>>> war
>>> runtime
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support
>>> -json-service-registry
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-ldap
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support
>>> -jpa-service-registry
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support
>>> -jpa-ticket-registry
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support
>>> -jdbc-drivers
>>> ${cas.version}
>>> 
>>> 
>>> com.oracle
>>> ojdbc7.jar
>>> 12.1.0.1
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-saml
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-duo
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support
>>> -events-jpa
>>> ${cas.version}
>>> 
>>> 
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - 

Re: [cas-user] does CAS 5.2.0 SAML Logout support propagation of logout requests to other session participants?

[Man H]

If you want slo for all services

cas.slo.disabled=true



2018-05-14 5:19 GMT-03:00 Elena Hong <aheer...@gmail.com>:

> Thanks to reply.
>
> I try do it.
> But It only sends logout message last service.
>
> Add config
>
> cas.slo.disabled=false
>
> cas.slo.asynchronous=false
>
>
>
> My Test Case.
> - I have 3 Service Provider, A, B, C.
> - I login A, B, C in order with SAML protocol.
> I expect to result.
> - when I logout at A then B and C receive logout message From CAS.
> But actual result.
> - when I logout at A, receive logout message only C (logged in last), B
> didn't.
>
> So I debugged CAS 5.2.0, Service Ticket has info only last logged in
> service.
>
> Is it bug or doesn't provide slo at SAML?
>
> Thanks.
>
> 2018년 5월 12일 (토) 오전 2:59, Man H <info.ings...@gmail.com>님이 작성:
>
>> cas.slo.disabled=false
>>
>>
>> see https://apereo.github.io/cas/5.2.x/installation/Logout-
>> Single-Signout.html
>>
>> 2018-05-11 1:53 GMT-03:00 Elena <aheer...@gmail.com>:
>>
>>> Hello,
>>>
>>> I read your SAML Docs and found link https://
>>> kantarainitiative.github.io/SAMLprofiles/fedinterop.html#_
>>> single_logout_2.
>>>
>>> It define SAML Single Logout like this.
>>>
>>> 4.3. Single Logout
>>> [IIP-IDP17]
>>>
>>> Identity Providers MUST It is OPTIONAL to support propagation of
>>> logout requests to other session participants.
>>>
>>> I wonder that CAS provide OPTIONAL function (highlighted red color) of
>>> SAML Single logout.
>>>
>>> Thanks.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/
>>> apereo.org/d/msgid/cas-user/650fbf2f-3b98-4dd0-b439-
>>> 92237f74e0e0%40apereo.org
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/650fbf2f-3b98-4dd0-b439-92237f74e0e0%40apereo.org?utm_medium=email_source=footer>
>>> .
>>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to a topic in the
>> Google Groups "CAS Community" group.
>> To unsubscribe from this topic, visit https://groups.google.com/a/
>> apereo.org/d/topic/cas-user/olu1-70c53U/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/
>> apereo.org/d/msgid/cas-user/CAMY5micdND85FQTQA37b-
>> pkecaKpVoQh-bpLmwwgANZcv1TguQ%40mail.gmail.com
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micdND85FQTQA37b-pkecaKpVoQh-bpLmwwgANZcv1TguQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAFPc70%3DnhBrrn7%2Baepxt7S4w4HX7gcQzrOVDShk--
> 4KgoCrYUw%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFPc70%3DnhBrrn7%2Baepxt7S4w4HX7gcQzrOVDShk--4KgoCrYUw%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micub4eVVArF93Bwn2T2bhe_1kO-QhTyFZU7prEPtpY%3DqQ%40mail.gmail.com.

Re: [cas-user] oracle.jdbc.driver.OracleDriver was not found

[Man H]

Your highlighted messages are warnings. Focus on error eg ddl error etc

El domingo, 13 de mayo de 2018, Lionel Samuel 
escribió:

> I have google this to kingdom come --- but still stumped.
>
> I have started to experiment with JPA for  both the service and ticket
> registries (starting with the ticket registry).
>
> I am receiving the 'oracle.jdbc.driver.OracleDriver was not found'
> message on tomcat startup --- I have added the OJDBC7.jar to the build.sh's
> pom, and for added measure also added to the /opt/tomcat/lib (after the
> build, the jar alo appears in /opt/tomcat/webapps/cas/WEB-
> INF/lib/ojdbc7.jar-12.1.0.1.jar).
>
> Any ideas on what I could have left our or an error that I missed?
>
>
> *Error Message:*
> 2018-05-13 12:03:08,172 INFO [org.apereo.cas.web.
> CasWebApplicationServletInitializer] -  active: standalone>
> 2018-05-13 12:03:17,232 WARN [com.zaxxer.hikari.HikariConfig] -
>  it.>
> 2018-05-13 12:03:17,232 WARN [com.zaxxer.hikari.HikariConfig] -
>  maxLifetime, disabling it.>
> 2018-05-13 11:58:15,291 WARN [com.zaxxer.hikari.HikariConfig] -
>  maxLifetime, disabling it.>
> 2018-05-13 11:58:15,298 WARN [com.zaxxer.hikari.util.DriverDataSource] - 
>  driver with driverClassName=oracle.jdbc.driver.OracleDriver was not
> found, trying direct instantiation.>
> 2018-05-13 11:58:18,811 WARN 
> [org.hibernate.tool.schema.internal.ExceptionHandlerLoggedImpl]
> -  executing DDL via JDBC Statement>
> org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing
> DDL via JDBC Statement
> ...
>
>
>
> *pom.xml*
> 
>  org.apereo.cas
>  cas-server-support-ldap
>  ${cas.version}
>  
>  
>  org.apereo.cas
>  cas-server-support-json-service-registry<
> /artifactId>
>  ${cas.version}
>  
>  
>  org.apereo.cas
>  cas-server-support-jpa-service-registry artifactId>
>  ${cas.version}
>  
>  
>  org.apereo.cas
>  cas-server-support-jpa-ticket-registry artifactId>
>  ${cas.version}
>  
>  
>  com.oracle
>  ojdbc7.jar
>  12.1.0.1
>  
>
> *ojdbc locations*
> /opt/tomcat/lib/ojdbc7.jar
> /opt/tomcat/webapps/cas/WEB-INF/lib/ojdbc7.jar-12.1.0.1.jar
>
>
> *cas.properties*
> cas.ticket.registry.jpa.jpaLockingTimeout=3600
> cas.ticket.registry.jpa.healthQuery=SELECT 1 FROM DUAL
> cas.ticket.registry.jpa.isolateInternalQueries=false
> cas.ticket.registry.jpa.url=jdbc:oracle:thin:@foo:bar
> cas.ticket.registry.jpa.failFast=true
> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle12cDialect
> cas.ticket.registry.jpa.leakThreshold=10
> cas.ticket.registry.jpa.jpaLockingTgtEnabled=true
> cas.ticket.registry.jpa.batchSize=1
> cas.ticket.registry.jpa.defaultCatalog=
> cas.ticket.registry.jpa.defaultSchema=
> cas.ticket.registry.jpa.user=USER
> cas.ticket.registry.jpa.ddlAuto=create-drop
> cas.ticket.registry.jpa.password=SNIP
> cas.ticket.registry.jpa.autocommit=false
> cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
> cas.ticket.registry.jpa.idleTimeout=5000
>
> cas.ticket.registry.jpa.pool.suspension=false
> cas.ticket.registry.jpa.pool.minSize=6
> cas.ticket.registry.jpa.pool.maxSize=18
> cas.ticket.registry.jpa.pool.maxWait=2000
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/8403eca9-b1aa-4fe0-8891-
> b874589990a0%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifTv%3DaXpjJwLcfcXo0GxSeHr3Bj_CVSePgFWJ%3D_UVhK-g%40mail.gmail.com.

Re: [cas-user] oracle.jdbc.driver.OracleDriver was not found

[Man H]

Where are your  cas properties. See where they are fetched from when cas
starts un Catalina.out

El domingo, 13 de mayo de 2018, Lionel Samuel 
escribió:

> Hi Manfredo:
>
> >Where are service registry properties?
>
> Thank you -- I did not have them initially ---  I had mistakenly thought
> that I could test the Ticket Registry Oracle DB connections independently
> to the Service Registry.
>
> After receiving your posted, I've added the Service Registry properties
> (listed below). Since then the error messages have changed (also listed
> below) --- however ' driverClassName=oracle.jdbc.driver.OracleDriver was
> not found, trying direct instantiation' remains.
>
> Is there anything else I am missing?
>
>  CAS TICKET REGISTRY
> cas.ticket.registry.jpa.jpaLockingTimeout=3600
> cas.ticket.registry.jpa.healthQuery=SELECT 1 FROM DUAL
> cas.ticket.registry.jpa.isolateInternalQueries=false
> cas.ticket.registry.jpa.url=jdbc:oracle:thin:@foo:bar
> cas.ticket.registry.jpa.failFast=true
> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle12cDialect
> cas.ticket.registry.jpa.leakThreshold=10
> cas.ticket.registry.jpa.jpaLockingTgtEnabled=false
> cas.ticket.registry.jpa.batchSize=1
> #cas.ticket.registry.jpa.defaultCatalog=
> cas.ticket.registry.jpa.defaultSchema=USER
> cas.ticket.registry.jpa.user=USER
> cas.ticket.registry.jpa.ddlAuto=create
> cas.ticket.registry.jpa.password=SNIP
> cas.ticket.registry.jpa.autocommit=false
> cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
> cas.ticket.registry.jpa.idleTimeout=5000
>
> cas.ticket.registry.jpa.pool.suspension=false
> cas.ticket.registry.jpa.pool.minSize=6
> cas.ticket.registry.jpa.pool.maxSize=18
> cas.ticket.registry.jpa.pool.maxWait=2000
>
> # cas.ticket.registry.jpa.crypto.signing.key=
> # cas.ticket.registry.jpa.crypto.signing.keySize=512
> # cas.ticket.registry.jpa.crypto.encryption.key=
> # cas.ticket.registry.jpa.crypto.encryption.keySize=16
> # cas.ticket.registry.jpa.crypto.alg=AES
>
>
>  CAS SERVICES REGISTRY
> cas.serviceRegistry.watcherEnabled=true
> cas.serviceRegistry.repeatInterval=12
> cas.serviceRegistry.startDelay=15000
> cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.jpa.healthQuery=SELECT 1 FROM DUAL
> cas.serviceRegistry.jpa.isolateInternalQueries=false
> cas.serviceRegistry.jpa.url=jdbc:oracle:thin:@foo:bar
> cas.serviceRegistry.jpa.failFast=true
> cas.serviceRegistry.jpa.dialect=oracle.jdbc.driver.OracleDriver
> cas.serviceRegistry.jpa.leakThreshold=10
> cas.serviceRegistry.jpa.batchSize=1
> cas.serviceRegistry.jpa.defaultCatalog=
> cas.serviceRegistry.jpa.defaultSchema=USER
> cas.serviceRegistry.jpa.user=USER
> cas.serviceRegistry.jpa.ddlAuto=create
> cas.serviceRegistry.jpa.password=SNIP
> cas.serviceRegistry.jpa.autocommit=false
> cas.serviceRegistry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
> cas.serviceRegistry.jpa.idleTimeout=5000
> cas.serviceRegistry.jpa.pool.suspension=false
> cas.serviceRegistry.jpa.pool.minSize=6
> cas.serviceRegistry.jpa.pool.maxSize=18
> cas.serviceRegistry.jpa.pool.maxIdleTime=1000
> cas.serviceRegistry.jpa.pool.maxWait=2000
>
>
> 2018-05-13 12:58:43,075 WARN [com.zaxxer.hikari.HikariConfig] -
>  it.>
> 2018-05-13 12:58:43,075 WARN [com.zaxxer.hikari.HikariConfig] -
>  maxLifetime, disabling it.>
> 2018-05-13 12:58:43,096 WARN [com.zaxxer.hikari.util.DriverDataSource] -
>  was not found, trying direct instantiation.>
> 2018-05-13 12:58:53,866 WARN [com.zaxxer.hikari.HikariConfig] -
>  it.>
> 2018-05-13 12:58:53,866 WARN [com.zaxxer.hikari.HikariConfig] -
>  maxLifetime, disabling it.>
> 2018-05-13 12:58:53,867 WARN [com.zaxxer.hikari.util.DriverDataSource] -
>  was not found, trying direct instantiation.>
> 2018-05-13 12:58:54,556 WARN 
> [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator]
> -  construct requested dialect [oracle.jdbc.driver.OracleDriver]>
> 2018-05-13 12:58:54,556 WARN [org.springframework.boot.context.embedded.
> AnnotationConfigEmbeddedWebApplicationContext] -  during context initialization - cancelling refresh attempt:
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'serviceEntityManagerFactory' defined in class path resource
> [org/apereo/cas/config/JpaServiceRegistryConfiguration.class]: Invocation
> of init method failed; nested exception is 
> org.hibernate.service.spi.ServiceException:
> Unable to create requested service [org.hibernate.engine.jdbc.
> env.spi.JdbcEnvironment]>
> 2018-05-13 12:58:54,561 WARN [com.ryantenney.metrics.
> spring.config.annotation.MetricsConfigurerAdapter] -  reporter>
> org.springframework.beans.factory.BeanCreationNotAllowedException: Error
> creating bean with name 'casMetricsConfiguration': Singleton bean creation
> not allowed while singletons of this factory are in destruction (Do not
> request a bean from a BeanFactory in a destroy method implementation!)
> at org.springframework.beans.factory.support.
> 

Re: [cas-user] oracle.jdbc.driver.OracleDriver was not found

[Man H]

Where are service registry properties?

El domingo, 13 de mayo de 2018, Lionel Samuel 
escribió:

> I have google this to kingdom come --- but still stumped.
>
> I have started to experiment with JPA for  both the service and ticket
> registries (starting with the ticket registry).
>
> I am receiving the 'oracle.jdbc.driver.OracleDriver was not found'
> message on tomcat startup --- I have added the OJDBC7.jar to the build.sh's
> pom, and for added measure also added to the /opt/tomcat/lib (after the
> build, the jar alo appears in /opt/tomcat/webapps/cas/WEB-
> INF/lib/ojdbc7.jar-12.1.0.1.jar).
>
> Any ideas on what I could have left our or an error that I missed?
>
>
> *Error Message:*
> 2018-05-13 12:03:08,172 INFO [org.apereo.cas.web.
> CasWebApplicationServletInitializer] -  active: standalone>
> 2018-05-13 12:03:17,232 WARN [com.zaxxer.hikari.HikariConfig] -
>  it.>
> 2018-05-13 12:03:17,232 WARN [com.zaxxer.hikari.HikariConfig] -
>  maxLifetime, disabling it.>
> 2018-05-13 11:58:15,291 WARN [com.zaxxer.hikari.HikariConfig] -
>  maxLifetime, disabling it.>
> 2018-05-13 11:58:15,298 WARN [com.zaxxer.hikari.util.DriverDataSource] - 
>  driver with driverClassName=oracle.jdbc.driver.OracleDriver was not
> found, trying direct instantiation.>
> 2018-05-13 11:58:18,811 WARN 
> [org.hibernate.tool.schema.internal.ExceptionHandlerLoggedImpl]
> -  executing DDL via JDBC Statement>
> org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing
> DDL via JDBC Statement
> ...
>
>
>
> *pom.xml*
> 
>  org.apereo.cas
>  cas-server-support-ldap
>  ${cas.version}
>  
>  
>  org.apereo.cas
>  cas-server-support-json-service-registry<
> /artifactId>
>  ${cas.version}
>  
>  
>  org.apereo.cas
>  cas-server-support-jpa-service-registry artifactId>
>  ${cas.version}
>  
>  
>  org.apereo.cas
>  cas-server-support-jpa-ticket-registry artifactId>
>  ${cas.version}
>  
>  
>  com.oracle
>  ojdbc7.jar
>  12.1.0.1
>  
>
> *ojdbc locations*
> /opt/tomcat/lib/ojdbc7.jar
> /opt/tomcat/webapps/cas/WEB-INF/lib/ojdbc7.jar-12.1.0.1.jar
>
>
> *cas.properties*
> cas.ticket.registry.jpa.jpaLockingTimeout=3600
> cas.ticket.registry.jpa.healthQuery=SELECT 1 FROM DUAL
> cas.ticket.registry.jpa.isolateInternalQueries=false
> cas.ticket.registry.jpa.url=jdbc:oracle:thin:@foo:bar
> cas.ticket.registry.jpa.failFast=true
> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle12cDialect
> cas.ticket.registry.jpa.leakThreshold=10
> cas.ticket.registry.jpa.jpaLockingTgtEnabled=true
> cas.ticket.registry.jpa.batchSize=1
> cas.ticket.registry.jpa.defaultCatalog=
> cas.ticket.registry.jpa.defaultSchema=
> cas.ticket.registry.jpa.user=USER
> cas.ticket.registry.jpa.ddlAuto=create-drop
> cas.ticket.registry.jpa.password=SNIP
> cas.ticket.registry.jpa.autocommit=false
> cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
> cas.ticket.registry.jpa.idleTimeout=5000
>
> cas.ticket.registry.jpa.pool.suspension=false
> cas.ticket.registry.jpa.pool.minSize=6
> cas.ticket.registry.jpa.pool.maxSize=18
> cas.ticket.registry.jpa.pool.maxWait=2000
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/8403eca9-b1aa-4fe0-8891-
> b874589990a0%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif7HS5uuZ%2Bj6QTGUaWZ1HuZmQKRqmcV6tF7Y6Pg5P53kA%40mail.gmail.com.

Re: [cas-user] Page 'http://localhost:8080/cas/login' does not load up

[Man H]

I suggest you generate war again.

El sábado, 12 de mayo de 2018, Y Levine  escribió:

> Thank you for your help :)
>
> I had a number of areas missingthe following is the error message
> received.
>
> Was this somehow missed in the overlay?
>
>  java.lang.IllegalStateException: java.io.FileNotFoundException:
> /opt/apache-tomcat-8.5.31/webapps/cas/WEB-INF/lib/cas-server-core-5.2.4.jar
> (No such file or directory)
>
> On Friday, May 11, 2018 at 3:48:28 PM UTC-7, Manfredo Hopp wrote:
>>
>> Look into localhost.log
>>
>> El viernes, 11 de mayo de 2018, Y Levine  escribió:
>>
>>> Thank you for your reply Manfredo.
>>>
>>> The following is obtained in the 'cataline.out' when started --- nothing
>>> further when page is accessed.
>>>
>>> Kinda stumped -- I'm probably missing something obvious -- without logs
>>> to guide not 100% sure.
>>>
>>> My other guess is that the 'cas.properties' is in
>>> '/opt/tomcat/webapps/cas/WEB-INF/classes/etc/cas/config' -- perhaps
>>> this is not the correct location?
>>>
>>> 11-May-2018 13:54:14.579 INFO [main] org.apache.coyote.AbstractProtocol.init
>>> Initializing ProtocolHandler ["http-nio-8080"]
>>> 11-May-2018 13:54:14.588 INFO [main] 
>>> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
>>> Using a shared selector for servlet write/read
>>> 11-May-2018 13:54:14.616 INFO [main] org.apache.coyote.AbstractProtocol.init
>>> Initializing ProtocolHandler ["ajp-nio-8009"]
>>> 11-May-2018 13:54:14.617 INFO [main] 
>>> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
>>> Using a shared selector for servlet write/read
>>> 11-May-2018 13:54:14.630 INFO [main] 
>>> org.apache.catalina.startup.Catalina.load
>>> Initialization processed in 1049 ms
>>> 11-May-2018 13:54:14.653 INFO [main] 
>>> org.apache.catalina.core.StandardService.startInternal
>>> Starting service [Catalina]
>>> 11-May-2018 13:54:14.653 INFO [main] 
>>> org.apache.catalina.core.StandardEngine.startInternal
>>> Starting Servlet Engine: Apache Tomcat/8.5.31
>>> 11-May-2018 13:54:14.720 INFO [localhost-startStop-1]
>>> org.apache.catalina.startup.HostConfig.deployWAR Deploying web
>>> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war]
>>> 11-May-2018 13:54:17.117 INFO [localhost-startStop-1]
>>> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
>>> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war] has
>>> finished in [2,386] ms
>>> 11-May-2018 13:54:17.120 INFO [main] 
>>> org.apache.coyote.AbstractProtocol.start
>>> Starting ProtocolHandler ["http-nio-8080"]
>>> 11-May-2018 13:54:17.233 INFO [main] 
>>> org.apache.coyote.AbstractProtocol.start
>>> Starting ProtocolHandler ["ajp-nio-8009"]
>>> 11-May-2018 13:54:17.236 INFO [main] 
>>> org.apache.catalina.startup.Catalina.start
>>> Server startup in 2605 ms
>>>
>>> On Friday, May 11, 2018 at 1:52:51 PM UTC-7, Manfredo Hopp wrote:

 If that is tour message cas isnt deployed. See tomcat log for errors

 El viernes, 11 de mayo de 2018, Y Levine  escribió:

> We got lots further --- thank you to the replies.
>
> The cas.war is now in Tomcat --- however the page '
> http://localhost:8080/cas/login' does not load up -- is there a
> configuration we have to do to enable it? Message received below.
>
>
> HTTP Status 404 – Not Found
> --
>
> *Type* Status Report
> *Message* /cas/login
>
> *Description* The origin server did not find a current representation
> for the target resource or is not willing to disclose that one exists.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1f4
> 2af3-0351-42da-8978-318c70191d1b%40apereo.org
> 
> .
>
 --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/d63675de-79c3-468a-ac80-3ca57ab2c1

Re: [cas-user] Page 'http://localhost:8080/cas/login' does not load up

[Man H]

 Explore cas.dar web-inf

El viernes, 11 de mayo de 2018, Man H <info.ings...@gmail.com> escribió:

> Look into localhost.log
>
> El viernes, 11 de mayo de 2018, Y Levine <ylevin...@gmail.com> escribió:
>
>> Thank you for your reply Manfredo.
>>
>> The following is obtained in the 'cataline.out' when started --- nothing
>> further when page is accessed.
>>
>> Kinda stumped -- I'm probably missing something obvious -- without logs
>> to guide not 100% sure.
>>
>> My other guess is that the 'cas.properties' is in
>> '/opt/tomcat/webapps/cas/WEB-INF/classes/etc/cas/config' -- perhaps this
>> is not the correct location?
>>
>> 11-May-2018 13:54:14.579 INFO [main] org.apache.coyote.AbstractProtocol.init
>> Initializing ProtocolHandler ["http-nio-8080"]
>> 11-May-2018 13:54:14.588 INFO [main] 
>> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
>> Using a shared selector for servlet write/read
>> 11-May-2018 13:54:14.616 INFO [main] org.apache.coyote.AbstractProtocol.init
>> Initializing ProtocolHandler ["ajp-nio-8009"]
>> 11-May-2018 13:54:14.617 INFO [main] 
>> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
>> Using a shared selector for servlet write/read
>> 11-May-2018 13:54:14.630 INFO [main] 
>> org.apache.catalina.startup.Catalina.load
>> Initialization processed in 1049 ms
>> 11-May-2018 13:54:14.653 INFO [main] 
>> org.apache.catalina.core.StandardService.startInternal
>> Starting service [Catalina]
>> 11-May-2018 13:54:14.653 INFO [main] 
>> org.apache.catalina.core.StandardEngine.startInternal
>> Starting Servlet Engine: Apache Tomcat/8.5.31
>> 11-May-2018 13:54:14.720 INFO [localhost-startStop-1]
>> org.apache.catalina.startup.HostConfig.deployWAR Deploying web
>> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war]
>> 11-May-2018 13:54:17.117 INFO [localhost-startStop-1]
>> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
>> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war] has
>> finished in [2,386] ms
>> 11-May-2018 13:54:17.120 INFO [main] org.apache.coyote.AbstractProtocol.start
>> Starting ProtocolHandler ["http-nio-8080"]
>> 11-May-2018 13:54:17.233 INFO [main] org.apache.coyote.AbstractProtocol.start
>> Starting ProtocolHandler ["ajp-nio-8009"]
>> 11-May-2018 13:54:17.236 INFO [main] 
>> org.apache.catalina.startup.Catalina.start
>> Server startup in 2605 ms
>>
>> On Friday, May 11, 2018 at 1:52:51 PM UTC-7, Manfredo Hopp wrote:
>>>
>>> If that is tour message cas isnt deployed. See tomcat log for errors
>>>
>>> El viernes, 11 de mayo de 2018, Y Levine <ylev...@gmail.com> escribió:
>>>
>>>> We got lots further --- thank you to the replies.
>>>>
>>>> The cas.war is now in Tomcat --- however the page '
>>>> http://localhost:8080/cas/login' does not load up -- is there a
>>>> configuration we have to do to enable it? Message received below.
>>>>
>>>>
>>>> HTTP Status 404 – Not Found
>>>> --
>>>>
>>>> *Type* Status Report
>>>> *Message* /cas/login
>>>>
>>>> *Description* The origin server did not find a current representation
>>>> for the target resource or is not willing to disclose that one exists.
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>>> ereo.org/d/msgid/cas-user/d1f42af3-0351-42da-8978-318c70191d
>>>> 1b%40apereo.org
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1f42af3-0351-42da-8978-318c70191d1b%40apereo.org?utm_medium=email_source=footer>
>>>> .
>>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because yo

Re: [cas-user] Page 'http://localhost:8080/cas/login' does not load up

[Man H]

Look into localhost.log

El viernes, 11 de mayo de 2018, Y Levine  escribió:

> Thank you for your reply Manfredo.
>
> The following is obtained in the 'cataline.out' when started --- nothing
> further when page is accessed.
>
> Kinda stumped -- I'm probably missing something obvious -- without logs to
> guide not 100% sure.
>
> My other guess is that the 'cas.properties' is in
> '/opt/tomcat/webapps/cas/WEB-INF/classes/etc/cas/config' -- perhaps this
> is not the correct location?
>
> 11-May-2018 13:54:14.579 INFO [main] org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["http-nio-8080"]
> 11-May-2018 13:54:14.588 INFO [main] org.apache.tomcat.util.net.
> NioSelectorPool.getSharedSelector Using a shared selector for servlet
> write/read
> 11-May-2018 13:54:14.616 INFO [main] org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["ajp-nio-8009"]
> 11-May-2018 13:54:14.617 INFO [main] org.apache.tomcat.util.net.
> NioSelectorPool.getSharedSelector Using a shared selector for servlet
> write/read
> 11-May-2018 13:54:14.630 INFO [main] org.apache.catalina.startup.Catalina.load
> Initialization processed in 1049 ms
> 11-May-2018 13:54:14.653 INFO [main] 
> org.apache.catalina.core.StandardService.startInternal
> Starting service [Catalina]
> 11-May-2018 13:54:14.653 INFO [main] 
> org.apache.catalina.core.StandardEngine.startInternal
> Starting Servlet Engine: Apache Tomcat/8.5.31
> 11-May-2018 13:54:14.720 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployWAR Deploying web
> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war]
> 11-May-2018 13:54:17.117 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war] has
> finished in [2,386] ms
> 11-May-2018 13:54:17.120 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["http-nio-8080"]
> 11-May-2018 13:54:17.233 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["ajp-nio-8009"]
> 11-May-2018 13:54:17.236 INFO [main] 
> org.apache.catalina.startup.Catalina.start
> Server startup in 2605 ms
>
> On Friday, May 11, 2018 at 1:52:51 PM UTC-7, Manfredo Hopp wrote:
>>
>> If that is tour message cas isnt deployed. See tomcat log for errors
>>
>> El viernes, 11 de mayo de 2018, Y Levine  escribió:
>>
>>> We got lots further --- thank you to the replies.
>>>
>>> The cas.war is now in Tomcat --- however the page '
>>> http://localhost:8080/cas/login' does not load up -- is there a
>>> configuration we have to do to enable it? Message received below.
>>>
>>>
>>> HTTP Status 404 – Not Found
>>> --
>>>
>>> *Type* Status Report
>>> *Message* /cas/login
>>>
>>> *Description* The origin server did not find a current representation
>>> for the target resource or is not willing to disclose that one exists.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/d1f42af3-0351-42da-8978-318c70191d
>>> 1b%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d63675de-79c3-468a-ac80-
> 3ca57ab2c1cf%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Re: [cas-user] Page 'http://localhost:8080/cas/login' does not load up

[Man H]

Copy cas.properties to /etc/cas/config

El viernes, 11 de mayo de 2018, Y Levine  escribió:

> Thank you for your reply Manfredo.
>
> The following is obtained in the 'cataline.out' when started --- nothing
> further when page is accessed.
>
> Kinda stumped -- I'm probably missing something obvious -- without logs to
> guide not 100% sure.
>
> My other guess is that the 'cas.properties' is in
> '/opt/tomcat/webapps/cas/WEB-INF/classes/etc/cas/config' -- perhaps this
> is not the correct location?
>
> 11-May-2018 13:54:14.579 INFO [main] org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["http-nio-8080"]
> 11-May-2018 13:54:14.588 INFO [main] org.apache.tomcat.util.net.
> NioSelectorPool.getSharedSelector Using a shared selector for servlet
> write/read
> 11-May-2018 13:54:14.616 INFO [main] org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["ajp-nio-8009"]
> 11-May-2018 13:54:14.617 INFO [main] org.apache.tomcat.util.net.
> NioSelectorPool.getSharedSelector Using a shared selector for servlet
> write/read
> 11-May-2018 13:54:14.630 INFO [main] org.apache.catalina.startup.Catalina.load
> Initialization processed in 1049 ms
> 11-May-2018 13:54:14.653 INFO [main] 
> org.apache.catalina.core.StandardService.startInternal
> Starting service [Catalina]
> 11-May-2018 13:54:14.653 INFO [main] 
> org.apache.catalina.core.StandardEngine.startInternal
> Starting Servlet Engine: Apache Tomcat/8.5.31
> 11-May-2018 13:54:14.720 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployWAR Deploying web
> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war]
> 11-May-2018 13:54:17.117 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web
> application archive [/opt/apache-tomcat-8.5.31/webapps/cas.war] has
> finished in [2,386] ms
> 11-May-2018 13:54:17.120 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["http-nio-8080"]
> 11-May-2018 13:54:17.233 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["ajp-nio-8009"]
> 11-May-2018 13:54:17.236 INFO [main] 
> org.apache.catalina.startup.Catalina.start
> Server startup in 2605 ms
>
> On Friday, May 11, 2018 at 1:52:51 PM UTC-7, Manfredo Hopp wrote:
>>
>> If that is tour message cas isnt deployed. See tomcat log for errors
>>
>> El viernes, 11 de mayo de 2018, Y Levine  escribió:
>>
>>> We got lots further --- thank you to the replies.
>>>
>>> The cas.war is now in Tomcat --- however the page '
>>> http://localhost:8080/cas/login' does not load up -- is there a
>>> configuration we have to do to enable it? Message received below.
>>>
>>>
>>> HTTP Status 404 – Not Found
>>> --
>>>
>>> *Type* Status Report
>>> *Message* /cas/login
>>>
>>> *Description* The origin server did not find a current representation
>>> for the target resource or is not willing to disclose that one exists.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/d1f42af3-0351-42da-8978-318c70191d
>>> 1b%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d63675de-79c3-468a-ac80-
> 3ca57ab2c1cf%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Re: [cas-user] Page 'http://localhost:8080/cas/login' does not load up

[Man H]

If that is tour message cas isnt deployed. See tomcat log for errors

El viernes, 11 de mayo de 2018, Y Levine  escribió:

> We got lots further --- thank you to the replies.
>
> The cas.war is now in Tomcat --- however the page '
> http://localhost:8080/cas/login' does not load up -- is there a
> configuration we have to do to enable it? Message received below.
>
>
> HTTP Status 404 – Not Found
> --
>
> *Type* Status Report
> *Message* /cas/login
>
> *Description* The origin server did not find a current representation for
> the target resource or is not willing to disclose that one exists.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d1f42af3-0351-42da-8978-
> 318c70191d1b%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5miczeN9z1xgERd6aGYjm2gAaFU%3DS8rZt7DoaywFFKOZ9oQ%40mail.gmail.com.

Re: [cas-user] Page 'http://localhost:8080/cas/login' does not load up

[Man H]

logs/catalina.out or logs/localhost.log

El viernes, 11 de mayo de 2018, Y Levine  escribió:

> There is nothing in the Tomcat logs to go by (the cas.log did not
> appear).perplexed at this stage.
>
> On Friday, May 11, 2018 at 12:23:47 PM UTC-7, Y Levine wrote:
>>
>> We got lots further --- thank you to the replies.
>>
>> The cas.war is now in Tomcat --- however the page '
>> http://localhost:8080/cas/login' does not load up -- is there a
>> configuration we have to do to enable it? Message received below.
>>
>>
>> HTTP Status 404 – Not Found
>> --
>>
>> *Type* Status Report
>> *Message* /cas/login
>>
>> *Description* The origin server did not find a current representation
>> for the target resource or is not willing to disclose that one exists.
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/3ebcaacb-4ad8-4fbc-9fea-
> 6806c0861c48%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic%3Dmz2LDSVZ%2BNTgREVixMzH81SS6CZt-SKfEniCJDTB%3Dw%40mail.gmail.com.

Re: [cas-user] Extending Ldap Authentication with new properties

[Man H]

see
https://apereo.github.io/cas/5.2.x/installation/Configuration-Management-Extensions.html


2018-05-10 14:55 GMT-03:00 Christian Poirier :

> Hi
>
> I am developing a new way to let our developer team authenticate with our
> production usernames but with a generic password in a development
> environment. This authentication handler will check if the IP address
> corresponds to those allowed from a property value and the service
> definition will authorize the use of this authentication handler.
>
> @Configuration("ldapAuthenticationConfiguration")
> @EnableConfigurationProperties(CasConfigurationProperties.class)
> @Slf4j
> public class LdapdevAuthenticationConfiguration extends
> LdapAuthenticationConfiguration {
>
> // Added properties
> }
>
>
>
> As I am a newbie on Java development with Spring, if I extends the
> LdapAuthenticationHandler to LdapdevAuthenticationHandler and use new
> properties implemented by extending also LdapAuthenticationConfiguration
> to LdapdevAuthenticationConfiguration. With the previous code what I have
> to do?
>
>- Change the
>@Configuration("ldapAuthenticationConfiguration")
>
>by
>@Configuration("ldapdevAuthenticationConfiguration")
>
>- Add the ldapdev section in the configuration model or use the
>current ldap section?
>
> Thanks in advance
>
>
> Christian Poirier
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/4357f1d8-56b1-40ad-b4f4-
> f0a5bac38eb1%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif5Vk1tnnU6x8i_FMye4v-0ek8bwfb30jhVpFr14z-1HA%40mail.gmail.com.

Re: [cas-user] does CAS 5.2.0 SAML Logout support propagation of logout requests to other session participants?

[Man H]

cas.slo.disabled=false


see
https://apereo.github.io/cas/5.2.x/installation/Logout-Single-Signout.html

2018-05-11 1:53 GMT-03:00 Elena :

> Hello,
>
> I read your SAML Docs and found link https://kantarainitiative.github.io/
> SAMLprofiles/fedinterop.html#_single_logout_2.
>
> It define SAML Single Logout like this.
>
> 4.3. Single Logout
> [IIP-IDP17]
>
> Identity Providers MUST It is OPTIONAL to support propagation of
> logout requests to other session participants.
>
> I wonder that CAS provide OPTIONAL function (highlighted red color) of
> SAML Single logout.
>
> Thanks.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/650fbf2f-3b98-4dd0-b439-
> 92237f74e0e0%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micdND85FQTQA37b-pkecaKpVoQh-bpLmwwgANZcv1TguQ%40mail.gmail.com.

Re: [cas-user] How Do I Debug CAS When Using Overlay?

[Man H]

 Hints on what you ve done so far what you want to achieve, used
configuration , cas version,  build information , log output

El viernes, 4 de mayo de 2018, John D Giotta  escribió:

> I've solved zero issues with logs. I mostly get statements services not
> matching in registry. If service files aren't matching how do I determine
> what it is comparing against? Because I followed the documentation, service
> files are in the /etc/cas/services directory.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/bb34206e-4de6-4e20-9bcd-
> 9ba8dea1a4fe%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micn8x-D95TCr_6EVtPHULExU105-N_-JKSNbrpEtD_9gg%40mail.gmail.com.

Re: [cas-user] How Do I Debug CAS When Using Overlay?

[Man H]

Log4j.XML in /etc/cas/config

El viernes, 4 de mayo de 2018, John D Giotta  escribió:

> I'm trying to solve what seems to be just unsolvable issues. How do I
> debug CAS if I'm using the overlay template? Is it better to not use the
> overlay in this case?
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/2308595e-7b71-4506-944e-
> c0ff72f40117%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micPr9dJVyu%2B5b8pneOsi09nac7hc1_p0rFvrmWpHcOKwQ%40mail.gmail.com.

Re: [cas-user] Deploying CAS5.2.X to Tomcat servers

[Man H]

Consider assigning environmental variables to cas.properties through maven
filtering, where each variables value is environment specific.



El sábado, 28 de abril de 2018, Jay 
escribió:

> Hello everyone,
> We are facing some issues deploying the CAS war file to the server in Unix.
>
> We have to keep separate properties file and config files for different
> environment and server deploy script will take of copying the files to the
> desired location and from where CAS application can read.
>
> Is there a guide or something we can follow to achieve this?
>
> Thanks in advance,
> Jay
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/7303f207-7b63-4b1d-bc35-
> 9387527f8a2d%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midN6RVafA2LUbQ14grrLpfcDiw3UKmu6iHYETTJudCK-Q%40mail.gmail.com.

Re: [cas-user] get session object using ticket id

[Man H]

You mau obtain sesión from request

El viernes, 27 de abril de 2018, Aman Garg 
escribió:

> Is there a way a CAS client (I am using cas-client-core-3.4.1.jar) can
> access HttpSession object by using ticket it?
>
> I could see that the above requirement can be fulfilled by:
>
>
> 1)  Accessing following methods of HashMapBackedSessionMappingSto
> rage.class
>
> public synchronized void addSessionById(String mappingId, HttpSession
> session)
> public synchronized HttpSession removeSessionByMappingId(String
> mappingId)
>
> (mappingId in above methods is TGT id if I am not wrong)
>
> 2) Above step would require access to instance of
> HashMapBackedSessionMappingStorage which can be get if I have access to
> following method of SingleSignOutHttpSessionListener.class:
> protected static SessionMappingStorage getSessionMappingStorage()
>
>
> But above method is protected and  SingleSignOutHttpSessionListener.class
> is marked final.
>
> Is there any way I can accomplish this requirement?
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/e4358dc5-ecbc-446c-82ac-
> 230972aa2c23%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micvJcDxrvqzu-_kwR5Kf6hGqQiObcHvkaQGQG6eKScedQ%40mail.gmail.com.

Re: [cas-user] CAS 5.2.3 / JWT Service Ticket not working

[Man H]

See

https://groups.google.com/a/apereo.org/d/msgid/cas-user/fd5502dd-f0bc-46b4-bedb-942d162ab5ff%40apereo.org

El jueves, 26 de abril de 2018, Michael JOIGNY 
escribió:

> *correction : CAS keeps returning ST-xxx ticket instead of
> ticket=eyxxyyyzzz when i use curl to my service.*
>
>
>
> Le jeudi 26 avril 2018 12:14:43 UTC+2, Michael JOIGNY a écrit :
>>
>> Hi everybody,
>>
>> I'm trying to configure my CAS server (5.2.3) with JWT Service Ticket in
>> order to let CAS generates my jwt tokens but it's not working.
>>
>> CAS keeps returning ST-xxx ticket instead of token=eyxxyyyzzz when i use
>> curl to my service.
>>
>> I've followed this links below :
>>
>> https://apereo.github.io/cas/development/installation/Config
>> ure-ServiceTicket-JWT.html
>> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
>> https://www.npmjs.com/package/jwtgen
>>
>> My json service definition :
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *{  "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^(http?|https?)://.*",  "name" : "HTTPS",  "id" : 1001,
>> "description" : "This service definition authorized all application urls
>> that support HTTPS protocol.",  "proxyPolicy" : {"@class" :
>> "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"  },
>> "properties" : {"@class" : "java.util.HashMap","jwtSigningSecret" :
>> {  "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
>> [ "java.util.HashSet", [ "9qzDlSwNx" ] ]},"jwtEncryptionSecret"
>> : {  "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
>> [ "java.util.HashSet", [ "j1cq--Ssg" ] ]}
>> "jwtSigningSecretAlg" : {  "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
>> [ "java.util.HashSet", [ "HS512" ] ]},"jwtEncryptionSecretAlg" :
>> {  "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
>> [ "java.util.HashSet", [ "dir" ] ]},"jwtEncryptionSecretMethod" :
>> {  "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
>> [ "java.util.HashSet", [ "A256CBC-HS512" ] ]},
>> "jwtSecretsAreBase64Encoded" : {   "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",   "values"
>> : [ "java.util.HashSet", [ "false" ] ]}, "jwtAsResponse" : {
>> "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>> "values" : [ "java.util.HashSet", [ "true" ] ]}}
>> "usernameAttributeProvider" : {"@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"  },
>> "logoutType" : "BACK_CHANNEL",  "attributeReleasePolicy" : {"@class" :
>> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>> "principalAttributesRepository" : {  "@class" :
>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>> },"authorizedToReleaseCredentialPassword" : false,
>> "authorizedToReleaseProxyGrantingTicket" : false  },  "accessStrategy" :
>> {"@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>> "enabled" : true,"ssoEnabled" : true  }}NB: same result with
>> jwtAsResponse or jwtAsServiceTicket
>> (https://groups.google.com/a/apereo.org/forum/#!search/CAS$205.2$20return$20JWT$20for$20service/cas-user/c2usB0G2400/x5YGL9YYAgAJ
>> )*
>> I'm using jwtgen to generate my token, you can find in my attached files
>> (cas_starting.log and curl_cas.log).
>>
>> Kind regards.
>>
>> Michael.
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/000386e3-28e1-4b18-95ae-
> 6ccf34519d55%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 

[cas-user] CAS 5.2.3 / JWT Service Ticket not working

[Man H]

Attach cas.properties & dependencias.

Check





3
4
5


 org.apereo.cas
 cas-server-support-token
 ${cas.version}

El jueves, 26 de abril de 2018, Michael JOIGNY 
escribió:

> Hi everybody,
>
> I'm trying to configure my CAS server (5.2.3) with JWT Service Ticket in
> order to let CAS generates my jwt tokens but it's not working.
>
> CAS keeps returning ST-xxx ticket instead of token=eyxxyyyzzz when i use
> curl to my service.
>
> I've followed this links below :
>
> https://apereo.github.io/cas/development/installation/Config
> ure-ServiceTicket-JWT.html
> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
> https://www.npmjs.com/package/jwtgen
>
> My json service definition :
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *{  "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(http?|https?)://.*",  "name" : "HTTPS",  "id" : 1001,
> "description" : "This service definition authorized all application urls
> that support HTTPS protocol.",  "proxyPolicy" : {"@class" :
> "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"  },
> "properties" : {"@class" : "java.util.HashMap","jwtSigningSecret" :
> {  "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
> [ "java.util.HashSet", [ "9qzDlSwNx" ] ]},"jwtEncryptionSecret"
> : {  "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
> [ "java.util.HashSet", [ "j1cq--Ssg" ] ]}
> "jwtSigningSecretAlg" : {  "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
> [ "java.util.HashSet", [ "HS512" ] ]},"jwtEncryptionSecretAlg" :
> {  "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
> [ "java.util.HashSet", [ "dir" ] ]},"jwtEncryptionSecretMethod" :
> {  "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",  "values" :
> [ "java.util.HashSet", [ "A256CBC-HS512" ] ]},
> "jwtSecretsAreBase64Encoded" : {   "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",   "values"
> : [ "java.util.HashSet", [ "false" ] ]}, "jwtAsResponse" : {
> "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
> "values" : [ "java.util.HashSet", [ "true" ] ]}}
> "usernameAttributeProvider" : {"@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"  },
> "logoutType" : "BACK_CHANNEL",  "attributeReleasePolicy" : {"@class" :
> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
> "principalAttributesRepository" : {  "@class" :
> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
> },"authorizedToReleaseCredentialPassword" : false,
> "authorizedToReleaseProxyGrantingTicket" : false  },  "accessStrategy" :
> {"@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,"ssoEnabled" : true  }}NB: same result with
> jwtAsResponse or jwtAsServiceTicket
> (https://groups.google.com/a/apereo.org/forum/#!search/CAS$205.2$20return$20JWT$20for$20service/cas-user/c2usB0G2400/x5YGL9YYAgAJ
> )*
> I'm using jwtgen to generate my token, you can find in my attached files
> (cas_starting.log and curl_cas.log).
>
> Kind regards.
>
> Michael.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/ap
> ereo.org/d/msgid/cas-user/92cf8846-7f93-48c9-8aaa-ebdc722d87
> 36%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif1aW1qe7rraeULAQMeHVqJcgGrX0ScuUrOEmqpB2_N%3DA%40mail.gmail.com.

Re: [cas-user] CAS5 - High thread counts

[Man H]

see
https://groups.google.com/a/apereo.org/d/msgid/cas-user/63fc6bc3-31f9-46a6-8d14-a8f14d3a329c%40apereo.org?utm_medium=email_source=footer


2018-04-25 16:11 GMT-03:00 Oscar Ruiz :

> Hi Ray,
>
> Thank you for your suggestion. We disabled EhCache in the dev environment
> and saw no improvement. We did notice that a new thread is spawned every
> time a login session is generated and the number of sleeping threads
> increases.
>
> Next step, we're going to deploy default CAS and see if we can replicate
> this issue.
>
>
>
> On Wednesday, April 25, 2018 at 12:15:10 PM UTC-5, rbon wrote:
>>
>> Oscar,
>>
>> We had similar difficulties with EhCache.
>> EhCache expiration is actually the frequency with which the cache is
>> reviewed. The entire cache is processed (which can be large on a busy
>> site). With a distributed cache, the one currently processing is sending
>> updates to its peers. This gets compounded because each peer will perform
>> the same task (usually slightly offset since servers do not start at the
>> exact same time).
>> We have been happy with hazelcast.
>>
>> Ray
>>
>> On Wed, 2018-04-25 at 08:44 -0700, Oscar Ruiz wrote:
>>
>> Hi,
>>
>> We noticed that our CAS5 installation is running out of memory because of
>> a high number of threads that are running on our server, this results in it
>> unable to process new request. Has anyone experienced this before?
>>
>> Here's our setup
>>
>> CAS5 - 5.1.6
>> Tomcat - 8.5.16 (We're currently trying 8.0.51 in our dev environment)
>> Java - 1.8.0_131
>> EHCache enabled for ticket registry (60s expiration in dev environment
>> for testing)
>> DB Service Registry
>>
>>
>> Thanks for any help.
>>
>> --
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | rb...@uvic.ca
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/618fe7f4-b56c-4bd3-88c6-
> d96eede8494d%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif6TzBYeKqvpkEVqNb6QV3oeX7hWOyjq__WuaCmRkM1wQ%40mail.gmail.com.

Re: [cas-user] CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

[Man H]

from your log

2018-04-24 08:59:48,360 DEBUG
[org.apereo.cas.logout.SamlCompliantLogoutMessageCreator] - @NOT_USED@ST-3-PppjmWz1yAHPFrZwFNMCRW5wsvI-v-cas-1]>


its SAML2 whereas your client is SAML1

2018-04-24 7:27 GMT-03:00 Viacheslav Babanin :

> It seems like I have a problem witch CAS 5.2.3 and SAML logout requests.
> Single logout doesn't work and from the logs it seems like CAS constructs
> SAML logout request but not actually sends it. I am using examplary phpCAS
> client from docs and when i go to ${cas-server}/cas/logout endpoint in
> there is nothing in phpCAS logs. If I use THE SAME client. only changing
> cas endpoint and protocol, with cas 4.1.9 (not configured by me but i have
> administrator access to it) everything works great and phpCAS actually gets
> logout request and correctly processes it. What should i look into? Please
> help.
>
> понедельник, 23 апреля 2018 г., 18:35:17 UTC+2 пользователь rbon написал:
>>
>> Viacheslav,
>>
>> You will want to have handleLogoutRequests(true) so that logout is
>> handled. While testing, skip the CAS server array, just in case the network
>> config changes the apparent source of the request.
>>
>> Put this in your CAS log4j2.xml to see what happens on CAS side of things:
>>
>> 
>> 
>> 
>> > level="debug">
>> 
>> > onMismatch="NEUTRAL" />
>> > onMismatch="DENY" />
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>
>> Ray
>>
>> On Mon, 2018-04-23 at 07:41 -0700, Viacheslav Babanin wrote:
>>
>> That's how phpCAS.log looks if i provide it with
>> phpCAS::handleLogoutRequests(false);
>>
>> DA64 .=> phpCAS::client('S1', 'cas-1.server.test.pl', 443, '/cas')
>> [index.php:13]
>> DA64 .|=> CAS_Client::__construct('S1', false, 'cas-1.server.test.pl',
>> 443, '/cas', true) [CAS.php:360]
>> DA64 .||Starting a new session 
>> ST-27-xTftALKF-XM9TG94QFnab2R5994-v-cas-1
>> [Client.php:932]
>> DA64 .||Session is authenticated as: babanin [Client.php:936]
>> DA64 .|<= ''
>> DA64 .<= ''
>> DA64 .=> phpCAS::setNoCasServerValidation() [index.php:20]
>> DA64 .|You have configured no validation of the legitimacy of the cas
>> server. This is not recommended for production use. [CAS.php:1644]
>> DA64 .<= ''
>> DA64 .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1276]
>> DA64 .|Not a logout request [Client.php:1739]
>> DA64 .<= ''
>> DA64 .=> phpCAS::forceAuthentication() [index.php:27]
>> DA64 .|=> CAS_Client::forceAuthentication() [CAS.php:1098]
>> DA64 .||=> CAS_Client::isAuthenticated() [Client.php:1280]
>> DA64 .|||=> CAS_Client::_wasPreviouslyAuthenticated()
>> [Client.php:1393]
>> DA64 .||||user = `babanin' [Client.php:1622]
>> DA64 .|||<= true
>> DA64 .|||user was already authenticated, no need to look for
>> tickets [Client.php:1417]
>> DA64 .||<= true
>> DA64 .||no need to authenticate [Client.php:1282]
>> DA64 .|<= true
>> DA64 .<= ''
>>
>>
>> понедельник, 23 апреля 2018 г., 16:33:09 UTC+2 пользователь Viacheslav
>> Babanin написал:
>>
>> Could you elaborate, please?
>>
>> Quoting official documentation at https://wiki.jasig.org/disp
>> lay/casc/phpcas+examples
>>
>> "By default phpCAS by default only handles requests that emanate from the
>> CAS host exclusively (declared in phpCAS::client() or phpCAS::proxy()).
>> Failure to restrict SAML logout requests to authorized hosts could allow
>> denial of service attacks where at the least the server is tied up parsing
>> bogus XML messages.
>>
>> To disable access control on logout requests, use:
>>
>> phpCAS::handleLogoutRequests(false);
>>
>> The hosts allowed to send logout requests can also be passed in an array
>> which might be usefull in with clustered cas servers:
>>
>> phpCAS::handleLogoutRequests(true, array("server1.domain.edu", 
>> "server2.domain.edu"));
>>
>>
>> "
>>
>> As i understand, it should be enough either to use
>> phpCAS::handleLogoutRequests(false); (which I tried and it seems like it
>> has no impact) or to specify cas server which is allowed to send logout
>> requests in an array (which I did in example above).
>>
>>
>>
>>
>> понедельник, 23 апреля 2018 г., 16:25:18 UTC+2 пользователь Manfredo Hopp
>> написал:
>>
>> Logout requests are handled by clients.
>>
>> .=> CAS_Client::handleLogoutRequests(true, array (  0 => '
>> cas-1.server.test.pl',)) [CAS.php:1276]
>> D0EE .|Not a logout request [Client.php:1739]
>>
>> See phpcas
>>
>> El lunes, 23 de abril de 2018, Viacheslav Babanin 
>> escribió:
>>
>> Hello, I have encountered issue with SSO for SAML 1.1 clients with CAS
>> 5.2
>>
>> I am rather new cas user and probably i am missing something obvious.
>>
>> I am using folowing phpCAS client:
>>
>> > require_once 'phpcas/source/CAS.php';
>> // Enable debugging
>> 

Re: [cas-user] CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

[Man H]

See


https://github.com/apereo/cas/tree/5.2.x/core/cas-server-core-logout/src/main/java/org/apereo/cas/logout



El martes, 24 de abril de 2018, Viacheslav Babanin 
escribió:

> It seems like I have a problem witch CAS 5.2.3 and SAML logout requests.
> Single logout doesn't work and from the logs it seems like CAS constructs
> SAML logout request but not actually sends it. I am using examplary phpCAS
> client from docs and when i go to ${cas-server}/cas/logout endpoint in
> there is nothing in phpCAS logs. If I use THE SAME client. only changing
> cas endpoint and protocol, with cas 4.1.9 (not configured by me but i have
> administrator access to it) everything works great and phpCAS actually gets
> logout request and correctly processes it. What should i look into? Please
> help.
>
> понедельник, 23 апреля 2018 г., 18:35:17 UTC+2 пользователь rbon написал:
>>
>> Viacheslav,
>>
>> You will want to have handleLogoutRequests(true) so that logout is
>> handled. While testing, skip the CAS server array, just in case the network
>> config changes the apparent source of the request.
>>
>> Put this in your CAS log4j2.xml to see what happens on CAS side of things:
>>
>> 
>> 
>> 
>> > level="debug">
>> 
>> > onMismatch="NEUTRAL" />
>> > onMismatch="DENY" />
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>
>> Ray
>>
>> On Mon, 2018-04-23 at 07:41 -0700, Viacheslav Babanin wrote:
>>
>> That's how phpCAS.log looks if i provide it with
>> phpCAS::handleLogoutRequests(false);
>>
>> DA64 .=> phpCAS::client('S1', 'cas-1.server.test.pl', 443, '/cas')
>> [index.php:13]
>> DA64 .|=> CAS_Client::__construct('S1', false, 'cas-1.server.test.pl',
>> 443, '/cas', true) [CAS.php:360]
>> DA64 .||Starting a new session 
>> ST-27-xTftALKF-XM9TG94QFnab2R5994-v-cas-1
>> [Client.php:932]
>> DA64 .||Session is authenticated as: babanin [Client.php:936]
>> DA64 .|<= ''
>> DA64 .<= ''
>> DA64 .=> phpCAS::setNoCasServerValidation() [index.php:20]
>> DA64 .|You have configured no validation of the legitimacy of the cas
>> server. This is not recommended for production use. [CAS.php:1644]
>> DA64 .<= ''
>> DA64 .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1276]
>> DA64 .|Not a logout request [Client.php:1739]
>> DA64 .<= ''
>> DA64 .=> phpCAS::forceAuthentication() [index.php:27]
>> DA64 .|=> CAS_Client::forceAuthentication() [CAS.php:1098]
>> DA64 .||=> CAS_Client::isAuthenticated() [Client.php:1280]
>> DA64 .|||=> CAS_Client::_wasPreviouslyAuthenticated()
>> [Client.php:1393]
>> DA64 .||||user = `babanin' [Client.php:1622]
>> DA64 .|||<= true
>> DA64 .|||user was already authenticated, no need to look for
>> tickets [Client.php:1417]
>> DA64 .||<= true
>> DA64 .||no need to authenticate [Client.php:1282]
>> DA64 .|<= true
>> DA64 .<= ''
>>
>>
>> понедельник, 23 апреля 2018 г., 16:33:09 UTC+2 пользователь Viacheslav
>> Babanin написал:
>>
>> Could you elaborate, please?
>>
>> Quoting official documentation at https://wiki.jasig.org/disp
>> lay/casc/phpcas+examples
>>
>> "By default phpCAS by default only handles requests that emanate from the
>> CAS host exclusively (declared in phpCAS::client() or phpCAS::proxy()).
>> Failure to restrict SAML logout requests to authorized hosts could allow
>> denial of service attacks where at the least the server is tied up parsing
>> bogus XML messages.
>>
>> To disable access control on logout requests, use:
>>
>> phpCAS::handleLogoutRequests(false);
>>
>> The hosts allowed to send logout requests can also be passed in an array
>> which might be usefull in with clustered cas servers:
>>
>> phpCAS::handleLogoutRequests(true, array("server1.domain.edu", 
>> "server2.domain.edu"));
>>
>>
>> "
>>
>> As i understand, it should be enough either to use
>> phpCAS::handleLogoutRequests(false); (which I tried and it seems like it
>> has no impact) or to specify cas server which is allowed to send logout
>> requests in an array (which I did in example above).
>>
>>
>>
>>
>> понедельник, 23 апреля 2018 г., 16:25:18 UTC+2 пользователь Manfredo Hopp
>> написал:
>>
>> Logout requests are handled by clients.
>>
>> .=> CAS_Client::handleLogoutRequests(true, array (  0 => '
>> cas-1.server.test.pl',)) [CAS.php:1276]
>> D0EE .|Not a logout request [Client.php:1739]
>>
>> See phpcas
>>
>> El lunes, 23 de abril de 2018, Viacheslav Babanin 
>> escribió:
>>
>> Hello, I have encountered issue with SSO for SAML 1.1 clients with CAS
>> 5.2
>>
>> I am rather new cas user and probably i am missing something obvious.
>>
>> I am using folowing phpCAS client:
>>
>> > require_once 'phpcas/source/CAS.php';
>> // Enable debugging
>> phpCAS::setDebug('phpCAS.log');
>> // Enable verbose error messages. Disable in production!
>> 

Re: [cas-user] CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

[Man H]

Do you have saml support dependency

El martes, 24 de abril de 2018, Viacheslav Babanin 
escribió:

> It seems like I have a problem witch CAS 5.2.3 and SAML logout requests.
> Single logout doesn't work and from the logs it seems like CAS constructs
> SAML logout request but not actually sends it. I am using examplary phpCAS
> client from docs and when i go to ${cas-server}/cas/logout endpoint in
> there is nothing in phpCAS logs. If I use THE SAME client. only changing
> cas endpoint and protocol, with cas 4.1.9 (not configured by me but i have
> administrator access to it) everything works great and phpCAS actually gets
> logout request and correctly processes it. What should i look into? Please
> help.
>
> понедельник, 23 апреля 2018 г., 18:35:17 UTC+2 пользователь rbon написал:
>>
>> Viacheslav,
>>
>> You will want to have handleLogoutRequests(true) so that logout is
>> handled. While testing, skip the CAS server array, just in case the network
>> config changes the apparent source of the request.
>>
>> Put this in your CAS log4j2.xml to see what happens on CAS side of things:
>>
>> 
>> 
>> 
>> > level="debug">
>> 
>> > onMismatch="NEUTRAL" />
>> > onMismatch="DENY" />
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>
>> Ray
>>
>> On Mon, 2018-04-23 at 07:41 -0700, Viacheslav Babanin wrote:
>>
>> That's how phpCAS.log looks if i provide it with
>> phpCAS::handleLogoutRequests(false);
>>
>> DA64 .=> phpCAS::client('S1', 'cas-1.server.test.pl', 443, '/cas')
>> [index.php:13]
>> DA64 .|=> CAS_Client::__construct('S1', false, 'cas-1.server.test.pl',
>> 443, '/cas', true) [CAS.php:360]
>> DA64 .||Starting a new session 
>> ST-27-xTftALKF-XM9TG94QFnab2R5994-v-cas-1
>> [Client.php:932]
>> DA64 .||Session is authenticated as: babanin [Client.php:936]
>> DA64 .|<= ''
>> DA64 .<= ''
>> DA64 .=> phpCAS::setNoCasServerValidation() [index.php:20]
>> DA64 .|You have configured no validation of the legitimacy of the cas
>> server. This is not recommended for production use. [CAS.php:1644]
>> DA64 .<= ''
>> DA64 .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1276]
>> DA64 .|Not a logout request [Client.php:1739]
>> DA64 .<= ''
>> DA64 .=> phpCAS::forceAuthentication() [index.php:27]
>> DA64 .|=> CAS_Client::forceAuthentication() [CAS.php:1098]
>> DA64 .||=> CAS_Client::isAuthenticated() [Client.php:1280]
>> DA64 .|||=> CAS_Client::_wasPreviouslyAuthenticated()
>> [Client.php:1393]
>> DA64 .||||user = `babanin' [Client.php:1622]
>> DA64 .|||<= true
>> DA64 .|||user was already authenticated, no need to look for
>> tickets [Client.php:1417]
>> DA64 .||<= true
>> DA64 .||no need to authenticate [Client.php:1282]
>> DA64 .|<= true
>> DA64 .<= ''
>>
>>
>> понедельник, 23 апреля 2018 г., 16:33:09 UTC+2 пользователь Viacheslav
>> Babanin написал:
>>
>> Could you elaborate, please?
>>
>> Quoting official documentation at https://wiki.jasig.org/disp
>> lay/casc/phpcas+examples
>>
>> "By default phpCAS by default only handles requests that emanate from the
>> CAS host exclusively (declared in phpCAS::client() or phpCAS::proxy()).
>> Failure to restrict SAML logout requests to authorized hosts could allow
>> denial of service attacks where at the least the server is tied up parsing
>> bogus XML messages.
>>
>> To disable access control on logout requests, use:
>>
>> phpCAS::handleLogoutRequests(false);
>>
>> The hosts allowed to send logout requests can also be passed in an array
>> which might be usefull in with clustered cas servers:
>>
>> phpCAS::handleLogoutRequests(true, array("server1.domain.edu", 
>> "server2.domain.edu"));
>>
>>
>> "
>>
>> As i understand, it should be enough either to use
>> phpCAS::handleLogoutRequests(false); (which I tried and it seems like it
>> has no impact) or to specify cas server which is allowed to send logout
>> requests in an array (which I did in example above).
>>
>>
>>
>>
>> понедельник, 23 апреля 2018 г., 16:25:18 UTC+2 пользователь Manfredo Hopp
>> написал:
>>
>> Logout requests are handled by clients.
>>
>> .=> CAS_Client::handleLogoutRequests(true, array (  0 => '
>> cas-1.server.test.pl',)) [CAS.php:1276]
>> D0EE .|Not a logout request [Client.php:1739]
>>
>> See phpcas
>>
>> El lunes, 23 de abril de 2018, Viacheslav Babanin 
>> escribió:
>>
>> Hello, I have encountered issue with SSO for SAML 1.1 clients with CAS
>> 5.2
>>
>> I am rather new cas user and probably i am missing something obvious.
>>
>> I am using folowing phpCAS client:
>>
>> > require_once 'phpcas/source/CAS.php';
>> // Enable debugging
>> phpCAS::setDebug('phpCAS.log');
>> // Enable verbose error messages. Disable in production!
>> phpCAS::setVerbose(true);
>> // Initialize phpCAS
>> $cas_host = 

Re: [cas-user] Acceptable Usage Policy(AUP) in CAS5.2.x

[Man H]

Manually change login webflow xml.
You will have to address missing credentials issue.

El martes, 24 de abril de 2018, Jay 
escribió:

> Hello everyone,
>
> As part of the migration from CAS3.5 to CAS5.2.x, we have to implement the
> User Policy acceptance UI to allow the user to agree to the terms.
>
> In CAS3.5 we show the policy page even before the Login screen like shown
> below
>
>
> 
> Tried to have the same feature in CAS5.x and included the following
> properties.
>
>- Added the below in application.properties file:
>
> *cas.acceptableUsagePolicy.au
> pAttributeName=aupAccepted*
>
>
>- Added the below dependency in pom.xml:
>
>
>   *  *
> *org.apereo.cas*
> *
> cas-server-support-aup-webflow*
> *${cas.version}*
> **
>
> After adding the properties, User policy page is only shown after the user
> login with his/her credentials not before the login. Is this in built in
> CAS5 which cannot be changed or we can show the Policy page actually before
> a user logs in. If so can you please help me here on how to change it.
>
> Thanks & Regards,
> Jay
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c9f9b1b8-142d-49f8-9510-
> 33813a98913d%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midwmHL7_z4%3DR2Eh-_5v%2BYqrvVDdw3v-um6Hz2rvOm0fqA%40mail.gmail.com.

Re: [cas-user] SAML AuthnRequest resolved by Trusted Authentication in federated Single Sign-On flow

[Man H]

in 1) did you try with queryparameter TARGET={url of 2)}

2018-04-23 18:14 GMT-03:00 JON :

> It comes from a PrincipalBearingCredential generated in
> BasePrincipalFromNonInteractiveCredentialsAction
>
> TrustedAuthenticationConfiguration
>
>
>
> remoteUserAuthenticationAction
>
>
>
> BasePrincipalFromNonInteractiveCredentialsAction
>
>
>
> The CAS page displayed to the user contains the following text:
>
> "Log In Successful
> You, *userJON*, have successfully logged into the Central Authentication
> Service. However, you are seeing this page because CAS does not know about
> your target destination and how to get you there. Examine the
> authentication request again and make sure a target service/application
> that is authorized and registered with CAS is specified.
>
> When you are finished, for security reasons, please log out and exit your
> web browser."
>
>
> I don't know if this is enough to try to explain the origin.
>
>
> Jon
>
>
>
>
>
> On Monday, April 23, 2018 at 8:41:51 PM UTC+2, Manfredo Hopp wrote:
>>
>> where comes user name in 4) from?
>>
>> 2018-04-23 13:32 GMT-03:00 JON :
>>
>>> Thanks Manfredo
>>>
>>> Both work correctly
>>>
>>> Manually invoking the steps, the full flow works
>>>
>>> Theese are the steps I follow [all by browser]:
>>>
>>> 1.- I lunch the URL of a pac4j-saml client, that makes the SAML
>>> AuthnRequest to the CAS SAML IdP (A)
>>>
>>> 2.- the browser is redirected by CAS, to the CAS login page. Then,
>>> instead of inserting the user / password, I invoke manually the URL of the
>>> remote site (B) that builds the Trusted Authentication Request
>>>
>>> 3.- the remote site (B) redirects the user's browser to CAS, providing
>>> the information needed by CAS Trust Authentication (C) to create a CAS
>>> session
>>>
>>> 4.- CAS creates the session (based on the trust on B) and redirects the
>>> browser to the CAS page in wich it shows user name and the logoff link.
>>> Then to retrieve the SAML AuthnRequest, I have to repeat the step 1. And
>>> the final SAML AuthnResponse is finally delivered to the client.
>>>
>>>
>>> But I need no manual intervention.
>>>
>>>
>>>
>>> Thank you
>>>
>>>Jon
>>>
>>>
>>> On Monday, April 23, 2018 at 4:32:41 PM UTC+2, Manfredo Hopp wrote:

 Test trusted and idp separately

 El lunes, 23 de abril de 2018, JON  escribió:

> Hi,
>
> I have the following running:
>
> cas-overlay-template-master 5.2.X with
>
>
>
> - SAML IdP
>
>
>
> - Trusted Authentication
>
>
>
>configured inside
>
>
> I must cover the following Single Sign-On federated flow:
>
> 1.- CAS SAML IdP (A), through the user's browser, receives a SAML
> AuthnRequest in /cas/idp/profile/SAML2/POST/SSO
>
>
> 2.- then, the user's browser must be redirected to a remote site (B)
> (outside the CAS control)
>
>
> 3.- the remote site (B) will redirect the user's browser to CAS,
> providing the information needed by CAS Trust Authentication (C) to build 
> a
> CAS session
>
>
> 4.- finally, CAS SAML IdP (A) must respond to the original SAML
> AuthnRequest with the corresponding SAML AuthnResponse
>
>
> All this must happen in a transparent way, without user intervention
> in any place controlled by CAS.
>
>
> What is the best option to achieve this transparent flow ?
>
> I don't know if this should be treated as a Multi-Factor
> Authentication ?
>
>
> I hope this can be done.
>
>
> [At this time, in step 2, the user is redirected to the CAS login
> screen. After manually invoking Trusted Authentication, the screen with 
> the
> user information is displayed. After that, SAML AuthnRequest must be
> invoked again, and SAML AuthnResponse is finally delivered].
>
> In the following link you can see how I got here:
> https://groups.google.com/a/apereo.org/d/msg/cas-user/I3sUJ2
> 9n_ig/1bcp8OM3AAAJ with the great help of members of this community.
>
> Thanks in advance
>
> Jon
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7436
> 2124-bf40-4c81-a4b0-0f32141e09c2%40apereo.org
> 
> .
>
 

Re: [cas-user] Re: "FileNotFoundException" while Verifying Ticket. I don't get it!

[Man H]

check clients cas url

2018-04-23 16:19 GMT-03:00 Eric Knight :

> Any success figuring this out?
> I'm seeing the same thing.
> Eric.
>
> On Friday, February 12, 2016 at 6:33:20 AM UTC-8, Klaus wrote:
>>
>> We recently upgraded one of our Application Servers which formerly worked
>> perfectly together with our CAS Server. Now, after we upgraded that Tomcat
>> Server it's impossible to Log into the Webapp on this Server using CAS
>> anymore. The Login Form from the CAS Server still appaers, but after
>> entering the credentials and submitting the Form there's only a blank,
>> white screen.
>>
>> CAS itself still works fine with other Applications and Servers in our
>> Network.
>>
>> When I log in to the Webapp on the upgraded Server, I see from the CAS
>> Servers Logs that these steps are successfull:
>>
>>
>> ACTION: AUTHENTICATION_SUCCESS
>> ...
>> ACTION: TICKET_GRANTING_TICKET_CREATED
>> ...
>> ACTION: SERVICE_TICKET_CREATED
>> ...
>> But there is no more Message about Ticket Validation in the Logs of the
>> CAS Server.
>>
>> In the Logs of the App server on the other Hand I can see this:
>>
>> 14:24:38,828 ERROR [ajp-bio-8309-exec-1][CommonUtils:206]
>> https://www.my-company.de/cas/proxyValidate?
>> lidation=false=ST-12-FBwM6LOcDwVDdbmaB7po-www.my-comp
>> any.de=https%3A%2F%2Fwww,my-company.de%2Fc%2Fport
>> al%2Flogin%3Fp_l_id%3D12036=https://
>> www.my-company.de/cas=https://www.my-company.de;
>> casServerLoginUrl=https://www.my-company.de/cas/login
>> *java.io.FileNotFoundException:* https://www.my-company.de/cas/
>> proxyValidate?=false=ST-12-FB
>> wM6LOcDwVDdbmaB7po-www.my-company.de=https%3A%2F%
>> 2Fwww.my-company.de%2Fc%2Fportal%2Flogin%3Fp_l_id%3D12036&
>> casServerUrlPrefix=https://www.my-company.de/cas
>> me=https://www.my-company.de=https://www.
>> my-company.de/cas/login
>> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(H
>> ttpURLConnection.java:1624)
>> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputSt
>> ream(HttpsURLConnectionImpl.java:254)
>> at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(
>> CommonUtils.java:281)
>> at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedT
>> icketValidator.retrieveResponseFromServer(AbstractCasProtoco
>> lUrlBasedTicketValidator.java:33)
>> at org.jasig.cas.client.validation.AbstractUrlBasedTicketValida
>> tor.validate(AbstractUrlBasedTicketValidator.java:178)
>> at com.liferay.portal.servlet.filters.sso.cas.CASFilter.process
>> Filter(CASFilter.java:194)
>> at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFi
>> lter.java:59)
>>
>> I can't imagine were a FileNotFoundException may come from in the context
>> of Validating a CAS Ticket. Any hints about what may cause this Error and
>> prevents me to Log in to my Web App with CAS?
>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c25636d4-bd5a-429e-bdde-
> 2b56e606186f%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifaNHcW1twREU%2B5uunRBpd4w9Qzpb2d44N8cYJH_3PkTw%40mail.gmail.com.

Re: [cas-user] SAML AuthnRequest resolved by Trusted Authentication in federated Single Sign-On flow

[Man H]

where comes user name in 4) from?

2018-04-23 13:32 GMT-03:00 JON :

> Thanks Manfredo
>
> Both work correctly
>
> Manually invoking the steps, the full flow works
>
> Theese are the steps I follow [all by browser]:
>
> 1.- I lunch the URL of a pac4j-saml client, that makes the SAML
> AuthnRequest to the CAS SAML IdP (A)
>
> 2.- the browser is redirected by CAS, to the CAS login page. Then, instead
> of inserting the user / password, I invoke manually the URL of the remote
> site (B) that builds the Trusted Authentication Request
>
> 3.- the remote site (B) redirects the user's browser to CAS, providing the
> information needed by CAS Trust Authentication (C) to create a CAS session
>
> 4.- CAS creates the session (based on the trust on B) and redirects the
> browser to the CAS page in wich it shows user name and the logoff link.
> Then to retrieve the SAML AuthnRequest, I have to repeat the step 1. And
> the final SAML AuthnResponse is finally delivered to the client.
>
>
> But I need no manual intervention.
>
>
>
> Thank you
>
>Jon
>
>
> On Monday, April 23, 2018 at 4:32:41 PM UTC+2, Manfredo Hopp wrote:
>>
>> Test trusted and idp separately
>>
>> El lunes, 23 de abril de 2018, JON  escribió:
>>
>>> Hi,
>>>
>>> I have the following running:
>>>
>>> cas-overlay-template-master 5.2.X with
>>>
>>>
>>>
>>> - SAML IdP
>>>
>>>
>>>
>>> - Trusted Authentication
>>>
>>>
>>>
>>>configured inside
>>>
>>>
>>> I must cover the following Single Sign-On federated flow:
>>>
>>> 1.- CAS SAML IdP (A), through the user's browser, receives a SAML
>>> AuthnRequest in /cas/idp/profile/SAML2/POST/SSO
>>>
>>>
>>> 2.- then, the user's browser must be redirected to a remote site (B)
>>> (outside the CAS control)
>>>
>>>
>>> 3.- the remote site (B) will redirect the user's browser to CAS,
>>> providing the information needed by CAS Trust Authentication (C) to build a
>>> CAS session
>>>
>>>
>>> 4.- finally, CAS SAML IdP (A) must respond to the original SAML
>>> AuthnRequest with the corresponding SAML AuthnResponse
>>>
>>>
>>> All this must happen in a transparent way, without user intervention in
>>> any place controlled by CAS.
>>>
>>>
>>> What is the best option to achieve this transparent flow ?
>>>
>>> I don't know if this should be treated as a Multi-Factor Authentication ?
>>>
>>>
>>> I hope this can be done.
>>>
>>>
>>> [At this time, in step 2, the user is redirected to the CAS login
>>> screen. After manually invoking Trusted Authentication, the screen with the
>>> user information is displayed. After that, SAML AuthnRequest must be
>>> invoked again, and SAML AuthnResponse is finally delivered].
>>>
>>> In the following link you can see how I got here:
>>> https://groups.google.com/a/apereo.org/d/msg/cas-user/I3sUJ2
>>> 9n_ig/1bcp8OM3AAAJ with the great help of members of this community.
>>>
>>> Thanks in advance
>>>
>>> Jon
>>>
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/74362124-bf40-4c81-a4b0-0f32141e09
>>> c2%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/4813370e-f4f2-4194-b720-
> 1bc4adf4ff80%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micmENrFAaQEES49T5aJVsVTzmMHd8XgojCxOi9wWm_HiQ%40mail.gmail.com.

Re: [cas-user] SAML AuthnRequest resolved by Trusted Authentication in federated Single Sign-On flow

[Man H]

Test trusted and idp separately

El lunes, 23 de abril de 2018, JON  escribió:

> Hi,
>
> I have the following running:
>
> cas-overlay-template-master 5.2.X with
>
>
>
> - SAML IdP
>
>
>
> - Trusted Authentication
>
>
>
>configured inside
>
>
> I must cover the following Single Sign-On federated flow:
>
> 1.- CAS SAML IdP (A), through the user's browser, receives a SAML
> AuthnRequest in /cas/idp/profile/SAML2/POST/SSO
>
>
> 2.- then, the user's browser must be redirected to a remote site (B)
> (outside the CAS control)
>
>
> 3.- the remote site (B) will redirect the user's browser to CAS, providing
> the information needed by CAS Trust Authentication (C) to build a CAS
> session
>
>
> 4.- finally, CAS SAML IdP (A) must respond to the original SAML
> AuthnRequest with the corresponding SAML AuthnResponse
>
>
> All this must happen in a transparent way, without user intervention in
> any place controlled by CAS.
>
>
> What is the best option to achieve this transparent flow ?
>
> I don't know if this should be treated as a Multi-Factor Authentication ?
>
>
> I hope this can be done.
>
>
> [At this time, in step 2, the user is redirected to the CAS login screen.
> After manually invoking Trusted Authentication, the screen with the user
> information is displayed. After that, SAML AuthnRequest must be invoked
> again, and SAML AuthnResponse is finally delivered].
>
> In the following link you can see how I got here:
> https://groups.google.com/a/apereo.org/d/msg/cas-user/
> I3sUJ29n_ig/1bcp8OM3AAAJ with the great help of members of this community.
>
> Thanks in advance
>
> Jon
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/74362124-bf40-4c81-a4b0-
> 0f32141e09c2%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micdJ-tOzs%2BcJdy60uGaLXg_2NfG6SbxjhZUoQMxpO8Wzw%40mail.gmail.com.

Re: [cas-user] CAS 5.2 single sign out does not work for SAML 1.1 phpCAS clients

[Man H]

Logout requests are handled by clients.

.=> CAS_Client::handleLogoutRequests(true, array (  0 => '
cas-1.server.test.pl',)) [CAS.php:1276]
D0EE .|Not a logout request [Client.php:1739]

See phpcas

El lunes, 23 de abril de 2018, Viacheslav Babanin 
escribió:

> Hello, I have encountered issue with SSO for SAML 1.1 clients with CAS 5.2
>
> I am rather new cas user and probably i am missing something obvious.
>
> I am using folowing phpCAS client:
>
>  require_once 'phpcas/source/CAS.php';
> // Enable debugging
> phpCAS::setDebug('phpCAS.log');
> // Enable verbose error messages. Disable in production!
> phpCAS::setVerbose(true);
> // Initialize phpCAS
> $cas_host = 'cas-1.uek.krakow.pl';
> // Context of the CAS Server
> $cas_context = '/cas';
> // Port of your CAS server. Normally for a https server it's 443
> $cas_port = 443;
> phpCAS::client(SAML_VERSION_1_1, $cas_host, $cas_port, $cas_context);
> // For production use set the CA certificate that is the issuer of the cert
> // on the CAS server and uncomment the line below
> // phpCAS::setCasServerCACert($cas_server_ca_cert_path);
> // For quick testing you can disable SSL validation of the CAS server.
> // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
> // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS
> PROTOCOL!
> phpCAS::setNoCasServerValidation();
> // force CAS authentication
>
> $cas_real_hosts = array('cas-1.uek.krakow.pl');
>
>
> phpCAS::handleLogoutRequests(true, $cas_real_hosts);
>
> phpCAS::forceAuthentication();
> // at this step, the user has been authenticated by the CAS server
> // and the user's login name can be read with phpCAS::getUser().
> // logout if desired
> // logout if desired
> if (isset($_REQUEST['logout'])) {
> phpCAS::logout();
> }
> ?>
> 
> 
> Advanced SAML 1.1 example
> 
> 
> 
> Advanced SAML 1.1 example
> 
>
> Authentication succeeded for user
> .
> User has attributes
>  echo 'true';
> }
> else {
> echo 'false';
> }
>
> ?>.
> User Attributes
> 
>  foreach (phpCAS::getAttributes() as $key => $value) {
> if (is_array($value)) {
> echo '', $key, ':';
> foreach ($value as $item) {
> echo '', $item, '';
> }
> echo '';
> } else {
> echo '', $key, ': ', $value, '' .
> PHP_EOL;
> }
> }
> ?>
> 
> Logout
> 
> 
>
>
> Single sign in works like expected. If I have several CAS clients, when I
> log in to one of them, I am authenticated in all, like expected.
>
> But Single Logout completely doesn't work for me. When I log out using CAS
> logout endpoint "{cas-server}/cas/logout" i receive message that I am
> logged out from CAS and I can see in SSO manager that CAS Session is
> terminated.
> But all application sessions are still alive, I am allowed not only to
> navigate client pages but also close\open tabs and I am still logged in.
>
> I have tried to configure service with client application with both
> "BACK_CHANNEL" and "FRONT_CHANNEL" logoutType with no luck.
>
> 1. If I use BACK_CHANNEL.
>
> Thats how service definition looks like:
>
> {
>   "@class" : "org.jasig.cas.services.RegexRegisteredService",
>   "serviceId" : "https://cas-client.ssl.stub/;,
>   "name" : "example_simple_citest",
>   "id" : 7,
>   "logoutType" : "BACK_CHANNEL",
>
>   "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePo
> licy",
> "allowedAttributes" : {
>   "@class" : "java.util.TreeMap",
>   "uid" : "user_id",
> "sn" : "surname"
>  }
> }
>   }
>
>
> When I log out using "{cas-server}/cas/logout" endpoint CAS server log
> looks like this: back.txt (see attachment)
>
> phpCAS.log doesn't log anything in this case. And application session
> still lives untill I close browser.
>
> 2. If I use FRONT_CHANNEL.
>
> Thats how service definition looks like:
>
> {
>   "@class" : "org.jasig.cas.services.RegexRegisteredService",
>   "serviceId" : "https://cas-client.ssl.stub/;,
>   "name" : "example_simple_citest",
>   "id" : 7,
>   "logoutType" : "FRONT_CHANNEL",
>
>   "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePo
> licy",
> "allowedAttributes" : {
>   "@class" : "java.util.TreeMap",
>   "uid" : "user_id",
> "sn" : "surname"
>  }
> }
>   }
>
> When I log out using "{cas-server}/cas/logout" endpoint CAS server log
> looks like this: front.txt (see attachment)
>
> And I see following message upon logout on endpoint page:
>
>
> 
>
>
>
>
> W
> Which tells me that logout notification has been sent.
>
> At the same time, when endpoint logout happens, phpCAS.log logs following
> message.
>
> D0EE .START (2018-04-23 15:37:16) phpCAS-1.3.5 

Re: [cas-user] SAML AuthnRequest resolved by Trusted Authentication in federated Single Sign-On flow

[Man H]

Authentication flow ends BEFORE redirection (point 4 before 3)

El lunes, 23 de abril de 2018, JON  escribió:

> Hi,
>
> I have the following running:
>
> cas-overlay-template-master 5.2.X with
>
>
>
> - SAML IdP
>
>
>
> - Trusted Authentication
>
>
>
>configured inside
>
>
> I must cover the following Single Sign-On federated flow:
>
> 1.- CAS SAML IdP (A), through the user's browser, receives a SAML
> AuthnRequest in /cas/idp/profile/SAML2/POST/SSO
>
>
> 2.- then, the user's browser must be redirected to a remote site (B)
> (outside the CAS control)
>
>
> 3.- the remote site (B) will redirect the user's browser to CAS, providing
> the information needed by CAS Trust Authentication (C) to build a CAS
> session
>
>
> 4.- finally, CAS SAML IdP (A) must respond to the original SAML
> AuthnRequest with the corresponding SAML AuthnResponse
>
>
> All this must happen in a transparent way, without user intervention in
> any place controlled by CAS.
>
>
> What is the best option to achieve this transparent flow ?
>
> I don't know if this should be treated as a Multi-Factor Authentication ?
>
>
> I hope this can be done.
>
>
> [At this time, in step 2, the user is redirected to the CAS login screen.
> After manually invoking Trusted Authentication, the screen with the user
> information is displayed. After that, SAML AuthnRequest must be invoked
> again, and SAML AuthnResponse is finally delivered].
>
> In the following link you can see how I got here:
> https://groups.google.com/a/apereo.org/d/msg/cas-user/
> I3sUJ29n_ig/1bcp8OM3AAAJ with the great help of members of this community.
>
> Thanks in advance
>
> Jon
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/74362124-bf40-4c81-a4b0-
> 0f32141e09c2%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mie72tE8UXtEF4xvZ8sQMR6y9Az%2B62GkiCiO0u3Qzm42tw%40mail.gmail.com.

Re: [cas-user] CAS Single Logout Support to SAKAI 11

[Man H]

See


https://wiki.jasig.org/plugins/servlet/mobile?contentId=737#content/view/737


El sábado, 21 de abril de 2018, Rushikesh Garadade <
rushikeshgarad...@gmail.com> escribió:

> Hi All,
>
> AFAIK Sakai has CAS support for Single Sign On (CASify Sakai
> ).
> However I did not see any documentation around Single Log Out.
>
> Question :
> 1) Does Sakai support Single Log out with CAS?
> 2) If Yes, Can anybody provide me any link, document for the same?
> 3) If No, Any Sakai document telling its authenticity?
>
> If any of you know any one answer of above questions, please respond.
>
> This is show stopper for me right now. Even small inputs are most we/come.
>
>
> Thanks,
> Rushikesh Garadade
> rushikeshgarad...@gmail.com
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAEbZqyW89RX%3DABiVsW7jxycUP-
> ZY7wc90vZde%2BiVq2faPjR6-A%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mie%2BaYJ15c3AE3PtrLFaBYevvp7hpHsKyGLW_kK2DHnrDQ%40mail.gmail.com.

Re: [cas-user] [CAS-5.2.2] Custom Attribute release

[Man H]

See

https://apereo.github.io/cas/5.2.x/installation/Configuring-Service-Access-Strategy.html


El lunes, 19 de marzo de 2018, Soumya Tripathy 
escribió:

> Hi Thanks for the response.
> I'm still confused in the implementation part.
> Right now I'm getting
>
> 
>> 
>> username
>> 
>> 
>
>
> in the serviceValidate response, but I want to add a new attribute
> *Team1* in the response.
> Where team name will be provided by user while login into CAS, just like
> username.
>
>
>
>
>
> On Monday, March 19, 2018 at 3:04:29 PM UTC+5:30, s 1 wrote:
>>
>> Im using Ldap Authencation And  this link: https://apereo.github.io
>> /cas/5.2.x/integration/Attribute-Resolution.html#
>> It's work fine :)
>>
>> 2018-03-19 16:01 GMT+07:00 Soumya Tripathy :
>>
>>> Hi,
>>> We are using CAS-5.2.2. We have the following scenario.
>>> There will be a custom input in the login form where user will provide
>>> some additional info(say team name). After successful login we want the
>>> same input (team name) to be release as an attribute to the caller service.
>>>
>>> I'm trying to look around custom attribute release policy and the
>>> webflow, but till now didn't get any clue.
>>>
>>> Thanks,
>>> Soumya
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/581e6aed-ac7f-4067-a34d-1dc4b34fe0
>>> f4%40apereo.org
>>> 
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/73ce8115-4fbf-4510-b119-
> eef99966c514%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micAXO125oR_E2_tiEmiT97vdopbSO6fuxoeFKJNn81_Dw%40mail.gmail.com.

Re: [cas-user] Problem with authentication of remote application to CAS server

[Man H]

 make test without nginx




2018-04-19 18:29 GMT-03:00 carlos maddaleno cuellar <
iamcarlosmaddal...@gmail.com>:

> Hi i have a cas server on a nginx reverse proxy and my application with
> the shiro.ini file are configureted to authenticated to this CAS server so
> this application are ok
>
> the problem now is with a remote application that is not in the same
> server of the and its web.xml has this configuration:
>
> 
>   
> CAS Authentication Filter
> org.jasig.cas.client.authentication.
> AuthenticationFilter
> 
>   casServerLoginUrl
>   https://siampapps.mp/cas/login
> 
> 
>   serverName
>   https://selectronicas.mp:8443
> 
>   
>
> Im not sure whether to use the filter
>
> org.jasig.cas.client.validation.Cas10TicketValidationFilte
>  OR
>
>
> CAS Validation Filter
> org.jasig.cas.client.validation.
> Cas20ProxyReceivingTicketValidationFilter
> 
>
> could you tell me whats the difference
>
>
>   
> CAS Validation Filter
> org.jasig.cas.client.validation.
> Cas10TicketValidationFilter
> 
>   casServerUrlPrefix
>   https://siampapps.mp/cas
> 
> 
>   serverName
>   https://selectronicas.mp:8443
> 
> 
>   redirectAfterValidation
>   true
> 
>   
>
>   
> CAS HttpServletRequest Wrapper Filter
> org.jasig.cas.client.util.HttpServletRequestWrapperFilte
> r
>   
>
>   
> CAS Authentication Filter
> /*
>   
>
>   
> CAS Validation Filter
> /*
>   
>
>   
> CAS HttpServletRequest Wrapper Filter
> /*
>   
>   
>
>
> and my nginx cas configuration is this:
>
> location /cas {
> proxy_pass http://siampv5.mp;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_http_version 1.1;
> proxy_request_buffering off;
> proxy_set_header Connection "";
> proxy_set_header X-Forwarded-Proto https;
> }
>
>
> but when a user try to authenticate to my cas it show the next error on
> the log of the server:
>
> thanks for your help
>
> [2018-04-19T14:58:29.452-0600] [Payara 4.1] [WARNING] []
> [javax.enterprise.web] [tid: _ThreadID=35 _ThreadName=http-thread-pool(6)]
> [timeMillis: 1524171509452] [levelValue: 900] [[
>   StandardWrapperValve[cas]: Servlet.service() for servlet cas threw
> exception
> java.util.ConcurrentModificationException
> at java.util.ArrayList$Itr.checkForComodification(
> ArrayList.java:901)
> at java.util.ArrayList$Itr.next(ArrayList.java:851)
> at java.util.AbstractCollection.toString(AbstractCollection.
> java:461)
> at org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(
> TraceLogAspect.java:48)
> at org.jasig.cas.ticket.TicketGrantingTicketImpl.
> getSupplementalAuthentications(TicketGrantingTicketImpl.java:247)
> at org.jasig.cas.CentralAuthenticationServiceImpl.
> evaluatePossibilityOfMixedPrincipals(CentralAuthenticationServiceIm
> pl.java:209)
> at org.jasig.cas.CentralAuthenticationServiceIm
> pl.grantServiceTicket_aroundBody2(CentralAuthenticationServiceIm
> pl.java:145)
> at org.jasig.cas.CentralAuthenticationServiceImpl$AjcClosure3.run(
> CentralAuthenticationServiceImpl.java:1)
> at org.aspectj.runtime.reflect.JoinPointImpl.proceed(
> JoinPointImpl.java:149)
> at org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(
> TraceLogAspect.java:44)
> at org.jasig.cas.CentralAuthenticationServiceIm
> pl.grantServiceTicket(CentralAuthenticationServiceImpl.java:136)
> at sun.reflect.GeneratedMethodAccessor24429.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.springframework.aop.support.AopUtils.
> invokeJoinpointUsingReflection(AopUtils.java:302)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.
> invokeJoinpoint(ReflectiveMethodInvocation.java:190)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.
> proceed(ReflectiveMethodInvocation.java:157)
> at org.springframework.aop.aspectj.MethodInvocationProceedingJoin
> Point.proceed(MethodInvocationProceedingJoinPoint.java:85)
> at org.jasig.inspektr.audit.AuditTrailManagementAspect.
> handleAuditTrail(AuditTrailManagementAspect.java:128)
> at sun.reflect.GeneratedMethodAccessor24425.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.springframework.aop.aspectj.AbstractAspectJAdvice.
> invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
> at org.springframework.aop.aspectj.AbstractAspectJAdvice.
> invokeAdviceMethod(AbstractAspectJAdvice.java:610)

Re: [cas-user] Trying to add bootstrap theme, not sure about template syntax

[Man H]

just add your own css :





2018-04-18 20:29 GMT-03:00 Teddy Brown :

> Hi,
> I'm trying to add the Bootstrap theme to my CAS template, but the syntax
> here in Thymeleaf confuses me a bit.  Where are these references set?
>
> I was able to find Bootstrap which appears to be from webjars, in
> target/cas/WEB-INF/lib/bootstrap-3.3.7-1.jar
> 
> 
>
> I've looked at Webjars and Thymeleaf documentation and the only references
> I can find to bootstrap include it more directly.
>
> Seems to be #{webjars.bootstrapmin.css} is referring to a property message
> somewhere, but I don't know where this is referenced.
>
> Am I going nuts?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/beb156f3-7360-4124-b88b-
> c567988edd30%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid6_T4ruMkJv8WcQEeptH06GDtOU%3DDQJbJaHH04d56eVg%40mail.gmail.com.

Re: [cas-user] Proxy ticket is always null. Please help

[Man H]

read
https://apereo.github.io/cas/5.2.x/installation/Configuring-Proxy-Authentication.html

The service must also be authorized to receive the PGT as an attribute for
the given attribute release policy of choice.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https://.+;,
  "name" : "test",
  "id" : 1,
  "evaluationOrder" : 0,
  "attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"authorizedToReleaseProxyGrantingTicket" : true
  },



2018-04-18 10:08 GMT-03:00 Corsair Hxw :

> Hello,
>
> I am using CAS Maven Overlay (*version 5.2.3*) to build CAS server.
> The CAS server is running on http://localhost:8080/cas
>
> I have changed POM and added dependency for json service registry:
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
>
> I have provided two service json files in /services:
> *greet-1.json*
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "http://localhost:8090/greet;,
>   "name" : "greet",
>   "id" : 1,
>   "evaluationOrder" : 1
> }
>
> *user-2.json*
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "http://localhost:8090/user;,
>   "name" : "user",
>   "id" : 2,
>   "evaluationOrder" : 2
> }
>
> From my web application 1, I am trying to get the proxy ticket for another
> web application 2.
> Web Application 1 Controller class is as below:
> package com.learn.cas.proxyticket;
>
> import org.jasig.cas.client.authentication.AttributePrincipal;
> import org.springframework.security.cas.authentication.CasAuthentic
> ationToken;
> import org.springframework.security.core.Authentication;
> import org.springframework.web.bind.annotation.GetMapping;
> import org.springframework.web.bind.annotation.RestController;
>
> @RestController
> public class GreetingsController {
>
>  @GetMapping("/greet")
>  public String greetWithProxyTicket(Authentication authentication) {
>  String proxyTicket = null;
>
>
>  if (authentication != null && authentication instanceof
> CasAuthenticationToken {
>  AttributePrincipal principal = ((CasAuthenticationToken)
> authentication).getAssertion().getPrincipal();
>
>  if (principal != null) {
>  proxyTicket = principal.getProxyTicketFor("h
> ttp://localhost:8090/user");
>  }
>  }
>
>  return proxyTicket;
>  }
> }
>
> Here, the returned value is always null. getProxyTicketFor always gives
> me *null *value.
> Web application 1 pom.xml and application.yml files are attached in case
> they are needed.
>
> Any help on this is appreciated. Stuck on this for like month now :(
>
> Best Regards,
> Corsair
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/dc0cd2d2-5eb4-4d85-af80-
> 71ea06696044%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micXtkjxeJqt_3v7Vz611RBPT9SVk7ucOzHqyiZ4ZjDuCQ%40mail.gmail.com.

Re: [cas-user] Is it possible to delegate CAS authentication to a custom remote identity provider ?

[Man H]

Hi you just add maven/gradle dependency to original overlay

El viernes, 13 de abril de 2018, JON  escribió:

> Hi again
>
> I am trying to test the Trusted Authentication, adding code in the Maven
> Overlay. The code is the one existing in the cas-server-support-trusted
> module. I have been falling in a cascade of compilation errors that I have
> tried to overcome by adding dependencies in pom.xml
> The errors have been getting more and more primitive. And in the end I
> have come to
>
> [ERROR] /H:/aplic_saml_apereo_v5.2.0/cas-overlay-template-master/
> src/main/java/org/apereo/cas/adaptors/trusted/authentication/principal/
> ShibbolethServiceProviderRequestPrincipalAttributesExtractor.java:[26,31]
> cannot find symbol
> [ERROR]   symbol:   method toUpperCase()
> [ERROR]   location: variable t of type java.lang.Object
> [ERROR] /H:/aplic_saml_apereo_v5.2.0/cas-overlay-template-master/
> src/main/java/org/apereo/cas/adaptors/trusted/authentication/principal/
> ShibbolethServiceProviderRequestPrincipalAttributesExtractor.java:[27,71]
> incompatible types: java.lang.Object cannot be converted to java.lang.String
> [ERROR] /H:/aplic_saml_apereo_v5.2.0/cas-overlay-template-master/
> src/main/java/org/apereo/cas/adaptors/trusted/authentication/principal/
> ShibbolethServiceProviderRequestPrincipalAttributesExtractor.java:[28,49]
> incompatible types: java.lang.Object cannot be converted to java.lang.String
> [ERROR] /H:/aplic_saml_apereo_v5.2.0/cas-overlay-template-master/
> src/main/java/org/apereo/cas/adaptors/trusted/authentication/principal/
> ShibbolethServiceProviderRequestPrincipalAttributesExtractor.java:[29,25]
> incompatible types: java.lang.Object cannot be converted to
> java.util.Map
> [ERROR] -> [Help 1]
> org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute
> goal org.apache.maven.plugins:maven-compiler-plugin:3.3:compile
> (default-compile) on project cas-overlay: Compilation failure
>
>
> Thank you very much
>
>
> El domingo, 1 de abril de 2018, 23:46:07 (UTC+2), Manfredo Hopp escribió:
>>
>> See trusted authentication.
>> Local cas server should receive translated remote id entity through valve
>> or other mechanism.
>>
>>
>> El domingo, 1 de abril de 2018, JON JON  escribió:
>>
>>> Hi
>>>
>>> Is it possible to delegate authentication to a custom remote identity
>>> provider?
>>>
>>> This does not speak CAS, SAML, OAuth or OpenId Connect. It has its own
>>> SSO mechanism. End users use web browser to interact.
>>>
>>> Our identity provider has its own authentication mechanism, based on
>>> http, over j2ee, for users registered in a database.
>>> It can return a token with the user's profile (authentication mechanism,
>>> identity, context, and authorization attributes).
>>>
>>> Now we need to delegate CAS authentication to this identity provider. Do
>>> you think it is possible with any of the mechanisms provided by CAS?
>>>
>>> The ultimate goal is for CAS to be a SAML identity provider based on the
>>> identity information provided by our identity provider.
>>>
>>> Thanks in advance
>>>
>>> Jon
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/9289aac5-4ab1-43a0-9a72-b6d31e2e67
>>> e3%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/a64d99c2-0365-4860-a97a-
> 6e68b5efa218%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

[Man H]

do you type https://so..xy:8444/cas-management in your browser

2018-04-08 18:04 GMT-03:00 Olivier Calzi <o...@earlytracks.com>:

> As it's behind an haproxy i expected it to be the true url lie
> sso..xy/cas-management not localhost.
>
> On Sunday, April 8, 2018 at 10:29:24 PM UTC+2, Manfredo Hopp wrote:
>>
>> What do you expect you url to be.
>> What do you type con browser
>>
>> El domingo, 8 de abril de 2018, Olivier Calzi <o...@earlytracks.com>
>> escribió:
>>
>>> I got a non-working application as you can see on the pictures attached.
>>>
>>> Still localhost on the url despite my configuration.
>>>
>>>
>>> On Sunday, April 8, 2018 at 9:50:06 PM UTC+2, Manfredo Hopp wrote:
>>>>
>>>> I dont see any problem with the url you get.
>>>> What do you expect
>>>>
>>>> El domingo, 8 de abril de 2018, Olivier Calzi <o...@earlytracks.com>
>>>> escribió:
>>>>
>>>>> Hi,
>>>>>
>>>>> No problem.
>>>>>
>>>>> My folder is : /etc/cas/config
>>>>> The file is named management.properties
>>>>>
>>>>>
>>>>>
>>>>> Le dim. 8 avr. 2018 à 18:11, Man H <info.i...@gmail.com> a écrit :
>>>>>
>>>>>> Sorry forget last answers.
>>>>>>
>>>>>> Which folder are your management.properties?
>>>>>>
>>>>>> El domingo, 8 de abril de 2018, Olivier Calzi <o...@earlytracks.com>
>>>>>> escribió:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Thanks for your feedback.
>>>>>>> As i explain in my first post i did use all the settings from the
>>>>>>> link you provided.
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> On Sunday, April 8, 2018 at 5:49:39 PM UTC+2, Manfredo Hopp wrote:
>>>>>>>>
>>>>>>>> https://apereo.github.io/cas/5.2.x/installation/Configuratio
>>>>>>>> n-Properties.html#management-webapp
>>>>>>>>
>>>>>>>> El domingo, 8 de abril de 2018, Olivier Calzi <o...@earlytracks.com>
>>>>>>>> escribió:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> It's my first post here so please be kind to me :).
>>>>>>>>>
>>>>>>>>> I managed to get a working CAS server with the following
>>>>>>>>> dependency on the pom.xml
>>>>>>>>> 5.2.2
>>>>>>>>>
>>>>>>>>> 
>>>>>>>>>  org.apereo.cas
>>>>>>>>> cas-server-support-json-service-registry>>>>>>>> artifactId>
>>>>>>>>> ${cas.version}
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>   org.apereo.cas
>>>>>>>>>   cas-server-support-pm-ldap
>>>>>>>>>   ${cas.version}
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>   org.apereo.cas
>>>>>>>>>   cas-server-support-ldap
>>>>>>>>>   ${cas.version}
>>>>>>>>> 
>>>>>>>>>
>>>>>>>>> On the cas-management pom.ml
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> org.apereo.cas
>>>>>>>>> cas-management-webapp
>>>>>>>>> ${cas.version}
>>>>>>>>> war
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>   org.apereo.cas
>>>>>>>>>   cas-management-webapp-support-ldap
>>>>>>>>> 
>>>>>>>>>   ${cas.version}
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> org.apereo.cas
>>&g

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

[Man H]

I dont see any problem with the url you get.
What do you expect

El domingo, 8 de abril de 2018, Olivier Calzi <o...@earlytracks.com>
escribió:

> Hi,
>
> No problem.
>
> My folder is : /etc/cas/config
> The file is named management.properties
>
>
>
> Le dim. 8 avr. 2018 à 18:11, Man H <info.ings...@gmail.com> a écrit :
>
>> Sorry forget last answers.
>>
>> Which folder are your management.properties?
>>
>> El domingo, 8 de abril de 2018, Olivier Calzi <o...@earlytracks.com>
>> escribió:
>>
>>> Hi,
>>>
>>> Thanks for your feedback.
>>> As i explain in my first post i did use all the settings from the link
>>> you provided.
>>>
>>>
>>> Regards
>>>
>>> On Sunday, April 8, 2018 at 5:49:39 PM UTC+2, Manfredo Hopp wrote:
>>>>
>>>> https://apereo.github.io/cas/5.2.x/installation/
>>>> Configuration-Properties.html#management-webapp
>>>>
>>>> El domingo, 8 de abril de 2018, Olivier Calzi <o...@earlytracks.com>
>>>> escribió:
>>>>
>>>>> Hello,
>>>>>
>>>>> It's my first post here so please be kind to me :).
>>>>>
>>>>> I managed to get a working CAS server with the following dependency on
>>>>> the pom.xml
>>>>> 5.2.2
>>>>>
>>>>> 
>>>>>  org.apereo.cas
>>>>> cas-server-support-json-service-registry<
>>>>> /artifactId>
>>>>> ${cas.version}
>>>>> 
>>>>> 
>>>>>   org.apereo.cas
>>>>>   cas-server-support-pm-ldap
>>>>>   ${cas.version}
>>>>> 
>>>>> 
>>>>>   org.apereo.cas
>>>>>   cas-server-support-ldap
>>>>>   ${cas.version}
>>>>> 
>>>>>
>>>>> On the cas-management pom.ml
>>>>> 
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-management-webapp
>>>>> ${cas.version}
>>>>> war
>>>>> 
>>>>> 
>>>>>   org.apereo.cas
>>>>>   cas-management-webapp-support-ldap
>>>>>   ${cas.version}
>>>>> 
>>>>> 
>>>>> org.apereo.cas
>>>>> cas-server-support-json-service-registry<
>>>>> /artifactId>
>>>>> ${cas.version}
>>>>> 
>>>>> 
>>>>>
>>>>> 
>>>>> 5.2.2
>>>>>
>>>>>
>>>>> So i made my settings and i got on the cas-management web-page « The
>>>>> administrative application of CAS is not available» but i'm getting the
>>>>> favicon and the CSS right.
>>>>> When i looked up into the GET which is being done during the request i
>>>>> found out a request to :
>>>>> https://YX/cas/login?service=https://localhost:
>>>>> 8444/cas-management/manage.html
>>>>>
>>>>> It doesn't make sense to me why i still getting this url as i make my
>>>>> configuration of the cas-management on a management.properties like this.
>>>>> server.port=8444
>>>>> server.contextPath=/cas-management
>>>>>
>>>>> cas.mgmt.adminRoles[0]=ROLE_ADMIN
>>>>> cas.mgmt.adminRoles[1]=ROLE_SUPER_USER
>>>>>
>>>>> # cas.mgmt.userPropertiesFile=classpath:/user-details.[json|yml]
>>>>> # cas.mgmt.userPropertiesFile=classpath:/user-details.properties
>>>>>
>>>>> cas.mgmt.serverName=https://sso.libre-cloud.org
>>>>> cas.mgmt.defaultLocale=en
>>>>>
>>>>> cas.mgmt.authzAttributes[0]=memberOf
>>>>> cas.mgmt.authzAttributes[1]=groupMembership
>>>>>
>>>>> # Connect to a CAS server for authentication
>>>>> cas.server.name=https://y
>>>>> #cas.server.prefix=
>>>>>
>>>>> # Use regex for authorized IPs
>>>>> #cas.mgmt.authzIpRegex=
>>>>>
>>>>>
>>>>> My current thought is that i should have anothe port open through the
>

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

[Man H]

Sorry forget last answers.

Which folder are your management.properties?

El domingo, 8 de abril de 2018, Olivier Calzi 
escribió:

> Hi,
>
> Thanks for your feedback.
> As i explain in my first post i did use all the settings from the link you
> provided.
>
>
> Regards
>
> On Sunday, April 8, 2018 at 5:49:39 PM UTC+2, Manfredo Hopp wrote:
>>
>> https://apereo.github.io/cas/5.2.x/installation/Configuratio
>> n-Properties.html#management-webapp
>>
>> El domingo, 8 de abril de 2018, Olivier Calzi 
>> escribió:
>>
>>> Hello,
>>>
>>> It's my first post here so please be kind to me :).
>>>
>>> I managed to get a working CAS server with the following dependency on
>>> the pom.xml
>>> 5.2.2
>>>
>>> 
>>>  org.apereo.cas
>>> cas-server-support-json-service-registry>> artifactId>
>>> ${cas.version}
>>> 
>>> 
>>>   org.apereo.cas
>>>   cas-server-support-pm-ldap
>>>   ${cas.version}
>>> 
>>> 
>>>   org.apereo.cas
>>>   cas-server-support-ldap
>>>   ${cas.version}
>>> 
>>>
>>> On the cas-management pom.ml
>>> 
>>> 
>>> org.apereo.cas
>>> cas-management-webapp
>>> ${cas.version}
>>> war
>>> 
>>> 
>>>   org.apereo.cas
>>>   cas-management-webapp-support-ldap
>>>   ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-json-service-registry>> artifactId>
>>> ${cas.version}
>>> 
>>> 
>>>
>>> 
>>> 5.2.2
>>>
>>>
>>> So i made my settings and i got on the cas-management web-page « The
>>> administrative application of CAS is not available» but i'm getting the
>>> favicon and the CSS right.
>>> When i looked up into the GET which is being done during the request i
>>> found out a request to :
>>> https://YX/cas/login?service=https://localhost:8444/
>>> cas-management/manage.html
>>>
>>> It doesn't make sense to me why i still getting this url as i make my
>>> configuration of the cas-management on a management.properties like this.
>>> server.port=8444
>>> server.contextPath=/cas-management
>>>
>>> cas.mgmt.adminRoles[0]=ROLE_ADMIN
>>> cas.mgmt.adminRoles[1]=ROLE_SUPER_USER
>>>
>>> # cas.mgmt.userPropertiesFile=classpath:/user-details.[json|yml]
>>> # cas.mgmt.userPropertiesFile=classpath:/user-details.properties
>>>
>>> cas.mgmt.serverName=https://sso.libre-cloud.org
>>> cas.mgmt.defaultLocale=en
>>>
>>> cas.mgmt.authzAttributes[0]=memberOf
>>> cas.mgmt.authzAttributes[1]=groupMembership
>>>
>>> # Connect to a CAS server for authentication
>>> cas.server.name=https://y
>>> #cas.server.prefix=
>>>
>>> # Use regex for authorized IPs
>>> #cas.mgmt.authzIpRegex=
>>>
>>>
>>> My current thought is that i should have anothe port open through the
>>> tomcat in order to serve the request on the port 8444 (then behind any
>>> proxy that i want) but i don't understand where do the «localhost» pop out.
>>>
>>> I hope that i  precise enough with my explanations.
>>>
>>> Thanks,
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/6e48da90-17a8-4f38-8abb-6915431ddb
>>> 0c%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c0b2e961-ed6d-415b-9fd2-
> f9230124eacc%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on 

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

[Man H]

I dont see them in that post

El domingo, 8 de abril de 2018, Olivier Calzi 
escribió:

> Hi,
>
> Thanks for your feedback.
> As i explain in my first post i did use all the settings from the link you
> provided.
>
>
> Regards
>
> On Sunday, April 8, 2018 at 5:49:39 PM UTC+2, Manfredo Hopp wrote:
>>
>> https://apereo.github.io/cas/5.2.x/installation/Configuratio
>> n-Properties.html#management-webapp
>>
>> El domingo, 8 de abril de 2018, Olivier Calzi 
>> escribió:
>>
>>> Hello,
>>>
>>> It's my first post here so please be kind to me :).
>>>
>>> I managed to get a working CAS server with the following dependency on
>>> the pom.xml
>>> 5.2.2
>>>
>>> 
>>>  org.apereo.cas
>>> cas-server-support-json-service-registry>> artifactId>
>>> ${cas.version}
>>> 
>>> 
>>>   org.apereo.cas
>>>   cas-server-support-pm-ldap
>>>   ${cas.version}
>>> 
>>> 
>>>   org.apereo.cas
>>>   cas-server-support-ldap
>>>   ${cas.version}
>>> 
>>>
>>> On the cas-management pom.ml
>>> 
>>> 
>>> org.apereo.cas
>>> cas-management-webapp
>>> ${cas.version}
>>> war
>>> 
>>> 
>>>   org.apereo.cas
>>>   cas-management-webapp-support-ldap
>>>   ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-json-service-registry>> artifactId>
>>> ${cas.version}
>>> 
>>> 
>>>
>>> 
>>> 5.2.2
>>>
>>>
>>> So i made my settings and i got on the cas-management web-page « The
>>> administrative application of CAS is not available» but i'm getting the
>>> favicon and the CSS right.
>>> When i looked up into the GET which is being done during the request i
>>> found out a request to :
>>> https://YX/cas/login?service=https://localhost:8444/
>>> cas-management/manage.html
>>>
>>> It doesn't make sense to me why i still getting this url as i make my
>>> configuration of the cas-management on a management.properties like this.
>>> server.port=8444
>>> server.contextPath=/cas-management
>>>
>>> cas.mgmt.adminRoles[0]=ROLE_ADMIN
>>> cas.mgmt.adminRoles[1]=ROLE_SUPER_USER
>>>
>>> # cas.mgmt.userPropertiesFile=classpath:/user-details.[json|yml]
>>> # cas.mgmt.userPropertiesFile=classpath:/user-details.properties
>>>
>>> cas.mgmt.serverName=https://sso.libre-cloud.org
>>> cas.mgmt.defaultLocale=en
>>>
>>> cas.mgmt.authzAttributes[0]=memberOf
>>> cas.mgmt.authzAttributes[1]=groupMembership
>>>
>>> # Connect to a CAS server for authentication
>>> cas.server.name=https://y
>>> #cas.server.prefix=
>>>
>>> # Use regex for authorized IPs
>>> #cas.mgmt.authzIpRegex=
>>>
>>>
>>> My current thought is that i should have anothe port open through the
>>> tomcat in order to serve the request on the port 8444 (then behind any
>>> proxy that i want) but i don't understand where do the «localhost» pop out.
>>>
>>> I hope that i  precise enough with my explanations.
>>>
>>> Thanks,
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/6e48da90-17a8-4f38-8abb-6915431ddb
>>> 0c%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c0b2e961-ed6d-415b-9fd2-
> f9230124eacc%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Re: [cas-user] Using CAS for windows authentication

[Man H]

See https://github.com/apereo/dotnet-cas-client/blob/master/README.md

El sábado, 7 de abril de 2018, M. Reza Ganji  escribió:

> Is it possible to use CAS for windows authentication?
> For example, logging in to CAS before windows starts the session.
>
> I have looked at https://en.m.wikipedia.org/wiki/Integrated_Windows_
> Authentication and  https://en.m.wikipedia.org/wiki/Spnego and
> https://apereo.github.io/cas/5.2.x/installation/SPNEGO-Authentication.html
> But it works as SSO with CAS after user logs in with AD credentials. I
> want user to login with CAS.
>
> Thank you for your help in advance
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/a6ad79c1-a6d3-43ef-97ca-
> 8f7c0902b8e7%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifvydMWY_D_eJCKsiSEA%3D9Xp-wxctJYV%2BteCuYNa_7_Kw%40mail.gmail.com.

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

[Man H]

https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#management-webapp

El domingo, 8 de abril de 2018, Olivier Calzi 
escribió:

> Hello,
>
> It's my first post here so please be kind to me :).
>
> I managed to get a working CAS server with the following dependency on the
> pom.xml
> 5.2.2
>
> 
>  org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
>   org.apereo.cas
>   cas-server-support-pm-ldap
>   ${cas.version}
> 
> 
>   org.apereo.cas
>   cas-server-support-ldap
>   ${cas.version}
> 
>
> On the cas-management pom.ml
> 
> 
> org.apereo.cas
> cas-management-webapp
> ${cas.version}
> war
> 
> 
>   org.apereo.cas
>   cas-management-webapp-support-ldap
>   ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry<
> /artifactId>
> ${cas.version}
> 
> 
>
> 
> 5.2.2
>
>
> So i made my settings and i got on the cas-management web-page « The
> administrative application of CAS is not available» but i'm getting the
> favicon and the CSS right.
> When i looked up into the GET which is being done during the request i
> found out a request to :
> https://YX/cas/login?service=https://localhost:
> 8444/cas-management/manage.html
>
> It doesn't make sense to me why i still getting this url as i make my
> configuration of the cas-management on a management.properties like this.
> server.port=8444
> server.contextPath=/cas-management
>
> cas.mgmt.adminRoles[0]=ROLE_ADMIN
> cas.mgmt.adminRoles[1]=ROLE_SUPER_USER
>
> # cas.mgmt.userPropertiesFile=classpath:/user-details.[json|yml]
> # cas.mgmt.userPropertiesFile=classpath:/user-details.properties
>
> cas.mgmt.serverName=https://sso.libre-cloud.org
> cas.mgmt.defaultLocale=en
>
> cas.mgmt.authzAttributes[0]=memberOf
> cas.mgmt.authzAttributes[1]=groupMembership
>
> # Connect to a CAS server for authentication
> cas.server.name=https://y
> #cas.server.prefix=
>
> # Use regex for authorized IPs
> #cas.mgmt.authzIpRegex=
>
>
> My current thought is that i should have anothe port open through the
> tomcat in order to serve the request on the port 8444 (then behind any
> proxy that i want) but i don't understand where do the «localhost» pop out.
>
> I hope that i  precise enough with my explanations.
>
> Thanks,
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6e48da90-17a8-4f38-8abb-
> 6915431ddb0c%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midgiF3qZKPKjZKGJVHAr_fWZzHCa%3DPZx0quO_A-QorasA%40mail.gmail.com.

Re: [cas-user] How can I config the cas to support authorize differnet user or group of users to access different cas client.

[Man H]

For 5.2


https://apereo.github.io/cas/5.2.x/installation/Configuring-Custom-Authentication.html


El sábado, 7 de abril de 2018, Donghua Liu 
escribió:

> Hi, everyone.
>
> I have some requirements. One of the problems is that I need to implement
> authorization different users to different cas client, because not all
> users have access to all the cas client configured to authenticate with
> cas. I also go through the cas-management project, but what this project
> does is merely configuring the cas client, not the users or groups of users.
>
> Any help would be appreciated!
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/31932e10-9f2b-49d5-b5d1-
> bc0d27b1ab1c%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifLej8xwop0xh%3DkLxouHn36MESY0BeUa99mt22EpXgnnw%40mail.gmail.com.

Re: [cas-user] How to get SLO to work in CAS 5?

[Man H]

Try

(Cas-server)/cas/logout



https://apereo.github.io/cas/5.2.x/installation/Logout-Single-Signout.html

El domingo, 1 de abril de 2018, paul li  escribió:

> Hi
>
>
>
> My team is working with CAS (5.2.3) and delegated SAML authentication via
> pac4j libraries. What we have so far:
>
> 1.  3 separate services, each is configured through spring to
> authenticate with CAS.
>
> 2.  CAS is configured to delegate authentication to SAML IDP via
> *cas.properties* config
>
> 3.  We extended the ClientAuthenticationHandler with small changes
> and registered it through a @Configuration class.
>
>
>
> With this basic setup, we are able to get the SSO to work correctly across
> the services, against okta sample IDP, with a flow similar to this:
>
> *SP -> CAS -> Delegate Authentication -> Redirect to IDP -> Input
> credentials -> IDP returns SAML response -> CasAuthenticationFilter
> finishes the authentication and ST issuing -> System redirects the original
> ‘service’ url.*
>
>
>
> However, we are trying to get *single logout (SLO)* to work with the
> existing framework, we got no luck.
>
> It appears the system only logging out the local service, but not other
> services.
>
>
>
> *What we have at the moment:*
>
> For each of the service module, we have the following configured:
>
> 1. LogoutFilter via spring bean
>
> 2. SingleSignOutFilter via web.xml or spring bean
>
> 3. SingleSignOutHttpSessionListener in web.xml
>
>
> Also we have ServiceRegistry json with logoutType: BACK_CHANNEL
>
>
> spring config
>
>*"casAuthenticationEntryPoint"*>
>
>*"permitAll"* />
>
>   method=*"GET"* />
>
>   />
>
>  
>
>  
>
>   *"LOGOUT_FILTER"* />
>
>   *"CAS_FILTER"* />
>
>   *"CAS_FILTER"* />
>
>   
>
>
>
>*"org.jasig.cas.client.session.SingleSignOutFilter"*
>
>  p:ignoreInitConfiguration=*"true"* ß-not sure if we need
> this
>
>  p:casServerUrlPrefix=*"${cas.server.app}/"* />
>
>
>
> *"org.springframework.security.web.authentication.logout.LogoutFilter"*
>
>  p:filterProcessesUrl=*"/logout/cas/"* >
>
>   *"${cas.server.app}/logout?service=${calendar.client.app}/"* />
>
>  
>
>  *"org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"*
> >
>
>  
>
>   
>
>
> In web.xml of each module, we have:
>
>  
>
> org.jasig.cas.client.session.SingleSignOutHt
> tpSessionListener
>  
>
>   CAS Single Sign Out Filter
>
> org.jasig.cas.client.session.SingleSignOutFilter filter-class>
>
>   
>
>   
>
>CAS Single Sign Out Filter
>
> /*
>
>   
>
>
> *service registry:*
>
> {
>
>   "@class": *"org.apereo.cas.services.RegexRegisteredService"*,
>
>   "serviceId": *"^(http|https|imaps)://.*"*,
>
>   "name": *"HTTPS and IMAPS"*,
>
>   "id": 1001,
>
>   "description": *"This service definition authorizes all application
> urls that support HTTPS and IMAPS protocols."*,
>
>   "evaluationOrder": 1,
>
>   "logoutType" : *"BACK_CHANNEL"*,
>
> ….
>
>
>
> *Problem:*
>
> When we issue a logout via: https://localhost:8443/pl
> atformadmin/logout/cas/ , we see the *LogoutFilter* is triggered and in
> *doFilter() *session is invalidated.
>
> *SingleSignOutHttpSessionListen**er#sessionDestroy() *is immediately
> triggered after.
>
>
> Then *SingleLogoutFilter* is triggered, in which *SingleSignoutHandler#*
> *process*(..) method, BACK_CHANNEL logout is triggered.
>
> In the console log however, I only see the ST of the current service
> (platformadmin) is destroyed.
>
>
> If we access any modules *other than* *platformadmin*, we are directed to
> the app automatically.
>
> It seems we are only logged out of the current service modules (local
> logout), but didn’t logout from the other service modules.
>
>
> What configuration are we missing? I see posts in this group where they
> have SLO working,
>
> We'd much appreciate if someone could provide a summary of their
> configuration.
>
>
> Please let us know if you have any advices
>
>
> Thanks!
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/43525944-da4f-4891-ae95-
> 3f81eb7f07c0%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: 

Re: [cas-user] Unable to build and/or run either cas, cas-overlay-template or cas-gradle-overlay-template

[Man H]

Default is /etc/cas/config/cas.properties which should be copied by script.

El domingo, 1 de abril de 2018, Rovanion Luckey 
escribió:

> And switching over to https got that rolling. So remaining are my two
> questions:
>
> 1. How do I configure the template not to log to `/etc/cas/logs`?
>   Editing `/etc/cas/config/log4j2.xml` as described in the
> original post unfortunately had no effect, and that is the only place where
> `git grep "/etc/cas/logs"` found any match.
>
> 2. Are there other configuration options in the template that refer to the
> root of the file system rather than the root of the project folder?
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/66045f9b-2cc9-4665-ac28-
> 25d7a4497d7e%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midxkOx4qjEt6N8aTe63Z%2B42gnkMkHT3exuugpFAas1eLQ%40mail.gmail.com.

Re: [cas-user] Is it possible to delegate CAS authentication to a custom remote identity provider ?

[Man H]

See trusted authentication.
Local cas server should receive translated remote id entity through valve
or other mechanism.


El domingo, 1 de abril de 2018, JON JON  escribió:

> Hi
>
> Is it possible to delegate authentication to a custom remote identity
> provider?
>
> This does not speak CAS, SAML, OAuth or OpenId Connect. It has its own SSO
> mechanism. End users use web browser to interact.
>
> Our identity provider has its own authentication mechanism, based on http,
> over j2ee, for users registered in a database.
> It can return a token with the user's profile (authentication mechanism,
> identity, context, and authorization attributes).
>
> Now we need to delegate CAS authentication to this identity provider. Do
> you think it is possible with any of the mechanisms provided by CAS?
>
> The ultimate goal is for CAS to be a SAML identity provider based on the
> identity information provided by our identity provider.
>
> Thanks in advance
>
> Jon
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/9289aac5-4ab1-43a0-9a72-
> b6d31e2e67e3%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mify4Uu2yOKG1xv7_kUBpx3WEgUhGj%3Douc6_kU%2BOdzpwNA%40mail.gmail.com.

Re: [cas-user] Unable to build and/or run either cas, cas-overlay-template or cas-gradle-overlay-template

[Man H]

Did you try sudo...

El sábado, 31 de marzo de 2018, Rovanion Luckey 
escribió:

> All this is on a 64-bit Ubuntu 16.04 with OpenJDK 9, cas-overlay-template
> was also tested with JDK 8.
>
> Starting with cas-gradle-overlay-template on 
> 7435f376831e2760e3fa91c52e9094bcc4da413e,
> that is master, and the full procedures as follows:
>
> $ git clone g...@github.com:apereo/cas-gradle-overlay-template.git
> $ cd cas-gradle-overlay-template/
> $ ./build.sh run
>
> This, as far as I understand it, is what's needed to get the project up
> and running. The README isn't very clear on the subject though. The full
> output of the last command is rather long and can be found here:
> http://paste.ubuntu.com/p/hxCNnNvrX4/
>
> The first of the many reported issues being that the program is unable to
> create a folder `/etc/cas/logs` which is quite right assuming that the
> error message is correct. A user program should not touch anything under
> `/etc` and `/etc` is not the right place for logs, see the Linux Standard
> Base Filesystem Hiarchy Standard [0]. Logs in a development environment
> should be located in a folder relative to the project itself and in a
> production environment under `/var/log`.
>
> I made an attempt at changing where the logs were being written to by
> modifying `/etc/cas/config/log4j2.xml` so that the property
> `baseDir` read `./hat/cat`, yet the error continues to read `Could not
> create directory /etc/cas/logs`.
>
> Running out of ideas available to me as a normal user I reached for the
> second template in the stack, cas-overlay-template:
>
> $ git clone g...@github.com:apereo/cas-overlay-template.git
> $ ./build.sh run
> Exception in thread "main" javax.net.ssl.SSLException: java.lang.
> RuntimeException: Could not generate DH keypair
> at sun.security.ssl.Alerts.getSSLException(java.base@9-internal/Alerts
> .java:214)
> at sun.security.ssl.SSLSocketImpl.fatal(java.base@9-internal/SS
> LSocketImpl.java:1949)
> at sun.security.ssl.SSLSocketImpl.fatal(java.base@9-internal/SS
> LSocketImpl.java:1901)
> at sun.security.ssl.SSLSocketImpl.handleException(java.base@9-internal
> /SSLSocketImpl.java:1884)
> at sun.security.ssl.SSLSocketImpl.startHandshake(java.base@9-internal/
> SSLSocketImpl.java:1416)
> at sun.security.ssl.SSLSocketImpl.startHandshake(java.base@9-internal/
> SSLSocketImpl.java:1393)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(java.base@9-
> internal/HttpsClient.java:559)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.
> connect(java.base@9-internal/AbstractDelegateHttpsURLConnection.java:185)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(java.
> base@9-internal/HttpURLConnection.java:1511)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(java.
> base@9-internal/HttpURLConnection.java:1439)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(
> java.base@9-internal/HttpsURLConnectionImpl.java:235)
> at org.apache.maven.wrapper.DefaultDownloader.downloadInternal(
> DefaultDownloader.java:84)
> at org.apache.maven.wrapper.DefaultDownloader.download(DefaultD
> ownloader.java:68)
> at org.apache.maven.wrapper.Installer.createDist(Installer.java:69)
> at org.apache.maven.wrapper.WrapperExecutor.execute(WrapperExecutor.
> java:149)
> at org.apache.maven.wrapper.MavenWrapperMain.main(MavenWrapperMain.
> java:48)
> Caused by: java.lang.RuntimeException: Could not generate DH keypair
> at sun.security.ssl.DHCrypt.(java.base@9-internal/DHCrypt.java:
> 142)
> at sun.security.ssl.DHCrypt.(java.base@9-internal/DHCrypt.java:
> 114)
> at sun.security.ssl.ClientHandshaker.serverKeyExchange(java.base@9-
> internal/ClientHandshaker.java:830)
> at sun.security.ssl.ClientHandshaker.processMessage(java.base@9-
> internal/ClientHandshaker.java:335)
> at sun.security.ssl.Handshaker.processLoop(java.base@9-internal/
> Handshaker.java:1003)
> at sun.security.ssl.Handshaker.processRecord(java.base@9-internal/
> Handshaker.java:937)
> at sun.security.ssl.SSLSocketImpl.processInputRecord(java.base@9-
> internal/SSLSocketImpl.java:1119)
> at sun.security.ssl.SSLSocketImpl.readRecord(java.base@9-internal/
> SSLSocketImpl.java:1056)
> at sun.security.ssl.SSLSocketImpl.readRecord(java.base@9-internal/
> SSLSocketImpl.java:955)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(java.base@9-
> internal/SSLSocketImpl.java:1382)
> at sun.security.ssl.SSLSocketImpl.startHandshake(java.base@9-internal/
> SSLSocketImpl.java:1409)
> ... 11 more
> Caused by: java.security.InvalidAlgorithmParameterException: Prime size
> must be multiple of 64, and can only range from 512 to 2048 (inclusive)
> at com.sun.crypto.provider.DHKeyPairGenerator.initialize(java.base@9-
> internal/DHKeyPairGenerator.java:120)
> at java.security.KeyPairGenerator$Delegate.initialize(java.base@9-
> 

Re: [cas-user] SSO + Local Authentication

[Man H]

Try connectButton href /cas/login?service=

El lunes, 26 de marzo de 2018, Maxime Marty-Dessus <
maxime.marty-des...@aidimpact.com> escribió:

> Hello everybody :)
>
> So here's my problem
> I work currently on a login interface project for our application. The
> client wants to have two ways of login to our app :
>
>- Login via their CAS (we don't own this CAS)
>- Login via a "local" login/password, if, for instance, the client
>wants an external consultant to access the application without registering
>him in the CAS
>
> We already managed to develop the interface. This is a simple webpage,
> where the client can either click on a "Connect" button, redirecting him to
> the CAS, or a "Local LogOn" button, which redirect him to a form to fill
> with local credentials. In both cases, the user is redirected to our app
> and logged in with correct credentials.
>
>
> BUT, the client doesn't want to click on the "Connect" button, but wants
> to be automatically redirected to our app if he is already connected on the
> CAS
>
> The problem is, if I automatically redirect him to the CAS, the user can't
> use the Local LogOn way because he will be blocked on the CAS.
>
>
> Is there a way to query the CAS if the user is already logged, without
> redirecting him to it ? Or another way to do the trick?
>
>
> If you have any hint to solve this problem, it will be very much
> appreciated.
>
>
> Thank you in advance for your future answers !
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/92235380-351b-460e-b3de-
> b78f9d4f99a7%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid_VPfEX7cQ2B4j_AeEMgVneiXXH4%3DtUvjuLTfRcM%2Bqqw%40mail.gmail.com.

Re: [cas-user] build from source with additional modules

[Man H]

This is not the information you gave on first place.
So try not to mislead answers.
Why you want to use gradle if you where using maven.


El domingo, 25 de marzo de 2018, Scott Koranda 
escribió:

> Hi,
>
> > Copy etc/cas/properties to /etc/cas/properties
> > Add modules relevant properties to that.
> > See
> > https://apereo.github.io/cas/5.2.x/installation/
> Configuration-Properties.html
>
> Thank you for your prompt reply, but this is not the information I need.
>
> I have a working and configured CAS deployment deployed using a standard
> Maven overlay approach. It is already configured to use the JSON service
> registry and pac4j modules. I did that by appropriately adding
> dependencies in my pom.xml file and then adding appropriate
> configurations to /etc/cas/config/cas.properties.
>
> Now I want to build CAS from source using gradle and use the same
> configuration.
>
> I am able to build from source as I detailed in my last note, but the
> war file I build does not have the JSON service registry or pac4j
> modules includes.
>
> I need a detailed explanation or example of how I modify a gradle
> build.gradle file to include the JSON service registry or pac4j module
> in the war file built from source.
>
> I would be grateful if someone could provide that information.
>
> Thank you for your time.
>
> Scott K
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/20180325135942.t7n63gsdppotycnd%40paprika.
> local.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midiAa0_rXt1AefQ9M%2B4YmbfGNBtYyet8BnTPwuShXYuDw%40mail.gmail.com.

Re: [cas-user] build from source with additional modules

[Man H]

  Copy etc/cas/properties to /etc/cas/properties
Add modules relevant properties to that.
See
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html


El sábado, 24 de marzo de 2018, Scott Koranda  escribió:

> Hi,
>
> I would like to build CAS from source so that I can add some additional
> debugging to troubleshoot an issue with the pac4j SAML2 client support
> for version 5.2.x.
>
> I did
>
> git clone g...@github.com:apereo/cas.git cas-server
> cd cas-server
> git checkout 5.2.x
> ./gradlew war --parallel -x test -x javadoc -x check
>
> The build completed successfully.
>
> I was then able to do
>
> sudo cp \
> ./webapp/cas-server-webapp/build/libs/cas-server-webapp-5.2.4-SNAPSHOT.war
> \
> /var/lib/tomcat8/webapps/cas.war
>
> restart Tomcat 8.5
>
> and see the CAS server start up and access /cas/login.
>
> I need, however, to add the module for pac4j support and for the JSON
> service registry.
>
> I see on this page
>
> https://apereo.github.io/cas/developer/Build-Process-5X.html
>
> the text
>
> "To test the functionality provided by a given CAS module, execute the
> following steps:
>
> Add the module reference to the build script (i.e. build.gradle) of web
> application you intend to run (i.e Web App, Management Web App, etc)"
>
> and the example
>
> implementation project(":support:cas-server-support-modulename")
>
> I did add the line
>
> implementation project(":support:cas-server-support-json-service-registry"
> )
>
> to the file
>
> webapp/build.gradle
>
> but when I copied over the war file and restarted Tomcat the configured
> JSON service registry was not recognized.
>
> What step am I missing to add the JSON service registry support to the
> war file I build from source?
>
> Thanks,
>
> Scott K
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/20180324163227.ca72ilrewnfdnojn%40paprika.
> local.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifr3Z53K%2BOnAwh0f5JNtEzupn9_Ts62YaLNX03%2By%3DbPEQ%40mail.gmail.com.

Re: [cas-user] Does anyone use ssoEnabled in service definitions

[Man H]

Put service with ssoenabled=false in first order of evaluation

El jueves, 22 de marzo de 2018, Ted Fisher  escribió:

> I’d like to try to rephrase my question since I only got one response:
>
>
>
> Is anyone using ssoEnabled set false in service definitions to effect the
> same as renew=true from the client side?
>
>
>
> I haven’t been able to get it to work and even insane levels of logging
> don’t reveal much, which puts me at a dead end.
>
>
>
> Can anyone suggest what the problem might be or where I could look for how
> to get it working?
>
>
>
> Thanks.
>
>
>
> Ted Fisher
>
>
>
> *From:* cas-user@apereo.org  *On Behalf Of *Ted
> Fisher
> *Sent:* Tuesday, March 20, 2018 10:09 AM
> *To:* cas-user@apereo.org
> *Subject:* [cas-user] ssoEnabled in service definition not working
> correctly
>
>
>
>
>
> We are running CAS 4.1.5 and we need to make a couple services do
> authentication only through CAS without creating an SSO session – that is
> force renew=true from the CAS server and do not create a session after
> authenticating (no TGT).  My understanding of how to do this (per
> https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-
> Cookie.html
> )
>  is to set create.sso.renewed.authn=false in cas.properties and include
> these in the service definition:
>
>"accessStrategy" : {
>
> "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccess
> Strategy",
>
> "enabled" : true,
>
> "ssoEnabled" : false
>
>},
>
>
>
> However, when I do this it does not allow authentication at all with the
> following complaint in the log:
>
> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement:
> Service [https://ssotest.bgsu.edu *… is not allowed to use SSO.*
>
> Am I missing something?  Can anyone suggest why it is not processing the
> service parameters as it seems it should?
>
>
>
> Thanks.
>
>
>
> Ted Fisher
>
> ITS, BGSU
>
>
>
>
>
> --
> - Website: https://apereo.github.io/cas
> 
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CY4PR05MB29339FFE13545423F8F44
> CA8C0AB0%40CY4PR05MB2933.namprd05.prod.outlook.com
> 
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CY4PR05MB293322A0CE40570D36D9C
> 929C0A90%40CY4PR05MB2933.namprd05.prod.outlook.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are 

Re: [cas-user] CAS 5.2 delegate authentication to custom CAS 3

[Man H]

see
https://apereo.github.io/cas/5.2.x/installation/Trusted-Authentication.html

2018-03-22 17:52 GMT-03:00 Diego Henrique Pagani :

> Hello,
>
> I have a problem guys:
> We have an legacy CAS3, witch has some customizations inside the source
> code and some application that *only authenticate* with this specific CAS
> (Let's call it app1).
> Recently, I configured a new CAS5,  some applications (Let's call app2)
> usign Oauth2 protocol to communicate with CAS5 and everything is working
> fine, until now.
>
> We need a SSO session between app1 and app2, but app1 only uses CAS3 and
> app2 only uses CAS5. So, I have configured CAS5 to delegate authentication
> to CAS3,
> witch is working but I have to click on the login screen to redirect to
> CAS3. Is it possible to redirect to cas 3 directly?
>
>
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6865a0ec-5190-4eca-beb3-
> 929d3ab4f9fd%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifnk8%2B2m%2Bt_subG_XXGj_rddzRzdwNkQAzcx7C-9SPjHg%40mail.gmail.com.

Re: [cas-user] Help with migrating CAS 4.x to 5.x

[Man H]

see
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a0b7e04-b40f-4508-a5a8-06319bf9d7d6%40apereo.org?utm_medium=email_source=footer


2018-03-21 16:36 GMT-03:00 Nick Thacker :

> Hi all,
>
> I know this has been posted before (https://groups.google.com/a/
> apereo.org/forum/?utm_medium=email_source=footer#!msg/
> cas-user/hmtHSpsYhLE/dXhzQSNJAAAJ), but I am still having a hard time
> upgrading our CAS 4.x to 5.x.  I have not worked much in the Spring
> Framework and Spring Boot, so I'm still fresh to much of the inner workings
> of it.
>
> A previous developer had set up CAS 4.x with a custom authentication
> handler for our application environment.  Please see the code for the
> handler and deployerConfigContext.xml:
>
> *deployerConfigContext.xml:*
> 
> 
> 
> 
>
>
>
>
> 
> 
> 
> 
>
>
>p:backingMap-ref="attrRepoBackingMap" />
>
>
> 
> 
>
>
> 
> 
> 
> 
> 
> memberOf
> 
> faculty
> staff
> org
> 
> 
> 
>
>
> 
>
>
> 
>
>
> 
>
>
> 
> 
>
>
> 
> 
>
>
>class="org.jasig.inspektr.audit.support.
> Slf4jLoggingAuditTrailManager"
>   p:entrySeparator="${cas.audit.singleline.separator:|}"
>   p:useSingleLine="${cas.audit.singleline:false}"/>
>
>
> 
>
>
> 
> 
> 
> 
>
>
>
> 
> 
> 
> 
>
>
>
>
>  
>
>  
>  
>  
>  
>   destroy-method="close">
>  
>  
>  
>  
>
>
>  
>
>
>  
>
>
> *CustomDatabaseHandler:*
> package example.apps.cas.authentication;
>
>
> import java.security.GeneralSecurityException;
> import java.sql.SQLException;
> import java.util.HashMap;
> import java.util.List;
> import java.util.Map;
>
>
> import javax.security.auth.login.AccountNotFoundException;
> import javax.security.auth.login.FailedLoginException;
> import org.apache.commons.lang3.StringUtils;
> import org.jasig.cas.authentication.BasicCredentialMetaData;
> import org.jasig.cas.authentication.Credential;
> import org.jasig.cas.authentication.DefaultHandlerResult;
> import org.jasig.cas.authentication.HandlerResult;
> import org.jasig.cas.authentication.MessageDescriptor;
> import org.jasig.cas.authentication.PreventedException;
> import org.jasig.cas.authentication.UsernamePasswordCredential;
> import org.jasig.cas.authentication.handler.support.
> AbstractUsernamePasswordAuthenticationHandler;
> import org.jasig.cas.authentication.principal.DefaultPrincipalFactory;
> import org.jasig.cas.authentication.principal.Principal;
> import org.apache.commons.dbcp.BasicDataSource;
>
>
> import example.apps.cas.dao.UserDao;
> import example.apps.cas.model.UserModel;
>
>
> public class DatabaseAuthenticationHandler extends
> AbstractUsernamePasswordAuthenticationHandler {
>
>
>  private DefaultPrincipalFactory principalFactory = null;
>  private BasicDataSource dataSource = null;
>
>
>  @Override
>  public boolean supports(Credential credentials) {
>  return credentials != null && UsernamePasswordCredential.class.
> isAssignableFrom(credentials.getClass());
>  }
>
>
>  @Override
>  protected HandlerResult authenticateUsernamePasswordInternal(
> UsernamePasswordCredential credentials)
>  throws GeneralSecurityException, PreventedException {
>
>
>  String username = credentials.getUsername().trim();
>  String password = credentials.getPassword();
>
>
>  UserDao userDao = new UserDao();
>  BasicDataSource dataSource = this.getDataSource();
>  userDao.setDataSource(dataSource);
>
>
>  // Throw exception if username is blank
>  if (StringUtils.isEmpty(username)) {
>  throw new AccountNotFoundException("Username can not be blank.");
>  }
>
>
>  // Throw exception if password is blank
>  if (StringUtils.isEmpty(password)) {
>  throw new FailedLoginException(String.format("Password can not be blank
> for user %s.", username));
>  }
>
>
>  // Throw exception if unable to select password from database
>  UserModel user = new UserModel();
>  try {
>  user = userDao.getUser(username);
>  } catch (SQLException e) {
>  e.printStackTrace();
>  throw new PreventedException(String.format("Unable to retrieve password
> from database for user %s."), e);
>  }
>
>
>  // Throw exception if user account does not exist in database
>  if (user == null) {
>  throw new AccountNotFoundException(String.format("Unable to find account
> for user %s.", username));
>  }
>
>
>  // Throw exception if password cannot be encrypted
>  String encryptedPassword = this.getPasswordEncoder().encode(password);
>  if (encryptedPassword == null) {
>  throw new PreventedException(String.format("Unable to encrypt user
> password for user %s.", username),
>  new NullPointerException("Encoded password is null."));
>  }
>
>
>  // Throw exception if password do not match
>  if (!encryptedPassword.equals(user.getEncryptedPassword())) {
>  throw new 

Re: [cas-user] Issue configuring JPA ticket registry

[Man H]

If you meant ticket registry use

cas.ticket.registry.jpa.healthQuery


If service registry

as.serviceRegistry.jpa.healthQuery

El lunes, 11 de diciembre de 2017, Juan Quintanilla 
escribió:

> Hi,
>
>
> I'm running CAS 5.1.2 using tomcat 8.5 and java 8 and trying to configure
> the Oracle JPA ticket registry but running into issues. I have been able to
> configure this with CAS 4 and CAS 3 in the past but for some reason I'm
> encountering the error below:
>
>
> 2017-12-11 13:07:04,885 WARN [com.zaxxer.hikari.util.DriverDataSource] -
>  was not found, trying direct instantiation.>
> 2017-12-11 13:07:05,463 ERROR [com.zaxxer.hikari.pool.PoolBase] -
>  keyword not found where expected
> ).>
> 2017-12-11 13:07:05,465 ERROR [com.zaxxer.hikari.pool.HikariPool] -
> 
> java.sql.SQLSyntaxErrorException: ORA-00923: FROM keyword not found where
> expected
>
> at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:494)
> ~[ojdbc8-12.2.0.1.0.jar:12.2.0.1.0]
>
>
>
> I verified that the ojdbc8 is in both the tomcat lib folder and in the cas
> lib folder.
>
>
> I have configured my pom.xml as follows and setup the cas.properties file
> with the configuration below:
>
>
> pom.xml
>
>   
>   org.apereo.cas
>   cas-server-support-jpa-ticket-registry
>   ${cas.version}
>   
>
>  
>  com.oracle
>  ojdbc8
>  12.2.0.1.0
>  runtime
>  
>  
> org.apereo.cas
> cas-server-support-jdbc-drivers
> ${cas.version}
>  
>
>
>
> cas.properties
>
> cas.serviceRegistry.jpa.isolateInternalQueries=false
> cas.serviceRegistry.jpa.url=jdbc:oracle:thin:
> cas.serviceRegistry.jpa.failFast=true
> cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.Oracle12cDialect
> cas.serviceRegistry.jpa.leakThreshold=10
> cas.serviceRegistry.jpa.batchSize=1
> cas.serviceRegistry.jpa.user=
> cas.serviceRegistry.jpa.ddlAuto=create-drop
> cas.serviceRegistry.jpa.password=
> cas.serviceRegistry.jpa.autocommit=false
> cas.serviceRegistry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
> cas.serviceRegistry.jpa.idleTimeout=5000
> cas.serviceRegistry.jpa.dataSourceName=
> cas.serviceRegistry.jpa.dataSourceProxy=false
>
> cas.serviceRegistry.jpa.pool.suspension=false
> cas.serviceRegistry.jpa.pool.minSize=6
> cas.serviceRegistry.jpa.pool.maxSize=18
> cas.serviceRegistry.jpa.pool.maxWait=2000
>
>
> Just wanted to see if anyone else has run into a similar issue.
>
>
> Thanks!
>
>
> ___
> Juan Quintanilla
> jquin...@fiu.edu
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/BN6PR05MB3634493DE6A1C5C479F94
> 41286370%40BN6PR05MB3634.namprd05.prod.outlook.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifHtFkkNNV%2Bt_WMX-BZpHOjWNQLGZdZmKDE0%2B-FVdrVeg%40mail.gmail.com.

Re: [cas-user] Re: rejected attribute

[Man H]

Cas management is not the same as /status/dashboard endpoint

2018-03-20 13:06 GMT-03:00 Michael Peterson :

> Are you solely creating services through the CAS management application? I
> know I ran into some weird behavior when I was inserting service
> definitions outside of the management app. I also ran into some funky
> behavior when multiple service definitions had the same ID.
>
> On Sunday, March 18, 2018 at 6:05:05 PM UTC-5, Jeffrey Ramsay wrote:
>>
>> All -
>>
>> I'm hoping someone can help me to resolve this problem. I'm running CAS
>> 5.1.8 using a jdbc service registry which is not displaying the rejected
>> attributes set for the defined services. Access to the service is denied as
>> expected however, the only way to see what was set is by viewing the logs.
>> Also, there's no way to delete the attribute because it's not visible
>> through the cas management application; I've had to delete and recreate the
>> service to clear it.
>>
>> 2018-03-18 18:58:08,212 DEBUG [org.apereo.cas.authentication
>> .support.AbstractProtocolAttributeEncoder] - <[12] encoded attributes
>> are available for release to [id=3,name=CAS Client,description=CAS
>> Client,serviceId=^https://home.catznet.science:2443/cas-clie
>> nt(/?|/.*)$,usernameAttributeProvider=org.apereo.cas.
>> services.DefaultRegisteredServiceUsernameProvider@d,theme=<
>> null>,evaluationOrder=1,logoutType=NONE,attributeReleasePolicy=org.
>> apereo.cas.services.ReturnAllAttributeReleasePolicy@7af77c01
>> [attributeFilter=,principalAttributesRepository=org.
>> apereo.cas.authentication.principal.DefaultPrincipalAttribut
>> esRepository@5651734a[],authorizedToReleaseCredentialPasswor
>> d=false,authorizedToReleaseProxyGrantingTicket=false,exclude
>> DefaultAttributes=false,principalIdAttribute=],
>> accessStrategy=org.apereo.cas.services.DefaultRegisteredServ
>> iceAccessStrategy@758f4d16[enabled=true,ssoEnabled=true,r
>> equireAllAttributes=false,requiredAttributes={},unauthorized
>> RedirectUrl=,caseInsensitive=false,*rejectedAttributes={groupDeny*=
>> *[]}]*,publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegi
>> steredServiceProxyPolicy@5794ac9,logo=,logoutUrl=
>> ,requiredHandlers=[],properties={},multifactorPolicy=
>> org.apereo.cas.services.DefaultRegisteredServiceMultifactorP
>> olicy@19b9d72e[multifactorAuthenticationProviders=[],
>> failureMode=CLOSED,principalAttributeNameTrigger=,prin
>> cipalAttributeValueToMatch=,bypassEnabled=false],inf
>> ormationUrl=,privacyUrl=,]: [[firstname,
>> isFromNewLogin, mail, authenticationDate, sAMAccountName,
>> successfulAuthenticationHandlers, cn, lastname,
>> samlAuthenticationStatementAuthMethod, UDC_IDENTIFIER,
>> authenticationMethod, longTermAuthenticationRequestTokenUsed]]>
>>
>> Thanks,
>> -Jeff
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/34c4ffb8-69f0-42e3-832d-
> 789bdca16bda%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mie4z_DcUM62W57w%2Bo8xs7Thoy6PZs30UfhY_ZZzeAdJ9A%40mail.gmail.com.

Re: [cas-user] rejected attribute

[Man H]

Use dashboard to see which attributes are released

El domingo, 18 de marzo de 2018, Jeffrey Ramsay 
escribió:

> All -
>
> I'm hoping someone can help me to resolve this problem. I'm running CAS
> 5.1.8 using a jdbc service registry which is not displaying the rejected
> attributes set for the defined services. Access to the service is denied as
> expected however, the only way to see what was set is by viewing the logs.
> Also, there's no way to delete the attribute because it's not visible
> through the cas management application; I've had to delete and recreate the
> service to clear it.
>
> 2018-03-18 18:58:08,212 DEBUG [org.apereo.cas.authentication.support.
> AbstractProtocolAttributeEncoder] - <[12] encoded attributes are
> available for release to [id=3,name=CAS Client,description=CAS
> Client,serviceId=^https://home.catznet.science:2443/cas-client(/?|/.*)$,
> usernameAttributeProvider=org.apereo.cas.services.
> DefaultRegisteredServiceUsernameProvider@d,theme=,
> evaluationOrder=1,logoutType=NONE,attributeReleasePolicy=
> org.apereo.cas.services.ReturnAllAttributeReleasePolicy@7af77c01
> [attributeFilter=,principalAttributesRepository=
> org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepo
> sitory@5651734a[],authorizedToReleaseCredentialPassword=false,
> authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=
> false,principalIdAttribute=],accessStrategy=org.apereo.cas.services.
> DefaultRegisteredServiceAccessStrategy@758f4d16[enabled=
> true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},
> unauthorizedRedirectUrl=,caseInsensitive=false,
> *rejectedAttributes={groupDeny*=*[]}]*,publicKey=,proxyPolicy=
> org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@5794ac9
> ,logo=,logoutUrl=,requiredHandlers=[],properties={},
> multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultif
> actorPolicy@19b9d72e[multifactorAuthenticationProvi
> ders=[],failureMode=CLOSED,principalAttributeNameTrigger=,
> principalAttributeValueToMatch=,bypassEnabled=false],
> informationUrl=,privacyUrl=,]: [[firstname,
> isFromNewLogin, mail, authenticationDate, sAMAccountName,
> successfulAuthenticationHandlers, cn, lastname,
> samlAuthenticationStatementAuthMethod, UDC_IDENTIFIER,
> authenticationMethod, longTermAuthenticationRequestTokenUsed]]>
>
> Thanks,
> -Jeff
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CA%2BTBYOQN9x9cHQPFmmGDpwb3Z9E%
> 2Bj%3DZEjDvShOdKKsJvCH08OA%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mie_FRP6JputckgT2NGk3q7YznfE23BNejgSDUrLt7A1Jg%40mail.gmail.com.

Re: [cas-user] 5.3.3 version issue getting request.queryString

[Man H]

see

https://docs.spring.io/spring-webflow/docs/current/reference/html/

2018-03-07 11:23 GMT-03:00 Satnam Sarai :

> do you know any guide? I am not sure how to access request from webflow..
>
> thanks
>
>
> On Tuesday, March 6, 2018 at 10:59:19 AM UTC-8, Manfredo Hopp wrote:
>>
>> I would try a workaround, maybe accessing request from webflow.
>>
>> 2018-03-05 14:21 GMT-03:00 Satnam Sarai :
>>
>> Hello,
>>
>> In version 5.2.2, we were able to update casloginview.html to get 
>> *request.queryString.
>> *
>>
>>
>> However, in new version 5.2.3, we are getting template parsing error.
>> below is cas.log and casLoginView.html
>>
>> Is this there a bug in 5.2.3, getting request.queryString. ?
>>
>>
>>
>> >>  casLoginView.html
>>
>> 
>> http://www.ultraq.net.nz/thymeleaf/layout;
>> layout:decorate="~{layout}">
>>
>> 
>> 
>>
>> 
>>
>> 
>> 
>> Sign In |
>> Create Account
>> 
>>
>>  
>> 
>> 
>> 
>> 
>> 
>>
>>
>> === CAS.LOG ==
>>
>> 2018-03-05 09:17:07,848 ERROR [org.thymeleaf.TemplateEngine] -
>> <[THYMELEAF][https-openssl-nio-8443-exec-7] Exception processing
>> template "casLoginView": An error happened during template parsing
>> (template: "class path resource [templates/casLoginView.html]")>
>> org.thymeleaf.exceptions.TemplateInputException: An error happened
>> during template parsing (template: "class path resource
>> [templates/casLoginView.html]")
>> at org.thymeleaf.templateparser.markup.AbstractMarkupTemplatePa
>> rser.parse(AbstractMarkupTemplateParser.java:241)
>> ~[thymeleaf-3.0.9.RELEASE.jar:3.0.9.RELEASE]
>> at org.thymeleaf.templateparser.markup.AbstractMarkupTemplatePa
>> rser.parseStandalone(AbstractMarkupTemplateParser.java:100)
>> ~[thymeleaf-3.0.9.RELEASE.jar:3.0.9.RELEASE]
>> at 
>> org.thymeleaf.engine.TemplateManager.parseAndProcess(TemplateManager.java:666)
>> ~[thymeleaf-3.0.9.RELEASE.jar:3.0.9.RELEASE]
>> at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1098)
>> ~[thymeleaf-3.0.9.RELEASE.jar:3.0.9.RELEASE]
>> at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1072)
>> ~[thymeleaf-3.0.9.RELEASE.jar:3.0.9.RELEASE]
>> at 
>> org.thymeleaf.spring4.view.ThymeleafView.renderFragment(ThymeleafView.java:352)
>> ~[thymeleaf-spring4-3.0.9.RELEASE.jar:3.0.9.RELEASE]
>> at 
>> org.thymeleaf.spring4.view.ThymeleafView.render(ThymeleafView.java:190)
>> ~[thymeleaf-spring4-3.0.9.RELEASE.jar:3.0.9.RELEASE]
>> at 
>> org.springframework.webflow.mvc.servlet.ServletMvcView.doRender(ServletMvcView.java:55)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at 
>> org.springframework.webflow.mvc.view.AbstractMvcView.render(AbstractMvcView.java:204)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at 
>> org.springframework.webflow.engine.ViewState.render(ViewState.java:293)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at 
>> org.springframework.webflow.engine.ViewState.doEnter(ViewState.java:185)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at 
>> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.impl.FlowExecutionImpl.ex
>> ecute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.6.RELEASE
>> .jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.impl.RequestControlContex
>> tImpl.execute(RequestControlContextImpl.java:214)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.TransitionableState.handl
>> eEvent(TransitionableState.java:116) ~[spring-webflow-2.4.6.RELEASE
>> .jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.impl.FlowExecutionImpl.ha
>> ndleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.4.6.RELEASE
>> .jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.impl.RequestControlContex
>> tImpl.handleEvent(RequestControlContextImpl.java:210)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at 
>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.State.enter(State.java:194)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at 
>> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
>> ~[spring-webflow-2.4.6.RELEASE.jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.impl.FlowExecutionImpl.ex
>> ecute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.6.RELEASE
>> .jar:2.4.6.RELEASE]
>> at org.springframework.webflow.engine.impl.RequestControlContex
>> 

Re: [cas-user] Latest CAS Stable Release for Production

[Man H]

Last

El martes, 6 de marzo de 2018, Y Levine  escribió:

> Pardon me, I am new to CAS.
>
> If we wish to evaluate CAS for production, which version number would you
> recommend?
>
> Thanks.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/910ca773-0390-4875-ad19-
> 674a04773dd0%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micHa8r%2B7YbqP2o-LeEVomHJ1PASv77c3NsF0GK%2BfgX0ww%40mail.gmail.com.

Re: [cas-user] CAS permanently retaining authentication log messages in memory, requiring daily restarts

[Man H]

READ

 https://groups.google.com/a/apereo.org/d/msgid/cas-user/
bfe6c835-bf1e-4f24-b507-025d7c0e3172%40apereo.org?utm_
medium=email_source=footer

and AFTER that share your conclusions!

2018-03-06 16:29 GMT-03:00 Ed R :

> Here is my entire CAS configuration. This does not reflect the real
> deployment but is what I used for testing.
>
> cas.server.name: https://cas.example.org:8443
> cas.server.prefix: https://cas.example.org:8443/cas
>
> ##
> # CAS Server Context Configuration
> #
> server.context-path=/cas
> server.port=444
>
> server.ssl.key-store=file:C:/tomcat/conf/keystore.jks
> server.ssl.key-store-password=REMOVED
> server.ssl.key-password=REMOVED
> server.tomcat.accesslog.enabled=false
> management.context-path=/status
>
> ##
> # CAS Log4j Configuration
> #
> logging.config=file:C:/etc/cas/config/log4j2.xml
> logging.level.org.apereo.cas=ERROR
> cas.log.level=WARN
> server.context-parameters.isLog4jAutoInitializationDisabled=true
>
> #Disable default casuser
> cas.authn.accept.users=
>
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldaps://REMOVED
> cas.authn.ldap[0].baseDn=OU=TAP,DC=tap,DC=test
> cas.authn.ldap[0].userFilter=sAMAccountName={user}
> cas.authn.ldap[0].usePasswordPolicy=true
> cas.authn.ldap[0].bindDn=CN=ESI7,OU=Service,OU=Users,OU=TAP,DC=tap,DC=test
> cas.authn.ldap[0].bindCredential=REMOVED
> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
> cas.authn.ldap[0].principalAttributeList=sn,cn:
> commonName,givenName,memberOf
> cas.authn.ldap[0].trustCertificates=file:C:/etc/cas/config/ldap.cer
>
> cas.adminPagesSecurity.ip=0\.0\.0\.0
> cas.adminPagesSecurity.loginUrl=https://REMOVED:444/cas/login
> cas.adminPagesSecurity.service=https://REMOVED:444/cas/status
> cas.adminPagesSecurity.users=file:C:/etc/cas/config/adminusers.properties
> cas.adminPagesSecurity.adminRoles=ROLE_ADMIN
> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
> cas.serviceRegistry.config.location=file:C:/etc/cas/config
> cas.logout.followServiceRedirects=true
>
> # Sessions are terminated if no new tickets are requested in one minute
> cas.ticket.tgt.timeToKillInSeconds=60
>
> # Sessions can last a full week if used continuously
> cas.ticket.tgt.maxTimeToLiveInSeconds=604800
>
> # Service tickets can only be used once
> cas.ticket.st.numberOfUses=1
>
> # Service tickets expire after five seconds if not used
> cas.ticket.st.timeToKillInSeconds=5
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/e767e2bd-aa90-45a8-af33-
> 9d1b3b0ee3cd%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micKEYXOrLAwag%3D2hc8pLg0FT8arc2Nrn5QD_EEgz%2B_ysw%40mail.gmail.com.

Re: [cas-user] CAS permanently retaining authentication log messages in memory, requiring daily restarts

[Man H]

ok keep on looking

2018-03-06 16:14 GMT-03:00 Ed R :

> For my local testing I'm on Windows 7 64-bit, running Tomcat 8.5.15.
>
> On Tuesday, March 6, 2018 at 11:07:02 AM UTC-8, Manfredo Hopp wrote:
>>
>> To start with you could render more information.
>>
>> see: https://groups.google.com/a/apereo.org/d/msgid/cas-user/bfe6
>> c835-bf1e-4f24-b507-025d7c0e3172%40apereo.org?utm_medium=
>> email_source=footer
>>
>>
>> 2018-03-06 15:48 GMT-03:00 Ed R :
>>
>>> Our customer has to restart their CAS server every day, and sometimes
>>> multiple times per day, because it constantly uses up memory until there's
>>> none left. I did some local testing and profiling with VisualVM and it
>>> appears that the authentication log messages are permanently retained in
>>> memory.
>>>
>>> I'm using CAS 5.2.3 deployed in Tomcat. Logging levels are set to WARN
>>> for everything. For my local testing I've configured TGTs to expire after
>>> one minute of inactivity and service tickets expire after 5 seconds. After
>>> I run my local test, wait a few minutes, and then click the "Perform GC"
>>> button in VisualVM to run the garbage collector, it still shows increasing
>>> amounts of used memory, with pretty much all of the memory being strings.
>>> Examining them, they are mostly authentication log messages. For example:
>>>
>>> esi1@SERVICE_TICKET_CREATED@ST-199900-pNLEGxw1equhpUJOnkyLYZYe0f4-HOSTNAME
>>> for https://URL@3/6/18 10:36 AM
>>> ST-199900-pNLEGxw1equhpUJOnkyLYZYe0f4-HOSTNAME for https://URL
>>> SERVICE_TICKET_CREATED
>>>
>>> Those three lines are repeated N times and use up all of the memory. How
>>> do I fix this?
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/d1d17dbc-8d02-4059-b153-a758801de5
>>> 06%40apereo.org
>>> 
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/2d4b0765-13b5-403d-aaf3-
> bfae2ef401d7%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifcN4Bxmu0tRBDQBojPnO1q1VcOowAUuUA97yv65zA0hA%40mail.gmail.com.

Re: [cas-user] CAS permanently retaining authentication log messages in memory, requiring daily restarts

[Man H]

To start with you could render more information.

see:
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bfe6c835-bf1e-4f24-b507-025d7c0e3172%40apereo.org?utm_medium=email_source=footer


2018-03-06 15:48 GMT-03:00 Ed R :

> Our customer has to restart their CAS server every day, and sometimes
> multiple times per day, because it constantly uses up memory until there's
> none left. I did some local testing and profiling with VisualVM and it
> appears that the authentication log messages are permanently retained in
> memory.
>
> I'm using CAS 5.2.3 deployed in Tomcat. Logging levels are set to WARN for
> everything. For my local testing I've configured TGTs to expire after one
> minute of inactivity and service tickets expire after 5 seconds. After I
> run my local test, wait a few minutes, and then click the "Perform GC"
> button in VisualVM to run the garbage collector, it still shows increasing
> amounts of used memory, with pretty much all of the memory being strings.
> Examining them, they are mostly authentication log messages. For example:
>
> esi1@SERVICE_TICKET_CREATED@ST-199900-pNLEGxw1equhpUJOnkyLYZYe0f4-HOSTNAME
> for https://URL@3/6/18 10:36 AM
> ST-199900-pNLEGxw1equhpUJOnkyLYZYe0f4-HOSTNAME for https://URL
> SERVICE_TICKET_CREATED
>
> Those three lines are repeated N times and use up all of the memory. How
> do I fix this?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d1d17dbc-8d02-4059-b153-
> a758801de506%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mieKejzAden0bhQD8F6xrMWkywFpTYb1g7U68Oo6vWaV8A%40mail.gmail.com.

Re: [cas-user] Looking for assistance with an older version

[Man H]

what version

2018-03-01 18:59 GMT-03:00 Drew Northup :

> I could really use some help with an older CAS version. If you are
> interested please email me directly.
>
> --
> -+--
> Drew Northup |  Technical Support Specialist
> University of Maine System   |drew.nort...@maine.edu
> Computing Center | old phone: (207) 561-3513
> Orono, ME 04469  | new phone: (207) 581-3513
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAHq8xoJzti7%3D2YFcfqdKuu%
> 2B0VwWwOnkrDh-YnV%2BS3b%3DWtRjVmw%40mail.gmail.com.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid2hJeGxDhwM%2B6taSC93hcU820NOCz8fJrZZb%2Bk_OHfGg%40mail.gmail.com.

Re: [cas-user] Attribute not receiving inconsistant on serviceValidate request

[Man H]

Dont do redirect only gather your attributes

El martes, 27 de febrero de 2018, Sreekanth Mohan 
escribió:

> I have successfully integrated CAS for our different clients. But this
> time 'samlValidate' response is not consistently supplying the required
> attribute. Login is failing randomly because of the missing attribute in
> the ticket validation response. Sometimes when I clear browser history,
> it's receiving the attribute in the response.
>
>
> Expected response:
>
>
> 
>
> 
>
> x
>
> 
>
>   1234567
>
> 
>
> 
>
> 
>
>
> Response receiving randomly:
>
>
> 
>
> 
>
> xx
>
>
>
>
>
> 
>
> 
>
>
> Please note: We have created a custom code to integrate CAS with our
> Asp.Net webforms application.
>
>
> string userId = string.Empty;
>
> // Look for the "ticket=" after the "?" in the URL
>
> string tkt = HttpContext.Current.Request.
> QueryString["ticket"];
>
> // Service url is the url of the Researcher Portal
>
> string service ="www.xyz.com";
>
> string CASHOST="https://cas.xyz.ca:8443/cas;
>
> // First time through there is no ticket=, so redirect to
> CAS login
>
> if (tkt == null || tkt.Length == 0)
>
> {
>
> string redir = CASHOST + "login?" +
>
>   "service=" + service;
>
> HttpContext.Current.Response.Redirect(redir);
>
> }
>
> // Second time (back from CAS) there is a ticket= to
> validate
>
> string validateurl = CASHOST + "serviceValidate?" +
>
>   "ticket=" + tkt +
>
>   "=" + service;
>
> StreamReader Reader = new StreamReader(new
> WebClient().OpenRead(validateurl));
>
> string resp = Reader.ReadToEnd();
>
>
>
> if (isDebuggingMode)
>
> sbDebugString.Append("Response  \n  " + resp);
>
> // Some boilerplate to set up the parse.
>
> NameTable nt = new NameTable();
>
> XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
>
> XmlParserContext context = new XmlParserContext(null,
> nsmgr, null, XmlSpace.None);
>
> XmlTextReader reader = new XmlTextReader(resp,
> XmlNodeType.Element, context);
>
>
>
> string userNumber = null;
>
>
>
> // A very dumb use of XML. Just scan for the "userNumber".
> If it isn't there, it will return an empty string.
>
> while (reader.Read())
>
> {
>
> if (reader.IsStartElement())
>
> {
>
> string tag = reader.LocalName;
>
> if (isDebuggingMode)
>
> sbDebugString.Append("tag : " + tag + "\n");
>
> if (tag == "userNumber")
>
> {
>
> userNumber = reader.ReadString();
>
> if (isDebuggingMode)
>
> sbDebugString.Append("userNumber : " +
> userNumber + "\n");
>
> }
>
> }
>
> }
>
>
> Where "userNumber" attribute is not receiving always so that login fails
> randomly.
>
> Please share your thoughts to resolve this issue.
>
> Thank you in advance.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/e2605d0d-4f6e-4949-8df4-
> 54e24883e158%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5miecALJa%3DYfo6Tj0gFD2ahaaeSVn0ve%3DJQQu29sivTjx1Q%40mail.gmail.com.

Re: [cas-user] Re: CAS 5.1.x and 5.2.x failing when authenticating agains MySQL DB

[Man H]

Use support-jdbc instead of
Jdbc-driver

El jueves, 1 de marzo de 2018, S  escribió:

> Hi
>
> I am also getting the same error. Any solutions?
>
> Thanks
>
> On Saturday, September 16, 2017 at 1:55:45 AM UTC+5:30, Nona M wrote:
>>
>> Hi,
>>
>> Were you able to solve this? I am getting the same error.
>>
>> Thx
>>
>>
>> On Thursday, August 17, 2017 at 9:31:04 AM UTC-4, Szymon Stuglik wrote:
>>>
>>> Hello everybody,
>>>
>>> Since 4 days I'm trying to configure CAS to work with MySQL DB for
>>> authentication.
>>> I've added required dependencies (jdbc driver support) to the POM, but
>>> I'm getting errors below (version 5.0.7 works btw):
>>> Any hints?
>>>
>>> 2017-08-17 13:28:16,335 ERROR [org.springframework.boot.SpringApplication]
>>> - 
>>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>>> creating bean with name 'authenticationTransactionManager' defined in
>>> class path resource [org/apereo/cas/config/CasCore
>>> AuthenticationConfiguration.class]: Unsatisfied dependency expressed
>>> through method 'authenticationTransactionManager' parameter 0; nested
>>> exception is org.springframework.beans.fact
>>> ory.UnsatisfiedDependencyException: Error creating bean with name
>>> 'casAuthenticationManager' defined in class path resource
>>> [org/apereo/cas/config/CasCoreAuthenticationConfiguration.class]:
>>> Unsatisfied dependency expressed through method 'casAuthenticationManager'
>>> parameter 2; nested exception is 
>>> org.springframework.beans.factory.BeanCreationException:
>>> Error creating bean with name 'authenticationEventExecutionPlan'
>>> defined in class path resource [org/apereo/cas/config/CasCore
>>> AuthenticationConfiguration.class]: Bean instantiation via factory
>>> method failed; nested exception is 
>>> org.springframework.beans.BeanInstantiationException:
>>> Failed to instantiate [org.apereo.cas.authentication
>>> .AuthenticationEventExecutionPlan]: Factory method
>>> 'authenticationEventExecutionPlan' threw exception; nested exception is
>>> org.springframework.beans.factory.BeanCreationException: Error creating
>>> bean with name 'scopedTarget.jdbcAuthenticationHandlers' defined in
>>> class path resource [org/apereo/cas/adaptors/jdbc/
>>> config/CasJdbcAuthenticationConfiguration.class]: Bean instantiation
>>> via factory method failed; nested exception is
>>> org.springframework.beans.BeanInstantiationException: Failed to
>>> instantiate [java.util.Collection]: Factory method
>>> 'jdbcAuthenticationHandlers' threw exception; nested exception is
>>> java.lang.IllegalArgumentException: java.lang.RuntimeException: Failed
>>> to load class of driverClassName [com.mysql.jdbc.Driver] in either of
>>> HikariConfig class loader or Thread context classloader
>>> at org.springframework.beans.factory.support.ConstructorResolve
>>> r.createArgumentArray(ConstructorResolver.java:749)
>>> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.ConstructorResolve
>>> r.instantiateUsingFactoryMethod(ConstructorResolver.java:467)
>>> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>> pableBeanFactory.instantiateUsingFactoryMethod(AbstractAutow
>>> ireCapableBeanFactory.java:1173) ~[spring-beans-4.3.10.RELEASE.
>>> jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>> pableBeanFactory.createBeanInstance(AbstractAut
>>> owireCapableBeanFactory.java:1067) ~[spring-beans-4.3.10.RELEASE.
>>> jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>> pableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
>>> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.AbstractAutowireCa
>>> pableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
>>> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>> y$1.getObject(AbstractBeanFactory.java:306)
>>> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.DefaultSingletonBe
>>> anRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>>> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>> y.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.3.10.RELEASE.
>>> jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.AbstractBeanFactor
>>> y.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.10.RELEASE.
>>> jar:4.3.10.RELEASE]
>>> at org.springframework.beans.factory.support.DefaultListableBea
>>> nFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
>>> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
>>> at org.springframework.context.support.AbstractApplicationConte
>>> 

Re: [cas-user] Re: CAS 5.2 Password Variable

[Man H]

Lets see what the security people say!

2018-02-28 19:06 GMT-03:00 Ray Bon <r...@uvic.ca>:

> There is https://github.com/apereo/cas-configserver-overlay which we have
> deployed. It reads our config from a local git repo. In the repo the
> credentials are encrypted. The config server decrypts them before sending
> to CAS.
> But there is still a password for access to the config server.
>
> Ray
>
> On Wed, 2018-02-28 at 16:46 -0500, David Curry wrote:
>
> Note that Jasypt is just a wrapper around Java's symmetric encryption
> algorithms.
>
> Yeah, you've encrypted the passwords in the cas.properties file, but the
> Jasypt key to decrypt them has to exist in plaintext in the startup script
> (systemd service file, /etc/init.d script, etc.) for the server (unless you
> want to enter it by hand whenever the system reboots)... so all you've
> really accomplished is moving the plaintext from one file to another.
>
> Plus Jasypt seems to be kind of dead (it hasn't been updated since 2014
> and doesn't work with some of Java's newer crypto algorithms).
>
> If you're really concerned about it, you probably want to look at storing
> your configuration info in a heavily-fortified Spring Cloud Configuration
> server somewhere. But unless you're already drinking the Spring Cloud
> Kool-Aid in your organization and have such a framework rolled out, that's
> a WHOLE LOT of work for very little gain.
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Wed, Feb 28, 2018 at 4:35 PM, Man H <info.ings...@gmail.com> wrote:
>
> How do you get to password
>
> 2018-02-28 18:34 GMT-03:00 Kevin Liu <annihil8...@gmail.com>:
>
> I guess the easiest would be physical access. There are other various
> intrusion methods too.
>
> On Wednesday, February 28, 2018 at 3:29:40 PM UTC-6, Manfredo Hopp wrote:
>
> How should the server be compromised.
>
> 2018-02-28 18:12 GMT-03:00 Kevin Liu <annih...@gmail.com>:
>
> Should the server be compromised, attackers can grab AD credentials and
> then verify all accounts with compromised credentials.
>
> My solution to this is to not have clear text (seems genius right? ;) ).
> According to one of CAS's blogs, https://apereo.github.i
> o/2017/03/24/cas51-ldapauthnjasypt-tutorial/, jasypt is the method to use.
>
> On Wednesday, February 28, 2018 at 3:02:15 PM UTC-6, Manfredo Hopp wrote:
>
> What would be the problem to have it cleartext in server.
>
> 2018-02-28 17:02 GMT-03:00 Kevin Liu <annih...@gmail.com>:
>
> I'd like to do this because this ways, I won't have bindCredentials in
> cleartext.
>
> On Tuesday, February 27, 2018 at 11:29:22 AM UTC-6, Kevin Liu wrote:
>
> Does anyone know how to reference the login page password in
> cas.properties? I know for username, you use %s but what about the password?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/ap
> ereo.org/d/msgid/cas-user/d18e508b-f92f-4cf9-bc2f-9125f629b0
> a0%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d18e508b-f92f-4cf9-bc2f-9125f629b0a0%40apereo.org?utm_medium=email_source=footer>
> .
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/ap
> ereo.org/d/msgid/cas-user/96125d4a-859f-44b9-a8c9-028a625fcc
> c1%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/96125d4a-859f-44b9-a8c9-028a625fccc1%40apereo.org?utm_medium=email_source=footer>
> .
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://g

Re: [cas-user] Re: CAS 5.2 Password Variable

[Man H]

How do you get to password

2018-02-28 18:34 GMT-03:00 Kevin Liu :

> I guess the easiest would be physical access. There are other various
> intrusion methods too.
>
> On Wednesday, February 28, 2018 at 3:29:40 PM UTC-6, Manfredo Hopp wrote:
>>
>> How should the server be compromised.
>>
>> 2018-02-28 18:12 GMT-03:00 Kevin Liu :
>>
>>> Should the server be compromised, attackers can grab AD credentials and
>>> then verify all accounts with compromised credentials.
>>>
>>> My solution to this is to not have clear text (seems genius right? ;) ).
>>> According to one of CAS's blogs, https://apereo.github.i
>>> o/2017/03/24/cas51-ldapauthnjasypt-tutorial/, jasypt is the method to
>>> use.
>>>
>>> On Wednesday, February 28, 2018 at 3:02:15 PM UTC-6, Manfredo Hopp wrote:

 What would be the problem to have it cleartext in server.

 2018-02-28 17:02 GMT-03:00 Kevin Liu :

> I'd like to do this because this ways, I won't have bindCredentials in
> cleartext.
>
> On Tuesday, February 27, 2018 at 11:29:22 AM UTC-6, Kevin Liu wrote:
>>
>> Does anyone know how to reference the login page password in
>> cas.properties? I know for username, you use %s but what about the 
>> password?
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d18e
> 508b-f92f-4cf9-bc2f-9125f629b0a0%40apereo.org
> 
> .
>

 --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/96125d4a-859f-44b9-a8c9-028a625fcc
>>> c1%40apereo.org
>>> 
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c8eb47aa-de90-43ed-9361-
> 26d47463d3f3%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid8NjDAemJtkDdaJzGF-VLpf%2Bg806oVP_XXMV%2B5YdCy4w%40mail.gmail.com.

Re: [cas-user] Re: CAS 5.2 Password Variable

[Man H]

How should the server be compromised.

2018-02-28 18:12 GMT-03:00 Kevin Liu :

> Should the server be compromised, attackers can grab AD credentials and
> then verify all accounts with compromised credentials.
>
> My solution to this is to not have clear text (seems genius right? ;) ).
> According to one of CAS's blogs, https://apereo.github.
> io/2017/03/24/cas51-ldapauthnjasypt-tutorial/, jasypt is the method to
> use.
>
> On Wednesday, February 28, 2018 at 3:02:15 PM UTC-6, Manfredo Hopp wrote:
>>
>> What would be the problem to have it cleartext in server.
>>
>> 2018-02-28 17:02 GMT-03:00 Kevin Liu :
>>
>>> I'd like to do this because this ways, I won't have bindCredentials in
>>> cleartext.
>>>
>>> On Tuesday, February 27, 2018 at 11:29:22 AM UTC-6, Kevin Liu wrote:

 Does anyone know how to reference the login page password in
 cas.properties? I know for username, you use %s but what about the 
 password?

>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/d18e508b-f92f-4cf9-bc2f-9125f629b0
>>> a0%40apereo.org
>>> 
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/96125d4a-859f-44b9-a8c9-
> 028a625fccc1%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifFXkZRKDZq7mJ7adh%2B7Nieh%3DxYRPNsY2OYsJosvTz2Qw%40mail.gmail.com.

Re: [cas-user] Re: CAS 5.2 Password Variable

[Man H]

What would be the problem to have it cleartext in server.

2018-02-28 17:02 GMT-03:00 Kevin Liu :

> I'd like to do this because this ways, I won't have bindCredentials in
> cleartext.
>
> On Tuesday, February 27, 2018 at 11:29:22 AM UTC-6, Kevin Liu wrote:
>>
>> Does anyone know how to reference the login page password in
>> cas.properties? I know for username, you use %s but what about the password?
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d18e508b-f92f-4cf9-bc2f-
> 9125f629b0a0%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midw_LuEoqELaUsnH1tv1x1qJFf2b8bHHmSf8yEUq5r_gA%40mail.gmail.com.

Re: [cas-user] SAML and Jenzabar JICS

[Man H]

read point 2 of previously attached flow.

2018-02-28 14:06 GMT-03:00 Tim Tyler <ty...@beloit.edu>:

> Should both the IdP and SP need each other’s SAML metadata content?  I ask
> because I am suspicious that the Jenzabar JICS side has no configuration
> pointing to the CAS metadata.xml content.  They point to the CAS login, but
> I don’t think they have a configuration pointing to the CAS metadata.  I am
> also very concerned about the content in idp-metadat.xml, but that might be
> a moot point at the moment if the content is not begin accessed by the SP.
>
>
>
> Tim
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Man
> H
> *Sent:* Wednesday, February 28, 2018 10:24 AM
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] SAML and Jenzabar JICS
>
>
>
>
>
> I suggest:
>
> - look int  cas metadata idp-metadata.xml
>
> - enable saml debug
>
> 
>
> 
>
> 
>
> 
>
>
>
> Assuming cas is your idp and Jenzabar your SP.
>
> The processing is as follows:
>
> 1.  The user attempts to access a resource on sp.example.com. The
> user does not have a valid logon session (i.e. security context) on this
> site. The SP saves the requested resource URL in local state information
> that can be saved across the web SSO exchange.
>
> 2.  The SP sends an HTML form back to the browser in the HTTP
> response (HTTP status 200). The HTML FORM contains a SAML 
> message encoded as the value of a hidden form control named SAMLRequest.
>
> https://idp.example.org/SAML2/SSO/POST; ...>
>
> 
>
> 
>
> ...
>
> 
>
> 
>
> The RelayState token is an opaque reference to state information
> maintained at the service provider. (The RelayState mechanism can leak
> details of the user's activities at the SP to the IdP and so the SP should
> take care in its implementation to protect the user's privacy.) The value
> of the SAMLRequest parameter is the base64 encoding of the following
>  element:
>
> 
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>
> ID="identifier_1"
>
> Version="2.0"
>
> IssueInstant="2004-12-05T09:21:59Z"
>
> AssertionConsumerServiceIndex="1">
>
> https://sp.example.com/SAML2
>
> 
> AllowCreate="true"
>
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
>
> 
>
> 1.  For ease-of-use purposes, the HTML FORM typically will be
> accompanied by script code that will automatically post the form to the
> destination site (which is the IdP in this case). The browser, due either
> to a user action or execution of an “auto-submit” script, issues an HTTP
> POST request to send the form to the identity provider's Single Sign-On
> Service.
>
> POST /SAML2/SSO/POST HTTP/1.1
>
> Host: idp.example.org
>
> Content-Type: application/x-www-form-urlencoded
>
> Content-Length: nnn
>
> SAMLRequest=request=token
>
> 3.  The Single Sign-On Service determines whether the user has an
> existing logon security context at the identity provider that meets the
> default or requested authentication policy requirements. If not, the IdP
> interacts with the browser to challenge the user to provide valid
> credentials.
>
> 4.  The user provides valid credentials and a local logon security
> context is created for the user at the IdP.
>
> 5.  The IdP Single Sign-On Service issues a SAML assertion
> representing the user's logon security context and places the assertion
> within a SAML  message. Since the HTTP Artifact binding will be
> used to deliver the SAML Response message, it is not mandated that the
> assertion be digitally signed. The IdP creates an artifact containing the
> source ID for the idp.example.org site and a reference to the  
> message
> (the MessageHandle). The HTTP Artifact binding allows the choice of
> either HTTP redirection or an HTML form POST as the mechanism to deliver
> the artifact to the partner. The figure shows the use of redirection.
>
> 6.  The SP's Assertion Consumer Service now sends a SAML
>  message containing the artifact to the IdP's Artifact
> Resolution Service endpoint. This exchange is performed using a
> synchronous SOAP message exchange.
>
> 
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>
> ID="identifier_2"
>
> Version="2.0"
>
> IssueInstant="2004-12-05T09:22:04Z"
>
> Destination="https://idp.example.org/SAML2/ArtifactResolu

Re: [cas-user] Inspektr

[Man H]

yes

2018-02-28 17:02 GMT-03:00 Cheltenham, Chris :

> Does anyone use inspektr ?
>
>
>
> I simply changed error to info this entry in log4j2
>
>
>
>  includeLocation="true">
>
> 
>
> 
>
> 
>
>
>
> From what I read this is supposed to log into cas_audit.log.
>
>
>
> Is that all that I am to do?
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/014d01d3b0cf%24014a4600%
> 2403ded200%24%40philasd.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5miedJoW-Vw7ZGoQJyvYjWJw_JHv3t4gRKUCF4jdSGPJVqw%40mail.gmail.com.

Re: [cas-user] What configuration for ticket 5.2 ?

[Man H]

[image: Imágenes integradas 1]

its expires

2018-02-28 11:05 GMT-03:00 vallee.romain :

> i don't find maxage into the cookie
>
> Le mercredi 28 février 2018 14:56:24 UTC+1, Manfredo Hopp a écrit :
>>
>> Cookies hace maxage inside what says yours
>>
>> El miércoles, 28 de febrero de 2018, vallee.romain 
>> escribió:
>>
>>> Without check rememberme.
>>>
>>> the tgc cookie is present .
>>>
>>>
>>> 
>>>
>>>
>>>
>>> And for cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>>>
>>>
>>> I don't find documentation on tgt , tgc ... :(
>>>
>>>
>>>
>>> Le mercredi 28 février 2018 13:47:00 UTC+1, Manfredo Hopp a écrit :


 Check maxage within cookie

 El miércoles, 28 de febrero de 2018, vallee.romain 
 escribió:

> Thank you all for your response.
> I'm surprised the TGC stays after the browser closes.
>
> For me, if we didn't check "Remember Me", we had authentication per
> session and not a cookie.
>
>
> cas.tgc.name=TGC
> #cas.tgc.secure=false
> #cas.tgc.rememberMeMaxAge=135
> cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4
> cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdN
> vNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A
> cas.tgc.cipherEnabled=true
>
> # #remember me 31 days in seconds
> # # Set to a negative value to never expire tickets
> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
> #cas.ticket.tgt.timeToKillInSeconds=7200
> cas.ticket.tgt.rememberMe.enabled=true
> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
> #cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>
>
> This is my new configuration.
> but the TGC cookie still remains after the closing of the web browser.
> In version 4.2 of jasig, if we closed the browser, the session was no
> longer maintained.
>
>
>
> Le mardi 27 février 2018 17:23:57 UTC+1, rbon a écrit :
>>
>> Romain,
>>
>> I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge.
>> If you want your session to end when browser is closed, leave out
>> cas.tgc.rememberMeMaxAge.
>>
>> Ray
>>
>> On Tue, 2018-02-27 at 00:09 -0800, vallee.romain wrote:
>>
>> Hello,
>>
>> i try to setup jasig TGC for this use case :
>>
>> When i check rememberMe : 1 months without need to enter
>> login.password
>>
>> When i don't check rememberme : 7 hours unless i close the brother .
>> If i close the brother, i would like to have login/password prompte at 
>> next
>> login.
>>
>>
>> I think rememberMe if ok .
>>
>> But when i try to closed/open the brother, the session is already up .
>>
>> # cas.tgc.path=
>> cas.tgc.maxAge=-1
>> # cas.tgc.domain=
>> cas.tgc.name=TGC
>> cas.tgc.secure=false
>> cas.tgc.rememberMeMaxAge=135
>> cas.tgc.encryptionKey=xxx
>> cas.tgc.signingKey=x
>> cas.tgc.cipherEnabled=true
>>
>> # #remember me 31 days in seconds
>> # # Set to a negative value to never expire tickets
>> cas.ticket.tgt.maxTimeToLiveInSeconds=135
>> cas.ticket.tgt.timeToKillInSeconds=7200
>> cas.ticket.tgt.rememberMe.enabled=true
>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>> ##
>> #Throttled Timeout
>> ##
>> cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
>> cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
>> cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
>>
>>
>>
>> Have you got an idea ?
>>
>> Best regards
>>
>> Romain
>>
>> --
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | rb...@uvic.ca
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c32
> 97a3-0c5e-478e-ba81-0a4857dc6f5c%40apereo.org
> 
> .
>
 --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: 

Re: [cas-user] What configuration for ticket 5.2 ?

[Man H]

Cookies hace maxage inside what says yours

El miércoles, 28 de febrero de 2018, vallee.romain 
escribió:

> Without check rememberme.
>
> the tgc cookie is present .
>
>
> 
>
>
>
> And for cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>
>
> I don't find documentation on tgt , tgc ... :(
>
>
>
> Le mercredi 28 février 2018 13:47:00 UTC+1, Manfredo Hopp a écrit :
>>
>>
>> Check maxage within cookie
>>
>> El miércoles, 28 de febrero de 2018, vallee.romain 
>> escribió:
>>
>>> Thank you all for your response.
>>> I'm surprised the TGC stays after the browser closes.
>>>
>>> For me, if we didn't check "Remember Me", we had authentication per
>>> session and not a cookie.
>>>
>>>
>>> cas.tgc.name=TGC
>>> #cas.tgc.secure=false
>>> #cas.tgc.rememberMeMaxAge=135
>>> cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4
>>> cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdN
>>> vNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A
>>> cas.tgc.cipherEnabled=true
>>>
>>> # #remember me 31 days in seconds
>>> # # Set to a negative value to never expire tickets
>>> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
>>> #cas.ticket.tgt.timeToKillInSeconds=7200
>>> cas.ticket.tgt.rememberMe.enabled=true
>>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>>> #cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>>>
>>>
>>> This is my new configuration.
>>> but the TGC cookie still remains after the closing of the web browser.
>>> In version 4.2 of jasig, if we closed the browser, the session was no
>>> longer maintained.
>>>
>>>
>>>
>>> Le mardi 27 février 2018 17:23:57 UTC+1, rbon a écrit :

 Romain,

 I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge.
 If you want your session to end when browser is closed, leave out
 cas.tgc.rememberMeMaxAge.

 Ray

 On Tue, 2018-02-27 at 00:09 -0800, vallee.romain wrote:

 Hello,

 i try to setup jasig TGC for this use case :

 When i check rememberMe : 1 months without need to enter login.password

 When i don't check rememberme : 7 hours unless i close the brother . If
 i close the brother, i would like to have login/password prompte at next
 login.


 I think rememberMe if ok .

 But when i try to closed/open the brother, the session is already up .

 # cas.tgc.path=
 cas.tgc.maxAge=-1
 # cas.tgc.domain=
 cas.tgc.name=TGC
 cas.tgc.secure=false
 cas.tgc.rememberMeMaxAge=135
 cas.tgc.encryptionKey=xxx
 cas.tgc.signingKey=x
 cas.tgc.cipherEnabled=true

 # #remember me 31 days in seconds
 # # Set to a negative value to never expire tickets
 cas.ticket.tgt.maxTimeToLiveInSeconds=135
 cas.ticket.tgt.timeToKillInSeconds=7200
 cas.ticket.tgt.rememberMe.enabled=true
 cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
 cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
 ##
 #Throttled Timeout
 ##
 cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
 cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
 cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800



 Have you got an idea ?

 Best regards

 Romain

 --
 Ray Bon
 Programmer analyst
 Development Services, University Systems
 2507218831 | CLE 019 | rb...@uvic.ca

 --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/6c3297a3-0c5e-478e-ba81-0a4857dc6f
>>> 5c%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/4ac13b2f-6f76-4fc5-a725-
> de306a8972fe%40apereo.org
> 

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

[Man H]

Try with


https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize
<https://mysite.example.com/cas/oauth2.0/callbackAuthorize>?
client_name=XXX&
client_id=OAuthApp&
redirect_uri=http://www.example.com/sp;
response_type=code


as serviceId


El miércoles, 28 de febrero de 2018, Andy Ng <long...@gmail.com> escribió:

> Hi Manfredo,
>
> I have the custom theme loaded no problem without oauth, is just that when
> I do it with oauth, setting the theme seems like a difficult task.
>
> -Andy
>
> On Wednesday, 28 February 2018 11:55:23 UTC+8, Manfredo Hopp wrote:
>>
>>  open browser developper tool to see if itheme gets loaded
>>
>> El miércoles, 28 de febrero de 2018, Man H <info.i...@gmail.com>
>> escribió:
>>
>>> Cant you just build a simple webapp with index.html
>>>
>>> El miércoles, 28 de febrero de 2018, Andy Ng <lon...@gmail.com>
>>> escribió:
>>>
>>>> Thanks Manfedo,
>>>>
>>>> Do you mean that I should:
>>>> - Redirect user to login using Non Oauth Service first (with theme)
>>>> - Then redirect user to login using Oauth Service for actual Oauth login
>>>>
>>>> Am I correct?
>>>>
>>>> I would prefer not to do the above, since that mean the service
>>>> provider need to change their code, but if needed I think the above is
>>>> still feasible, thanks Manfedo.
>>>>
>>>> I would like to see if there are a solution that, to not use non oauth
>>>> login first. Thanks.
>>>>
>>>> -Andy
>>>>
>>>> On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>>>>>
>>>>> Try to.load that theme on a regular service, that is non oauth
>>>>>
>>>>> El miércoles, 28 de febrero de 2018, Andy Ng <lon...@gmail.com>
>>>>> escribió:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I am using CAS 5.2.x, and using OAuth for one service provider. The
>>>>>> provider now would like to have a custom theme.
>>>>>>
>>>>>> I thought I can just do this:
>>>>>>
>>>>>> {
>>>>>>   "@class" : "org.apereo.cas.support.oauth.
>>>>>> services.OAuthRegisteredService",
>>>>>>   "clientId": "OAuthApp",
>>>>>>   "clientSecret": "xx",
>>>>>>   "serviceId" : "^http://www.example.com/sp.*;,
>>>>>>   "name" : "OAuthApp",
>>>>>>   "id" : 1000,
>>>>>>   "evaluationOrder" : 1000,
>>>>>>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>>>>>>   "supportedGrantTypes" : [ "java.util.HashSet",  [
>>>>>> "authorization_code" , "refresh_token"] ],
>>>>>>   "theme" : "awesome_theme"
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>> However it seems that the service the returned service is the below:
>>>>>>
>>>>>> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
>>>>>> client_name=XXX&
>>>>>> client_id=OAuthApp&
>>>>>> redirect_uri=http://www.example.com/sp;
>>>>>> response_type=code
>>>>>>
>>>>>>
>>>>>> So the *theme *will not load. So my question is, is it possible for
>>>>>> me to make custom theme for my OAuth SP provider?
>>>>>>
>>>>>> Thanks in advance!
>>>>>>
>>>>>> - Andy
>>>>>>
>>>>>> --
>>>>>> - Website: https://apereo.github.io/cas
>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "CAS Community" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to cas-user+u...@apereo.org.
>>>>>> To view this discussi

Re: [cas-user] Cas 5.2 OpenLDap notworking: authentication failure and sucess

[Man H]

Log says

 - 
escribió:

> I config Cas 5.2 Authen user login by OpenLDap, but not working
> My cas.properties:
> cas.authn.accept.users=
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://localhost:389
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].baseDn=ou=Users,dc=xx-cas,dc=com
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].bindDn=cn=Manager,dc=xx-cas,dc=com
> cas.authn.ldap[0].bindCredential=
>
> Log:
> 2018-02-28 13:43:09,886 DEBUG [org.apereo.cas.authentication.adaptive.
> DefaultAdaptiveAuthenticationPolicy] -  has authorized client [xxx.xxx.xxx.xxx] to proceed.>
> 2018-02-28 13:43:09,887 DEBUG [org.apereo.cas.web.support.WebUtils] -
> 
> 2018-02-28 13:43:09,887 DEBUG [org.apereo.cas.web.support.WebUtils] -
> 
> 2018-02-28 13:43:09,889 DEBUG [org.apereo.cas.authentication.
> RegisteredServiceAuthenticationHandlerResolver] -  authentication handlers are required for this transaction>
> 2018-02-28 13:43:09,890 DEBUG [org.apereo.cas.authentication.
> RegisteredServiceAuthenticationHandlerResolver] -  handlers used for this transaction are [HttpBasedServiceCredentialsAut
> henticationHandler]>
> 2018-02-28 13:43:09,891 ERROR [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] -  Credentials may be incorrect or CAS cannot find authentication handler that
> supports [test] of type [UsernamePasswordCredential].>
>
> 2018-02-28 13:43:09,893 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> -  WHO: test
> WHAT: Supplied credentials: [test]
> ACTION: AUTHENTICATION_SUCCESS
> APPLICATION: CAS
> WHEN: Wed Feb 28 13:43:09 GMT+07:00 2018
> CLIENT IP ADDRESS: xxx.xxx.xxx
>
> SERVER IP ADDRESS: xxx.xxx.xxx
> >
> 2018-02-28 13:43:09,945 DEBUG 
> [org.apereo.cas.web.view.CasReloadableMessageBundle]
> -  plain properties nor XML>
> 2018-02-28 13:43:09,947 DEBUG 
> [org.apereo.cas.web.view.CasReloadableMessageBundle]
> -  properties nor XML>
> 2018-02-28 13:43:09,949 DEBUG 
> [org.apereo.cas.web.view.CasReloadableMessageBundle]
> -  properties nor XML>
> 2018-02-28 13:43:09,950 DEBUG 
> [org.apereo.cas.web.view.CasReloadableMessageBundle]
> -  been modified>
>
> Any pointers to this will be highly appreciated . Thanks.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6b17b820-db5e-44c3-9538-
> 19014843ab2b%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micsUP_paSjidJfbuavP7yYc-nWo8x7T8RQFGyQDafvvEQ%40mail.gmail.com.

Re: [cas-user] What configuration for ticket 5.2 ?

[Man H]

Check maxage within cookie

El miércoles, 28 de febrero de 2018, vallee.romain 
escribió:

> Thank you all for your response.
> I'm surprised the TGC stays after the browser closes.
>
> For me, if we didn't check "Remember Me", we had authentication per
> session and not a cookie.
>
>
> cas.tgc.name=TGC
> #cas.tgc.secure=false
> #cas.tgc.rememberMeMaxAge=135
> cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4
> cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_
> sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A
> cas.tgc.cipherEnabled=true
>
> # #remember me 31 days in seconds
> # # Set to a negative value to never expire tickets
> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
> #cas.ticket.tgt.timeToKillInSeconds=7200
> cas.ticket.tgt.rememberMe.enabled=true
> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
> #cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>
>
> This is my new configuration.
> but the TGC cookie still remains after the closing of the web browser.
> In version 4.2 of jasig, if we closed the browser, the session was no
> longer maintained.
>
>
>
> Le mardi 27 février 2018 17:23:57 UTC+1, rbon a écrit :
>>
>> Romain,
>>
>> I guess cas.tgc.remeberMeMaxAge overrides cas.tgc.maxAge.
>> If you want your session to end when browser is closed, leave out
>> cas.tgc.rememberMeMaxAge.
>>
>> Ray
>>
>> On Tue, 2018-02-27 at 00:09 -0800, vallee.romain wrote:
>>
>> Hello,
>>
>> i try to setup jasig TGC for this use case :
>>
>> When i check rememberMe : 1 months without need to enter login.password
>>
>> When i don't check rememberme : 7 hours unless i close the brother . If i
>> close the brother, i would like to have login/password prompte at next
>> login.
>>
>>
>> I think rememberMe if ok .
>>
>> But when i try to closed/open the brother, the session is already up .
>>
>> # cas.tgc.path=
>> cas.tgc.maxAge=-1
>> # cas.tgc.domain=
>> cas.tgc.name=TGC
>> cas.tgc.secure=false
>> cas.tgc.rememberMeMaxAge=135
>> cas.tgc.encryptionKey=xxx
>> cas.tgc.signingKey=x
>> cas.tgc.cipherEnabled=true
>>
>> # #remember me 31 days in seconds
>> # # Set to a negative value to never expire tickets
>> cas.ticket.tgt.maxTimeToLiveInSeconds=135
>> cas.ticket.tgt.timeToKillInSeconds=7200
>> cas.ticket.tgt.rememberMe.enabled=true
>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>> ##
>> #Throttled Timeout
>> ##
>> cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
>> cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
>> cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
>>
>>
>>
>> Have you got an idea ?
>>
>> Best regards
>>
>> Romain
>>
>> --
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | rb...@uvic.ca
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6c3297a3-0c5e-478e-ba81-
> 0a4857dc6f5c%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifHoV6BFVAhmYn1rxQepy4YGbqDxf2UG4X1AhEgOo3n4w%40mail.gmail.com.

Re: [cas-user] CAS 5.2.2 logs showing authentication failure and sucess

[Man H]

See

https://groups.google.com/a/apereo.org/d/msgid/cas-user/56A68D83-B246-4917-9274-A1BE860FC5AA%40gmail.com?utm_medium=email_source=footer


El miércoles, 28 de febrero de 2018, Michael MacEachran <
mmaceach...@gmail.com> escribió:

> I am trying to add my own custom authentication handler that accesses the
> database and I have this in my main configuration class:
>
> @Bean
> public DatabaseAuthenticationProvider getAuthenticationProvider() {
> return new DatabaseAuthenticationProvider("
> databaseAuthenticationProvider", servicesManager, principalFactory, 1);
> }
>
> (the servicesManager and principalFactory are Autowired in)
>
> and I am getting this in my logs:
>
> 18-02-27 23:49:42.233 ERROR 28733 --- [nio-8443-exec-6] o.a.c.a.
> PolicyBasedAuthenticationManager : Authentication has failed. Credentials
> may be incorrect or CAS cannot find authentication handler that supports
> [mmaceachran] of type [UsernamePasswordCredential].
> 2018-02-27 23:49:42.235  INFO 28733 --- [nio-8443-exec-6] 
> o.a.i.a.s.Slf4jLoggingAuditTrailManager
> : Audit trail record BEGIN
> =
> WHO: mmaceachran
> WHAT: Supplied credentials: [mmaceachran]
> ACTION: AUTHENTICATION_SUCCESS
> APPLICATION: CAS
> WHEN: Tue Feb 27 23:49:42 EST 2018
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =
>
> So I have 2 questions:
>
> 1.  How do I tell CAS to use my authentication manager
> 2.  Why does the log say that I have AUTHENTICATION_SUCCESS?
>
> Thank You!
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d3d51000-5f44-4800-93ba-
> 6341b762b023%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micu4%2B_prp%2Baent%3DAu%3DXudRasg6njc1TLppU2bAgWoEEDw%40mail.gmail.com.

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

[Man H]

 open browser developper tool to see if itheme gets loaded

El miércoles, 28 de febrero de 2018, Man H <info.ings...@gmail.com>
escribió:

> Cant you just build a simple webapp with index.html
>
> El miércoles, 28 de febrero de 2018, Andy Ng <long...@gmail.com> escribió:
>
>> Thanks Manfedo,
>>
>> Do you mean that I should:
>> - Redirect user to login using Non Oauth Service first (with theme)
>> - Then redirect user to login using Oauth Service for actual Oauth login
>>
>> Am I correct?
>>
>> I would prefer not to do the above, since that mean the service provider
>> need to change their code, but if needed I think the above is still
>> feasible, thanks Manfedo.
>>
>> I would like to see if there are a solution that, to not use non oauth
>> login first. Thanks.
>>
>> -Andy
>>
>> On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>>>
>>> Try to.load that theme on a regular service, that is non oauth
>>>
>>> El miércoles, 28 de febrero de 2018, Andy Ng <lon...@gmail.com>
>>> escribió:
>>>
>>>> Hi all,
>>>>
>>>> I am using CAS 5.2.x, and using OAuth for one service provider. The
>>>> provider now would like to have a custom theme.
>>>>
>>>> I thought I can just do this:
>>>>
>>>> {
>>>>   "@class" : "org.apereo.cas.support.oauth.
>>>> services.OAuthRegisteredService",
>>>>   "clientId": "OAuthApp",
>>>>   "clientSecret": "xx",
>>>>   "serviceId" : "^http://www.example.com/sp.*;,
>>>>   "name" : "OAuthApp",
>>>>   "id" : 1000,
>>>>   "evaluationOrder" : 1000,
>>>>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>>>>   "supportedGrantTypes" : [ "java.util.HashSet",  [
>>>> "authorization_code" , "refresh_token"] ],
>>>>   "theme" : "awesome_theme"
>>>> }
>>>>
>>>>
>>>>
>>>> However it seems that the service the returned service is the below:
>>>>
>>>> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
>>>> client_name=XXX&
>>>> client_id=OAuthApp&
>>>> redirect_uri=http://www.example.com/sp;
>>>> response_type=code
>>>>
>>>>
>>>> So the *theme *will not load. So my question is, is it possible for me
>>>> to make custom theme for my OAuth SP provider?
>>>>
>>>> Thanks in advance!
>>>>
>>>> - Andy
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>>> ereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f
>>>> 16%40apereo.org
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f16%40apereo.org?utm_medium=email_source=footer>
>>>> .
>>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-5d01101a48
>> 73%40apereo.org
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-5d01101a4873%40apereo.org?utm_medium=email_source=footer>
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midCJCmyEH_%3DQQC6F%2B4C5bo7KjHVAFcd-Y_FXpyiE7ND0Q%40mail.gmail.com.

Re: [cas-user] [CAS 5.2.x] [OAuth] [Theme] How to make custom theme for OAuth sp

[Man H]

Cant you just build a simple webapp with index.html

El miércoles, 28 de febrero de 2018, Andy Ng  escribió:

> Thanks Manfedo,
>
> Do you mean that I should:
> - Redirect user to login using Non Oauth Service first (with theme)
> - Then redirect user to login using Oauth Service for actual Oauth login
>
> Am I correct?
>
> I would prefer not to do the above, since that mean the service provider
> need to change their code, but if needed I think the above is still
> feasible, thanks Manfedo.
>
> I would like to see if there are a solution that, to not use non oauth
> login first. Thanks.
>
> -Andy
>
> On Wednesday, 28 February 2018 11:26:24 UTC+8, Manfredo Hopp wrote:
>>
>> Try to.load that theme on a regular service, that is non oauth
>>
>> El miércoles, 28 de febrero de 2018, Andy Ng  escribió:
>>
>>> Hi all,
>>>
>>> I am using CAS 5.2.x, and using OAuth for one service provider. The
>>> provider now would like to have a custom theme.
>>>
>>> I thought I can just do this:
>>>
>>> {
>>>   "@class" : "org.apereo.cas.support.oauth.
>>> services.OAuthRegisteredService",
>>>   "clientId": "OAuthApp",
>>>   "clientSecret": "xx",
>>>   "serviceId" : "^http://www.example.com/sp.*;,
>>>   "name" : "OAuthApp",
>>>   "id" : 1000,
>>>   "evaluationOrder" : 1000,
>>>   "supportedResponseTypes" : [ "java.util.HashSet", [ "code" ] ],
>>>   "supportedGrantTypes" : [ "java.util.HashSet",  [ "authorization_code"
>>> , "refresh_token"] ],
>>>   "theme" : "awesome_theme"
>>> }
>>>
>>>
>>>
>>> However it seems that the service the returned service is the below:
>>>
>>> https://mysite.example.com:443/cas/oauth2.0/callbackAuthorize?
>>> client_name=XXX&
>>> client_id=OAuthApp&
>>> redirect_uri=http://www.example.com/sp;
>>> response_type=code
>>>
>>>
>>> So the *theme *will not load. So my question is, is it possible for me
>>> to make custom theme for my OAuth SP provider?
>>>
>>> Thanks in advance!
>>>
>>> - Andy
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/3fa4db3b-f7e5-4751-8ba6-f3ee872f0f
>>> 16%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/66302352-d0d5-40fe-803e-
> 5d01101a4873%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifHTaGJMRiMf3zOzcOoeu9QFtjzjjuCgAzYrNq9vivu7A%40mail.gmail.com.

Re: [cas-user] cas 5.1.x setting cas:user value

[Man H]

See

https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-PrincipalId.html

El martes, 27 de febrero de 2018, Toby Archer 
escribió:

> I had previously asked a near identical question here:
> https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/3xOdHIgj9x8
>
> That ended with an unknown and I left it with the belief that if it is
> possible to do what I want in CAS 3.5.2, it would probably be more trouble
> than it's worth since we will hopefully be moving to CAS 5.1 some time this
> year. But now I come back to the same question with CAS 5. Right now I'm
> receiving this from CAS:
>
> 
> 
> *toben.archer*
> 
> toben.archer
> toben.arc...@usd.edu
> 
> 
> 
>
> I would like to receive this:
>
> 
> 
> *toben.arc...@usd.edu *
> 
> toben.archer
> toben.arc...@usd.edu
> 
> 
> 
>
> For clarity, I want the cas:user element of the response to be my mail
> attribute that it received from LDAP (who is managing the authentication).
> One of our applications needs this, so I also need to be able to do it in a
> way that works for one application but leaves the others uneffected. Is
> this possible? If so how would I go about it?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c28b398f-870f-4ded-8c24-
> 500e714447c1%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mie%2BwAPE0X_CJVKgFO3-nD41BtmU4JM%2BXwXE%3DQCpXVL%2B_A%40mail.gmail.com.

Re: [cas-user] Can't find AbstractUsernamePasswordAuthenticationHandler

[Man H]

add

org.apereo.cas
cas-server-core-authentication


2018-02-27 16:59 GMT-03:00 Michael MacEachran :

> I am trying to write my own AuthenticationHandler.  I have this dependency
> in my POM:
>
>  
> org.apereo.cas
> cas-server-support-jdbc
> ${cas.version}
> 
>
> But I am getting an error when building.  I get a cannot find symbol for
> symbol:   class ServicesManager  and every other class in the
> org.apereo.cas.authentication.*  package.
>
> What's weird is that in my Eclipse,  I am not getting any import errors.
> Only when I build from the command line.  Makes me think I have a bad
> repository.  I have this in my POM that came with the demo overlay:
>
> 
> 
> sonatype-releases
> http://oss.sonatype.org/content/repositories/releases/
> 
> 
> false
> 
> 
> true
> 
> 
> 
> sonatype-snapshots
> https://oss.sonatype.org/content/repositories/snapshots/
> 
> 
> true
> 
> 
> false
> 
> 
> 
> shibboleth-releases
> https://build.shibboleth.net/nexus/content/
> repositories/releases
> 
> 
>
> Any Idea what's wrong?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/4ed9b99c-ab51-4cbf-bfd0-
> d6e924008000%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mieWrTVouBJx6%3DRDHSoP9rdim3yKA2tdNxERjX%2BkCceswQ%40mail.gmail.com.

Re: [cas-user] What configuration for ticket 5.2 ?

[Man H]

 As for tgc properties leave them unchanged.

 Pd: closing browser does not end cas session.

El martes, 27 de febrero de 2018, Man H <info.ings...@gmail.com> escribió:

> Put only those properties.
> To end your cas session you have to logout  redirect to login page from
> your application otherwise you will get that behaviour.
>
> El martes, 27 de febrero de 2018, vallee.romain <vallee.rom...@gmail.com>
> escribió:
>
>> Thank you for your answer .
>>
>> Now i got this
>>
>> cas.tgc.maxAge=-1
>> # cas.tgc.domain=
>> cas.tgc.name=TGC
>> #cas.tgc.secure=false
>> #cas.tgc.rememberMeMaxAge=135
>> cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4
>> cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdN
>> vNpXF1FFk_sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A
>> cas.tgc.cipherEnabled=true
>>
>> # #remember me 31 days in seconds
>> # # Set to a negative value to never expire tickets
>> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
>> #cas.ticket.tgt.timeToKillInSeconds=7200
>> cas.ticket.tgt.rememberMe.enabled=true
>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>> #cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>> ##
>> #Throttled Timeout
>> ##
>> #cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
>> #cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
>> #cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
>>
>>
>> And session keep alive when i close my web browser .
>>
>>
>> Le mardi 27 février 2018 13:29:34 UTC+1, Manfredo Hopp a écrit :
>>>
>>> Try this
>>>
>>> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
>>> cas.ticket.tgt.rememberMe.enabled=true
>>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=2592000
>>>
>>> To test these set lower values.
>>> Also dont use secure=false
>>>
>>> El martes, 27 de febrero de 2018, vallee.romain <vallee...@gmail.com>
>>> escribió:
>>>
>>>> Hello,
>>>>
>>>> i try to setup jasig TGC for this use case :
>>>>
>>>> When i check rememberMe : 1 months without need to enter login.password
>>>>
>>>> When i don't check rememberme : 7 hours unless i close the brother . If
>>>> i close the brother, i would like to have login/password prompte at next
>>>> login.
>>>>
>>>>
>>>> I think rememberMe if ok .
>>>>
>>>> But when i try to closed/open the brother, the session is already up .
>>>>
>>>> # cas.tgc.path=
>>>> cas.tgc.maxAge=-1
>>>> # cas.tgc.domain=
>>>> cas.tgc.name=TGC
>>>> cas.tgc.secure=false
>>>> cas.tgc.rememberMeMaxAge=135
>>>> cas.tgc.encryptionKey=xxx
>>>> cas.tgc.signingKey=x
>>>> cas.tgc.cipherEnabled=true
>>>>
>>>> # #remember me 31 days in seconds
>>>> # # Set to a negative value to never expire tickets
>>>> cas.ticket.tgt.maxTimeToLiveInSeconds=135
>>>> cas.ticket.tgt.timeToKillInSeconds=7200
>>>> cas.ticket.tgt.rememberMe.enabled=true
>>>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>>>> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>>>> ##
>>>> #Throttled Timeout
>>>> ##
>>>> cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
>>>> cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
>>>> cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
>>>>
>>>>
>>>>
>>>> Have you got an idea ?
>>>>
>>>> Best regards
>>>>
>>>> Romain
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>>> ereo.org/d/msgid/cas-user/d8c90dba-d149-4ff5-871e-31c38c8722
>>>> ba%40apereo.org
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-use

Re: [cas-user] What configuration for ticket 5.2 ?

[Man H]

Put only those properties.
To end your cas session you have to logout  redirect to login page from
your application otherwise you will get that behaviour.

El martes, 27 de febrero de 2018, vallee.romain 
escribió:

> Thank you for your answer .
>
> Now i got this
>
> cas.tgc.maxAge=-1
> # cas.tgc.domain=
> cas.tgc.name=TGC
> #cas.tgc.secure=false
> #cas.tgc.rememberMeMaxAge=135
> cas.tgc.encryptionKey=kGF9P2ZuU0ovlaCWxhiHix1bxH2pGfqlG5qGzqdxjY4
> cas.tgc.signingKey=K5yrl7ThQ5wwX8pbtEgdHF4aDuwUwFkHmhARzSRdNvNpXF1FFk_
> sYIgRHZZVJWdlMlGecQ-bePNlf0pexIzj2A
> cas.tgc.cipherEnabled=true
>
> # #remember me 31 days in seconds
> # # Set to a negative value to never expire tickets
> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
> #cas.ticket.tgt.timeToKillInSeconds=7200
> cas.ticket.tgt.rememberMe.enabled=true
> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
> #cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
> ##
> #Throttled Timeout
> ##
> #cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
> #cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
> #cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
>
>
> And session keep alive when i close my web browser .
>
>
> Le mardi 27 février 2018 13:29:34 UTC+1, Manfredo Hopp a écrit :
>>
>> Try this
>>
>> cas.ticket.tgt.maxTimeToLiveInSeconds=25200
>> cas.ticket.tgt.rememberMe.enabled=true
>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=2592000
>>
>> To test these set lower values.
>> Also dont use secure=false
>>
>> El martes, 27 de febrero de 2018, vallee.romain 
>> escribió:
>>
>>> Hello,
>>>
>>> i try to setup jasig TGC for this use case :
>>>
>>> When i check rememberMe : 1 months without need to enter login.password
>>>
>>> When i don't check rememberme : 7 hours unless i close the brother . If
>>> i close the brother, i would like to have login/password prompte at next
>>> login.
>>>
>>>
>>> I think rememberMe if ok .
>>>
>>> But when i try to closed/open the brother, the session is already up .
>>>
>>> # cas.tgc.path=
>>> cas.tgc.maxAge=-1
>>> # cas.tgc.domain=
>>> cas.tgc.name=TGC
>>> cas.tgc.secure=false
>>> cas.tgc.rememberMeMaxAge=135
>>> cas.tgc.encryptionKey=xxx
>>> cas.tgc.signingKey=x
>>> cas.tgc.cipherEnabled=true
>>>
>>> # #remember me 31 days in seconds
>>> # # Set to a negative value to never expire tickets
>>> cas.ticket.tgt.maxTimeToLiveInSeconds=135
>>> cas.ticket.tgt.timeToKillInSeconds=7200
>>> cas.ticket.tgt.rememberMe.enabled=true
>>> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
>>> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
>>> ##
>>> #Throttled Timeout
>>> ##
>>> cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
>>> cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
>>> cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
>>>
>>>
>>>
>>> Have you got an idea ?
>>>
>>> Best regards
>>>
>>> Romain
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/d8c90dba-d149-4ff5-871e-31c38c8722
>>> ba%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/10e4c78f-d647-4ea8-aed6-
> 7bfded1a6887%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midOp%3DMf30%2BoHzL%2BLSDJwf%3D_OVUBhKNDjSNVPWN1g%3DOZEg%40mail.gmail.com.

Re: [cas-user] What configuration for ticket 5.2 ?

[Man H]

Try this

cas.ticket.tgt.maxTimeToLiveInSeconds=25200
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=2592000

To test these set lower values.
Also dont use secure=false

El martes, 27 de febrero de 2018, vallee.romain 
escribió:

> Hello,
>
> i try to setup jasig TGC for this use case :
>
> When i check rememberMe : 1 months without need to enter login.password
>
> When i don't check rememberme : 7 hours unless i close the brother . If i
> close the brother, i would like to have login/password prompte at next
> login.
>
>
> I think rememberMe if ok .
>
> But when i try to closed/open the brother, the session is already up .
>
> # cas.tgc.path=
> cas.tgc.maxAge=-1
> # cas.tgc.domain=
> cas.tgc.name=TGC
> cas.tgc.secure=false
> cas.tgc.rememberMeMaxAge=135
> cas.tgc.encryptionKey=xxx
> cas.tgc.signingKey=x
> cas.tgc.cipherEnabled=true
>
> # #remember me 31 days in seconds
> # # Set to a negative value to never expire tickets
> cas.ticket.tgt.maxTimeToLiveInSeconds=135
> cas.ticket.tgt.timeToKillInSeconds=7200
> cas.ticket.tgt.rememberMe.enabled=true
> cas.ticket.tgt.rememberMe.timeToKillInSeconds=135
> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135
> ##
> #Throttled Timeout
> ##
> cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
> cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
> cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
>
>
>
> Have you got an idea ?
>
> Best regards
>
> Romain
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d8c90dba-d149-4ff5-871e-
> 31c38c8722ba%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mierGu64b0ufNZBW_nNuD-4RyynRRFekH9pyxYA6BC%3Dc%3Dg%40mail.gmail.com.

Re: [cas-user] pay forward?

[Man H]

If nobody else considered your kind offer I suppose cas multitenancy wins!!

El lunes, 26 de febrero de 2018, Cheltenham, Chris <
ccheltenham-...@philasd.org> escribió:

> Hello Michael,
>
>
>
>
>
> I work for Philadelphia School District K thru 12.
>
>
>
> We may be interested in the hours of part of them perhaps.
>
>
>
> What do we need to do ?
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of 
> *Michael
> O Holstein
> *Sent:* Friday, February 23, 2018 2:39 PM
> *To:* cas-user@apereo.org
> *Subject:* [cas-user] pay forward?
>
>
>
> Our annual contract with Unicon is going to renew here in a bit, and we
> have a bunch of unused consulting hours which are for features and whatnot.
> I'm sure if they're not cool with this I'll get told shortly but here's
> what I'm proposing ..
>
>
>
> I'll bet there's a couple others in the same boat .. since you can't roll
> it .. might as well donate it.
>
>
>
> If there's a feature that everybody thinks would be neat, or some similar
> such thing that we don't need but would collectively benefit (which happens
> regardless, eventually .. if you've read the contract) .. we propose ..
>
>
>
> Come up with something, we'll donate our hours remaining (40 something?)
> to it .. we get new block next year anyway. If that covers it, great .. if
> not, perhaps others will agree with the idea and it'll get done
> collectively. But as long as Unicon is cool with this we're game. Yay open
> source, etc.
>
>
>
> Suggestions? Needs to be well-scoped though, so if you've thought it
> through but couldn't get funding, here's your chance.
>
>
>
> Michael Holstein CISSP
>
> Mgr. Network & Data Security
>
> Cleveland State University
>
>
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/DM2PR0801MB0863C082C73ACC12586
> 1182783CC0%40DM2PR0801MB0863.namprd08.prod.outlook.com
> 
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/003601d3af03%244bc28bc0%
> 24e347a340%24%40philasd.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif%3D6fWv1ENdecQbGYoXm-%2BFr%3Dp5wM0frS1xQbPFjtGvcg%40mail.gmail.com.

Re: [cas-user] CAS PM JDBC 5.1.5 double query

[Man H]

send cas startup log

2018-02-26 21:04 GMT-03:00 <jojo...@gmail.com>:

> It has to be reading my properties or else I could never switch  between
> MySQL and Oracle which I do all day long. It has to be something else.
>
> Bill
>
> Sent from a device.
>
> On Feb 26, 2018, at 7:59 AM, Man H <info.ings...@gmail.com> wrote:
>
> Cas is not reading your properties. Check where they are fetched
>
> El lunes, 26 de febrero de 2018, William Jojo <jojo...@gmail.com>
> escribió:
>
>> Manfredo,
>>
>> Hibernate is not posting to my logs. Turned on cas.jdbc.showSql and
>> cas.jdbc.genDdl. Also added org.hibernate, org.hibernate.SQL and
>> org.hibernate.type.descriptor.sql to the log4j2.xml for both debug and
>> trace. Nothing.
>>
>> This is built using Maven and our own Tomcat server.
>>
>> Bill
>>
>> On Saturday, February 24, 2018 at 3:28:23 PM UTC-5, Manfredo Hopp wrote:
>>>
>>> Send the same with hibernate debug
>>>
>>> El sábado, 24 de febrero de 2018, William Jojo <joj...@gmail.com>
>>> escribió:
>>>
>>>> My question is very simple. Why on Earth are there two separate calls
>>>> for validating PM questions? There is a query to get the question(s)
>>>> followed by what seems like another query to get the answer(s). The format
>>>> requires the query to be in the form of:
>>>>
>>>> select question, answer from table name where user=?
>>>>
>>>> Fine. But if you are trying to randomly select a question with say a
>>>> view or procedure, the functionality is effective broken because you cannot
>>>> guarantee the question/answer pair will match. See below:
>>>>
>>>> 2018-02-24 12:26:56,529 DEBUG 
>>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>>> - 
>>>> 2018-02-24 12:26:56,546 TRACE 
>>>> [org.springframework.jdbc.core.StatementCreatorUtils]
>>>> - >>> [THEUSER], value class [java.lang.String], SQL type unknown>
>>>> 2018-02-24 12:26:56,562 DEBUG 
>>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>>> - 
>>>> 2018-02-24 12:26:56,563 DEBUG 
>>>> [org.apereo.cas.pm.jdbc.JdbcPasswordManagementService]
>>>> - 
>>>>
>>>> 2018-02-24 12:26:59,489 DEBUG [org.springframework.jdbc.core.JdbcTemplate]
>>>> - 
>>>> 2018-02-24 12:26:59,490 DEBUG [org.springframework.jdbc.core.JdbcTemplate]
>>>> - >>> GENERAL.vTestQA where userid=?]>
>>>> 2018-02-24 12:26:59,490 DEBUG 
>>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>>> - 
>>>> 2018-02-24 12:26:59,506 TRACE 
>>>> [org.springframework.jdbc.core.StatementCreatorUtils]
>>>> - >>> [THEUSER], value class [java.lang.String], SQL type unknown>
>>>> 2018-02-24 12:26:59,523 DEBUG 
>>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>>> - 
>>>> 2018-02-24 12:26:59,523 DEBUG 
>>>> [org.apereo.cas.pm.jdbc.JdbcPasswordManagementService]
>>>> - 
>>>>
>>>>
>>>> There is also the concern that the database is not required to return
>>>> the values in the same order every time.
>>>>
>>>> Bill
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>>> ereo.org/d/msgid/cas-user/6a6e6fab-f5c3-4c98-8a92-72079c0cc4
>>>> 12%40apereo.org
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a6e6fab-f5c3-4c98-8a92-72079c0cc412%40apereo.org?utm_medium=email_source=footer>
>>>> .
>>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Commun

Re: [cas-user] AssertionConsumerServiceIndex and AssertionConsumerServiceUrl

[Man H]

Cas is not multitenant.

 See
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20C889EBD5E2E103.107C4E6D-3607-4BC8-8345-C8AE71F48935%40mail.outlook.com?utm_medium=email_source=footer
among others.



2018-02-26 10:40 GMT-03:00 Ash :

>
> Not for logout, but during the login process. The Service Provider
> supports multiple tenants and we would like CAS to redirect the user to a
> different URL based on tenant.
>
> Thanks,
>
> Ash
>
>
>
> On Saturday, February 24, 2018 at 2:32:41 PM UTC-6, Manfredo Hopp wrote:
>>
>> Why you need more than one logout
>>
>> El sábado, 24 de febrero de 2018, Ash  escribió:
>>
>>> hi,
>>>
>>> I am using CAS 5.0. I'd like to dynamically determine the redirect URL
>>> instead of specifying only one in the metadata.xml. Based on my
>>> understanding, I should be able to do this via
>>> AssertionConsumerServiceIndex  and/or AssertionConsumerServiceURL.
>>>
>>> I have tried setting both AssertionConsumerServiceIndex and
>>> AssertionConsumerServiceURL in the AuthnRequest, but have not been
>>> successful. CAS always redirects to the first AssertionConsumerService
>>> configured in the metadata.xml file regardless of what index I set..
>>>
>>> I guess my question is does CAS support AssertionConsumerServiceIndex?
>>> or does anyone know of another way I can accomplish this with CAS?
>>>
>>> Appreciate any help you can provide.
>>>
>>> Thanks -
>>>
>>> Ash
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/3b6c0684-208a-4664-803b-88756c6b28
>>> 7b%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/2bdb5a74-9055-4904-9529-
> a6444c42abab%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifbXtzFxwebj%2BbM9QsW8p5YK1iHNgJXQ3Lyy6nZRHjubw%40mail.gmail.com.

Re: [cas-user] CAS PM JDBC 5.1.5 double query

[Man H]

Cas is not reading your properties. Check where they are fetched

El lunes, 26 de febrero de 2018, William Jojo  escribió:

> Manfredo,
>
> Hibernate is not posting to my logs. Turned on cas.jdbc.showSql and
> cas.jdbc.genDdl. Also added org.hibernate, org.hibernate.SQL and
> org.hibernate.type.descriptor.sql to the log4j2.xml for both debug and
> trace. Nothing.
>
> This is built using Maven and our own Tomcat server.
>
> Bill
>
> On Saturday, February 24, 2018 at 3:28:23 PM UTC-5, Manfredo Hopp wrote:
>>
>> Send the same with hibernate debug
>>
>> El sábado, 24 de febrero de 2018, William Jojo 
>> escribió:
>>
>>> My question is very simple. Why on Earth are there two separate calls
>>> for validating PM questions? There is a query to get the question(s)
>>> followed by what seems like another query to get the answer(s). The format
>>> requires the query to be in the form of:
>>>
>>> select question, answer from table name where user=?
>>>
>>> Fine. But if you are trying to randomly select a question with say a
>>> view or procedure, the functionality is effective broken because you cannot
>>> guarantee the question/answer pair will match. See below:
>>>
>>> 2018-02-24 12:26:56,529 DEBUG 
>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>> - 
>>> 2018-02-24 12:26:56,546 TRACE 
>>> [org.springframework.jdbc.core.StatementCreatorUtils]
>>> - >> [THEUSER], value class [java.lang.String], SQL type unknown>
>>> 2018-02-24 12:26:56,562 DEBUG 
>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>> - 
>>> 2018-02-24 12:26:56,563 DEBUG 
>>> [org.apereo.cas.pm.jdbc.JdbcPasswordManagementService]
>>> - 
>>>
>>> 2018-02-24 12:26:59,489 DEBUG [org.springframework.jdbc.core.JdbcTemplate]
>>> - 
>>> 2018-02-24 12:26:59,490 DEBUG [org.springframework.jdbc.core.JdbcTemplate]
>>> - >> GENERAL.vTestQA where userid=?]>
>>> 2018-02-24 12:26:59,490 DEBUG 
>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>> - 
>>> 2018-02-24 12:26:59,506 TRACE 
>>> [org.springframework.jdbc.core.StatementCreatorUtils]
>>> - >> [THEUSER], value class [java.lang.String], SQL type unknown>
>>> 2018-02-24 12:26:59,523 DEBUG 
>>> [org.springframework.jdbc.datasource.DataSourceUtils]
>>> - 
>>> 2018-02-24 12:26:59,523 DEBUG 
>>> [org.apereo.cas.pm.jdbc.JdbcPasswordManagementService]
>>> - 
>>>
>>>
>>> There is also the concern that the database is not required to return
>>> the values in the same order every time.
>>>
>>> Bill
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/6a6e6fab-f5c3-4c98-8a92-72079c0cc4
>>> 12%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/32e639e7-28d9-436e-a744-
> 416287d15489%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mieayDoG-izYMLMp%3D1VGM8YZioM%3Dko_MOoGXgAz9XZmV-g%40mail.gmail.com.

Re: [cas-user] Session Invalidation in cas JAVA Client

[Man H]

Cas tgt delimits user session. Do CAs logout to end session.

El sábado, 24 de febrero de 2018, Wajih El Katerji 
escribió:

> Hello
>
> I need some clarification in regards to what happens when a client calls
> session.invalidate, with respect to CAS of course. What I are facing is a
> problem when a logout is triggered at the client side. What happens is the
> client is logged out from the application, but then redirected to the CAS
> page were a session for that user already exists and hence the user is
> validated and redirected back to the application page. Do I have to call
> cas/logout after session.invalidate?
>
> Thank you for your time.
>
> Wajih El Katerji
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/7511210a-8ac1-4b08-a535-
> 6fdfa937d887%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif_FY-3zc5Vk%3DFw5EFX5ukp2My2Pd%3DuRowp1LuQgKQUEw%40mail.gmail.com.

Re: [cas-user] mahe CAS 5 ory structure in tven question

[Man H]

Simply because this version does not have src

El sábado, 24 de febrero de 2018, Cheltenham, Chris <
ccheltenham-...@philasd.org> escribió:

> Hello eveyone.
>
> I have a maven question.
>
> With CAS 4, we git cloned the github repo cas overlay.
>
> Did the same with CAS 5.
>
> Why do I not have a /src directory structure in the CAS 5 overlay?
>
> I get the source and target directory in theory.
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/31846232.103617.1519509224143.
> JavaMail.zimbra%40philasd.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif1jZKbpTEPasNe%3D4khwy0Eo-OtJ61EmcYoSuRAzG64Dg%40mail.gmail.com.

Re: [cas-user] AssertionConsumerServiceIndex and AssertionConsumerServiceUrl

[Man H]

Why you need more than one logout

El sábado, 24 de febrero de 2018, Ash 
escribió:

> hi,
>
> I am using CAS 5.0. I'd like to dynamically determine the redirect URL
> instead of specifying only one in the metadata.xml. Based on my
> understanding, I should be able to do this via
> AssertionConsumerServiceIndex  and/or AssertionConsumerServiceURL.
>
> I have tried setting both AssertionConsumerServiceIndex and
> AssertionConsumerServiceURL in the AuthnRequest, but have not been
> successful. CAS always redirects to the first AssertionConsumerService
> configured in the metadata.xml file regardless of what index I set..
>
> I guess my question is does CAS support AssertionConsumerServiceIndex? or
> does anyone know of another way I can accomplish this with CAS?
>
> Appreciate any help you can provide.
>
> Thanks -
>
> Ash
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/3b6c0684-208a-4664-803b-
> 88756c6b287b%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mifvaSBEivfVTRR7F7jh%2Bb85_3juORELcV83Aru9r0C%2BBg%40mail.gmail.com.

Re: [cas-user] CAS PM JDBC 5.1.5 double query

[Man H]

Send the same with hibernate debug

El sábado, 24 de febrero de 2018, William Jojo  escribió:

> My question is very simple. Why on Earth are there two separate calls for
> validating PM questions? There is a query to get the question(s) followed
> by what seems like another query to get the answer(s). The format requires
> the query to be in the form of:
>
> select question, answer from table name where user=?
>
> Fine. But if you are trying to randomly select a question with say a view
> or procedure, the functionality is effective broken because you cannot
> guarantee the question/answer pair will match. See below:
>
> 2018-02-24 12:26:56,529 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils]
> - 
> 2018-02-24 12:26:56,546 TRACE 
> [org.springframework.jdbc.core.StatementCreatorUtils]
> -  [THEUSER], value class [java.lang.String], SQL type unknown>
> 2018-02-24 12:26:56,562 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils]
> - 
> 2018-02-24 12:26:56,563 DEBUG 
> [org.apereo.cas.pm.jdbc.JdbcPasswordManagementService]
> - 
>
> 2018-02-24 12:26:59,489 DEBUG [org.springframework.jdbc.core.JdbcTemplate]
> - 
> 2018-02-24 12:26:59,490 DEBUG [org.springframework.jdbc.core.JdbcTemplate]
> -  GENERAL.vTestQA where userid=?]>
> 2018-02-24 12:26:59,490 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils]
> - 
> 2018-02-24 12:26:59,506 TRACE 
> [org.springframework.jdbc.core.StatementCreatorUtils]
> -  [THEUSER], value class [java.lang.String], SQL type unknown>
> 2018-02-24 12:26:59,523 DEBUG 
> [org.springframework.jdbc.datasource.DataSourceUtils]
> - 
> 2018-02-24 12:26:59,523 DEBUG 
> [org.apereo.cas.pm.jdbc.JdbcPasswordManagementService]
> - 
>
>
> There is also the concern that the database is not required to return the
> values in the same order every time.
>
> Bill
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6a6e6fab-f5c3-4c98-8a92-
> 72079c0cc412%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5miduTqbXYXuKG2rM1CB_t1NBUXRdh9FEpp-Vn9n3UU7qwg%40mail.gmail.com.

Re: [cas-user] pay forward?

[Man H]

Caso multitenant

El viernes, 23 de febrero de 2018, Michael O Holstein <
michael.holst...@csuohio.edu> escribió:

> Our annual contract with Unicon is going to renew here in a bit, and we
> have a bunch of unused consulting hours which are for features and whatnot.
> I'm sure if they're not cool with this I'll get told shortly but here's
> what I'm proposing ..
>
> I'll bet there's a couple others in the same boat .. since you can't roll
> it .. might as well donate it.
>
> If there's a feature that everybody thinks would be neat, or some similar
> such thing that we don't need but would collectively benefit (which happens
> regardless, eventually .. if you've read the contract) .. we propose ..
>
> Come up with something, we'll donate our hours remaining (40 something?)
> to it .. we get new block next year anyway. If that covers it, great .. if
> not, perhaps others will agree with the idea and it'll get done
> collectively. But as long as Unicon is cool with this we're game. Yay open
> source, etc.
>
> Suggestions? Needs to be well-scoped though, so if you've thought it
> through but couldn't get funding, here's your chance.
>
> Michael Holstein CISSP
> Mgr. Network & Data Security
> Cleveland State University
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/DM2PR0801MB0863C082C73ACC12586
> 1182783CC0%40DM2PR0801MB0863.namprd08.prod.outlook.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micdjGRc3-Fc71tnM6PawA3spQ7YRLTLVf_Wy%3DP6gZ0jYg%40mail.gmail.com.

Re: [cas-user] CAS Client Location (PKIX path building failed)

[Man H]

Path to your certificate is not found

El martes, 20 de febrero de 2018, Kevin Liu 
escribió:

> This is the error I keep getting:
>
> Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
>
>
> On Tuesday, February 20, 2018 at 9:59:04 AM UTC-6, Kevin Liu wrote:
>>
>> I'm running into a PKIX path building failed and in the documentation it
>> lists this: "The problem here is that the CAS *client* does not trust
>> the certificate presented by the CAS server; most often this occurs because
>> of using a *self-signed certificate* on the CAS server. "
>>
>> I'm currently using tomcat to run cas vanila server. What would be the
>> CAS client in this scenario?
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/2ae7add2-3240-458b-9f4a-
> ee8ea012c411%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mie2e7pXp4_3Uhs2TtNowXq3e5vE9e%3DXoW-BeNKCEyqx3A%40mail.gmail.com.

Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

[Man H]

This should be another thread since dashboard is not the same as
cas-management.
Make it a service

El martes, 20 de febrero de 2018, Cheltenham, Chris <
ccheltenham-...@philasd.org> escribió:

> Hello Everyone,
>
>
>
> I am getting access denied on the /cas-management
>
> It appears CAS 5 is a bit different from 4
>
>
>
> Does anyone know why I am getting access denied to the management stuff?
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David
> Curry
> *Sent:* Tuesday, February 20, 2018 8:48 AM
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] [5.2] Dashboard - Application Not Authorized to
> Use CAS
>
>
>
> Assuming "the services directory" means you're trying to use an external
> directory full of JSON service definitions, do you have
>
>
>
> 
>
> org.apereo.cas
>
> cas-server-support-json-service-registry
>
> ${cas.version}
>
> 
>
>
>
> in your pom.xml and
>
>
>
> cas.serviceRegistry.json.location:file:/etc/cas/services
>
>
>
> (whatever directory path you want) in cas.properties?
>
>
>
> --Dave
>
>
>
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> 
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Tue, Feb 20, 2018 at 8:41 AM, Kevin Liu  wrote:
>
> I've added and it looks like CAS is just not picking up on any of the
> services directory. It doesn't show as registering the service.
>
>
>
> On Monday, February 19, 2018 at 12:55:18 PM UTC-6, rbon wrote:
>
> Put these into the log config to verify that the services you want are
> correct:
>
>
>
> 
>
>  level="debug" />
>
>
>
> 
>
>  level="debug"/>
>
>
>
> 
>
>  level="debug" />
>
>
>
> Ray
>
>
>
> On Mon, 2018-02-19 at 09:24 -0800, Kevin Liu wrote:
>
> I'm trying to access https://xxx.xxx.xxx.xxx:/cas1/status/dashboard
>
> On Monday, February 19, 2018 at 11:01:33 AM UTC-6, rbon wrote:
>
> Kevin,
>
>
>
> What is the URL that you are trying to access?
>
>
>
> Ray
>
>
>
> On Mon, 2018-02-19 at 08:34 -0800, Kevin Liu wrote:
>
> This is my current entry in service registry
>
>
>
> {
>
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
>   "serviceId" : "^https://xxx.xxx.xxx.xxx:/cas1/status/dashboard(
> \\z|/.*)",
>
>   "name" : "CAS Admin Dashboard",
>
>   "id" : 1509646291,
>
>   "description" : "CAS dashboard and administrative endpoints",
>
>   "evaluationOrder" : 5000
>
> }
>
>
>
>
> On Monday, February 19, 2018 at 9:06:00 AM UTC-6, David Curry wrote:
>
> Do you have an entry in the service registry that matches the service?
>
>
>
> {
>
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
>   "serviceId" : "^https://xxx.xxx.xxx.xxx/cas1/status/dashboard(\\z|/.*)",
>
>   "name" : "CAS Admin Dashboard",
>
>   "id" : 123456789,
>
>   "description" : "CAS dashboard and administrative endpoints",
>
>   "evaluationOrder" : 12345
>
> }
>
>
>
> Or something like that.
>
>
> --Dave
>
>
>
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> 
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Mon, Feb 19, 2018 at 9:33 AM, Kevin Liu  wrote:
>
> Hello,
>
>
>
> I'm trying to enable access to the Dashboard with the default
> casuser:Mellon account but I'm running into an Application Not Authorized
> to Use CAS. This is my cas.properties file. I can't figure out what I'm
> missing? Looking online, it seems I need a registry of some sort but I
> can't find additional documentation on it.
>
>
>
>
>
> cas.server.name: https://xxx.xxx.xxx.xxx
>
> cas.server.prefix: https://xxx.xxx.xxx.xxx/cas1
>
>
>
> logging.config: file:/etc/cas1/config/log4j2.xml
>
>
>
> endpoints.enabled=true
>
> endpoints.sensitive=false
>
> cas.adminPagesSecurity.ip=192.168.x.xx
>
> cas.monitor.endpoints.enable=true
>
> cas.monitor.endpoints.sensitive=false
>
> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
>
>
>
>
>
> cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login
>
> cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard
>
> cas.adminPagesSecurity.users=file:/etc/cas1/config/adminusers.properties
>
> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>
>
>
> Am I missing anything?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---

Re: [cas-user] SAML and signing configuration

[Man H]

Do you hace mod_auth_cas installed

El martes, 20 de febrero de 2018, Alberto Cabello Sánchez 
escribió:

> Hi,
>
> I'm getting a strange error when running the Onelogin SSO Wordpress
> plugin to authenticate users with a CAS with SAML support. I managed
> to get the plugin working with simpleSAMLphp so I think the problem
> is in the CAS side.
>
> The displayed error message is:
>
>
> CAS is unable to process this request: "500:Internal Server Error"
>
> Error: org.opensaml.saml.common.SAMLException:
> No signature signing parameter is available
>
>
>
> I think the problem is some metadata parameter, but I cannot find a working
> example to give some light. I configured the service in a JSON this way:
> (file name is lvs05saml-1003.json)
>
> {
>   "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
>   "serviceId" : "lvs05saml",
>   "name" : "lvs05saml",
>   "id" : 1003,
>   "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   },
>   "metadataLocation" : "http://HERE_I_PUT_MY_WORDPRESS_URL/wp-login.php?
> saml_metadata",
>   "metadataSignatureLocation" : "file:/usr/local/etc/cas/
> certs/ONE_LOGIN_PLUGIN_CERT.pub",
> }
>
> Uppercase HERE_I_PUT_MY_WORDPRESS_URL and ONE_LOGIN_PLUGIN_CERT are
> substituted by the actual conf values.
>
> I'm basically stucked at this point, so I feel I need some hint to
> carry further research and solve this error.
>
> Thanks for your help,
>
> --
> Alberto Cabello Sánchez
> Servicio de Informática
> Universidad de Extremadura
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/20180220104515.e69c1fad30ace2e22815f049%
> 40unex.es.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5miexpX%3DjD4LsuhKRzAuipS83i8iYvg-uY_N6qfZfesQbJQ%40mail.gmail.com.

Re: [cas-user] Re: Tomcat CAS Missing TldParser

[Man H]

Check java version

2018-02-18 20:52 GMT-03:00 Matthew Hannay :

> I have built CAS as a standalone war and deployed to Tomcat
> 7.latest_stable(7.0.85)  and I get a
> Caused by: java.lang.NoClassDefFoundError: org/apache/tomcat/util/
> descriptor/tld/TldParser
>
> However in tomcat 8
> deploys fine
>
> I am suspecting a difference in Servlet / JSP / EL specs between tomcat 7
> and 8
> http://tomcat.apache.org/whichversion.html
>
> Does anyone know of the top of their head what JEE specs (Servlet / JSP /
> EL) CAS 5.2+ supports?
> I will Dig into the code and POMs to work it out.
>
> --Matt
>
>
>
>
>
>
>
> On Tuesday, 9 January 2018 08:23:47 UTC+10, George Lawson-Crowson wrote:
>>
>> Hello! I'm trying to install CAS and am getting Tomcat errors saying that
>> I'm missing the TldParser JAR. If you could help, please respond to my
>> StackOverflow question
>> 
>> .
>>
>> Sincerely,
>> George Crowson
>> Systems Developer
>> Southwestern University
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d2d7a569-6ea7-44f3-b3c8-
> fd16ef59af5c%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic-k3%3Da%3D8vmPxs7F%2B9qr5b0%2BihPTsfW6XvmCdmTUczJPA%40mail.gmail.com.

Re: [cas-user] [CAS-5.2.2] Jaas LDAP Authentication Prinicipal Attribute Resolve Issue

[Man H]

What would your question be

2018-02-15 11:29 GMT-03:00 Soumya Tripathy :

> Hi,
> Recently we upgraded CAS from 5.1.0 to 5.2.2.
> With CAS 5.1.0 when I was using JAAS with LDAP it was returning the
> correct principal.
> But when with CAS 5.2.0 now I'm getting the principal as
>
> Log In Successful
>
> You, *CN=Soumya Ranjan
> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com * have
> successfully logged into the Central Authentication Service
>
> (XXX are masked due to company internal policy)
>
> Where as earlier(With CAS-5.1.0) I was getting
> Log In Successful
>
> You, Soumya_Tripathy have successfully logged into the Central
> Authentication Service
>
>
> I compared the logs of both the version, here is the findings:
>
>
> *CAS-5.1.0 Logs*
>
>
> 2018-02-15 19:28:04,673 DEBUG [org.apereo.cas.authentication.handler.
> support.JaasAuthenticationHandler] -  [Soumya_Tripathy]> [LdapLoginModule] authentication-first mode; SSL
> disabled [LdapLoginModule] user provider: ldap://ad.xxx.com/DC=ad,DC=
> XXX,DC=com [LdapLoginModule] attempting to authenticate user:
> Soumya_Tripathy [LdapLoginModule] searching for entry belonging to user:
> Soumya_Tripathy [LdapLoginModule] found entry: CN=Soumya Ranjan
> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com
> [LdapLoginModule] authentication succeeded [LdapLoginModule] added
> LdapPrincipal "CN=Soumya Ranjan Tripathy,OU=GEN,OU=Users,OU=
> XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com" to Subject [LdapLoginModule] added
> UserPrincipal "Soumya_Tripathy" to Subject [LdapLoginModule] logged out
> Subject 2018-02-15 19:28:04,770 DEBUG 
> [org.apereo.cas.authentication.AbstractAuthenticationManager]
> -  authenticated [Soumya_Tripathy]> 2018-02-15 19:28:04,773 DEBUG
> [org.apereo.cas.authentication.principal.resolvers.
> *PersonDirectoryPrincipalResolver*] -  principal...> 2018-02-15 19:28:04,775 DEBUG [org.apereo.cas.
> authentication.principal.resolvers.*PersonDirectoryPrincipalResolver*] -
> 
>
>
> *CAS-5.2.2 Logs*
>
> 2018-02-15 18:51:19,449 DEBUG [org.apereo.cas.authentication.handler.
> support.JaasAuthenticationHandler] -  [soumya_tripathy]> [LdapLoginModule] authentication-first mode; SSL
> disabled [LdapLoginModule] user provider: ldap://ad.xxx.com/DC=ad,DC=
> XXX,DC=com [LdapLoginModule] attempting to authenticate user:
> soumya_tripathy [LdapLoginModule] searching for entry belonging to user:
> soumya_tripathy [LdapLoginModule] found entry: CN=Soumya Ranjan
> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com
> [LdapLoginModule] authentication succeeded [LdapLoginModule] added
> LdapPrincipal "CN=Soumya Ranjan Tripathy,OU=GEN,OU=Users,OU=
> XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com" to Subject [LdapLoginModule] added
> UserPrincipal "soumya_tripathy" to Subject [LdapLoginModule] logged out
> Subject 2018-02-15 18:51:19,523 DEBUG [org.apereo.cas.authentication.
> *PolicyBasedAuthenticationManager*] -  [JaasAuthenticationHandler] successfully authenticated [soumya_tripathy]>
> 2018-02-15 18:51:19,524 DEBUG [org.apereo.cas.authentication.principal.
> resolvers.*ChainingPrincipalResolver*] -  [org.apereo.cas.authentication.principal.resolvers.
> EchoingPrincipalResolver@6920d398[]]> 2018-02-15 18:51:19,525 DEBUG
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver]
> -  XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]> 2018-02-15 18:51:19,527 DEBUG
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver]
> -  Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]>
> 2018-02-15 18:51:19,528 DEBUG [org.apereo.cas.authentication.
> PolicyBasedAuthenticationManager] - <[org.apereo.cas.
> authentication.principal.resolvers.ChainingPrincipalResolver@
> 1a6ac3e7[chain=[org.apereo.cas.authentication.principal.resolvers.
> EchoingPrincipalResolver@6920d398[ resolved [CN=CN=Soumya Ranjan
> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com] from
> [soumya_tripathy]> 2018-02-15 18:51:19,529 DEBUG [org.apereo.cas.
> authentication.PolicyBasedAuthenticationManager] -  resolved for this authentication event is [CN=CN=Soumya Ranjan
> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]>
>
>
>
>
> What I observe earlier version(5.1.0) CAS was delegating the request to 
> *PersonDirectoryPrincipalResolver
> *but now with 5.2.2 version it is delegating to 
> *PolicyBasedAuthenticationManager
> *and *ChainingPrincipalResolver.*
>
>
> *HTTPSandIMAPS-1001.json:*
>
> {
>
>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>
>   "serviceId": "^(http|https|imaps)://.*",
>
>   "name": "HTTPS and IMAPS",
>
>   "id": 1001,
>
>   "description": "This service definition authorizes all application urls
> that support HTTPS and IMAPS protocols.",
>
>   "proxyPolicy":
>
>   {
>
> "@class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
>
>   },
>
>   "evaluationOrder": 1,
>
>   "usernameAttributeProvider":

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

[Man H]

Indeed!!

El sábado, 10 de febrero de 2018, Dmitriy Kopylenko <dkopyle...@unicon.net>
escribió:

> Thanks for confirming. Sounds like a bug to me.
>
> D.
>
>
>
>
> On Sat, Feb 10, 2018 at 12:01 PM -0500, "Brian Davidson" <
> awk.br...@gmail.com> wrote:
>
> I have tried that.  Duo works when I disable the bypass facility.  When I
>> enable it, if bypass script returns false, single factor works and I don’t
>> get a 500 error. If the groovy script returns true, I get the 500 error.
>>
>> So, the Duo integration is working.  The bypass groovy script definitely
>> is getting called, and it definitely should return a boolean, not a string.
>>
>> 2018-02-09 15:04:55,638 DEBUG 
>> [org.springframework.webflow.engine.impl.FlowExecutionImpl]
>> - > [org.springframework.webflow.execution.FlowExecutionException:
>> Exception thrown in state 'viewLoginFormDuo' of flow 'mfa-duo'] with root
>> cause [java.io.NotSerializableException: org.springframework.core.io.
>> UrlResource]>
>>
>> Seems like Spring web flow with the duo flow is not happy with something
>> when the bypass script is in place, but it’s fine when bypass isn’t in
>> place.
>>
>> Thanks!
>>
>> Brian
>>
>> On Feb 10, 2018, at 11:38 AM, Dmitriy Kopylenko <dkopyle...@unicon.net>
>> wrote:
>>
>> Let me suggest to get the Groovy script out of equation completely.
>> Switch this groovy bypass off, and try to perform entire duo 2 factor
>> authentication transaction. If it completes successfully and then you again
>> enable groovy bypass and then after it you get the failures that you are
>> seeing, then the problem indeed is somewhere in that bypass facility.
>>
>> Cheers,
>> D.
>>
>>
>>
>>
>> On Sat, Feb 10, 2018 at 11:29 AM -0500, "Brian Davidson" <
>> awk.br...@gmail.com> wrote:
>>
>> Switching the function to return a String instead of a boolean, I get:
>>>
>>> 2018-02-10 11:25:06,033 ERROR [org.apereo.cas.util.ScriptingUtils] -
>>> >> class java.lang.Boolean>
>>> java.lang.ClassCastException: Result [mfa-duo is of type class
>>> java.lang.String when we were expecting class java.lang.Boolean
>>>
>>> …
>>>
>>> 2018-02-10 11:25:06,952 ERROR [org.apereo.cas.authentication.
>>> GroovyMultifactorAuthenticationProviderBypass] - 
>>> java.lang.NullPointerException: null
>>> at org.apereo.cas.authentication.GroovyMultifactorAuthenticatio
>>> nProviderBypass.shouldMultifactorAuthenticationProviderExecute(
>>> GroovyMultifactorAuthenticationProviderBypass.java:40)
>>> ~[cas-server-core-authentication-mfa-5.2.2-SNAPSHOT.jar:5.2.2-SNAPSHOT]
>>>
>>> …
>>>
>>>
>>>
>>>
>>>
>>> On Feb 10, 2018, at 10:14 AM, Man H <info.ings...@gmail.com> wrote:
>>>
>>> Try returning string "mfa-duo" or null
>>>
>>> El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
>>> escribió:
>>>
>>>> I changed it from info to warn:
>>>>
>>>> 2018-02-10 08:54:07,061 WARN [org.apereo.cas.authentication
>>>> .GroovyMultifactorAuthenticationProviderBypass] - >>> principal attributes [businessCategory:[Employee, Staff], cn:Brian
>>>> Davidson, ctCalDefaultNoteReminder:0:0, ctCalDefaultReminder:0:10,
>>>> ctCalDefaultTaskReminder:0:0, ctCalDisplayPrefs:4:480:1080:1:30:190:2,
>>>> ctCalLanguageId:0, ctCalNotifMechanism:1, ctCalOperatingPrefs:0:255:0:0:
>>>> 0:0:0:1440:0:1440:0:0:1440:0:1440:0:0:1440:0:1440:0:0:1440:0
>>>> :1440:0:0:1440:0:1440:0:0:1440:0:1440:0:0:1440:0:1440,
>>>> ctCalPasswordRequired:1, ctCalPublishedType:0, ctCalRefreshPrefs:1:60,
>>>> ctCalSMSTimeRange:0:0, ctCalSysopCanWritePassword:0, ctCalTimezone:0,
>>>> ctCalXItemId:10101:02238, eduPersonAffiliation:[member, staff], gecos:Brian
>>>> Davidson, gidNumber:5137, givenName:Brian, gmuBannerGUID:REDACTED,
>>>> gmuemployeestatus:C, gmugnumber:REDACTED, gmuMLPwdChanged:20170127190453Z,
>>>> gmurup:true, gmusecurityquiz:1487691778, homeDirectory:REDACTED,
>>>> iplanet-am-modifiable-by:cn=Top-level Admin Role,o=gmu.edu,
>>>> l:opted-in-201103021755, loginShell:/bin/bash, mail:REDACTED,
>>>> mailAllowedServiceAccess:-imap,pop,http,smtp:*,
>>>> mailAlternateAddress:REDACTED, mailDeliveryOption:mailbox, mailHost:
>>>> gmuedu.onmicrosoft.com, mailQuota:1048576000,
>>

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

[Man H]

Try returning string "mfa-duo" or null

El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
escribió:

> I changed it from info to warn:
>
> 2018-02-10 08:54:07,061 WARN [org.apereo.cas.authentication.
> GroovyMultifactorAuthenticationProviderBypass] -  attributes [businessCategory:[Employee, Staff], cn:Brian Davidson,
> ctCalDefaultNoteReminder:0:0, ctCalDefaultReminder:0:10,
> ctCalDefaultTaskReminder:0:0, ctCalDisplayPrefs:4:480:1080:1:30:190:2,
> ctCalLanguageId:0, ctCalNotifMechanism:1, ctCalOperatingPrefs:0:255:0:0:
> 0:0:0:1440:0:1440:0:0:1440:0:1440:0:0:1440:0:1440:0:0:1440:
> 0:1440:0:0:1440:0:1440:0:0:1440:0:1440:0:0:1440:0:1440,
> ctCalPasswordRequired:1, ctCalPublishedType:0, ctCalRefreshPrefs:1:60,
> ctCalSMSTimeRange:0:0, ctCalSysopCanWritePassword:0, ctCalTimezone:0,
> ctCalXItemId:10101:02238, eduPersonAffiliation:[member, staff], gecos:Brian
> Davidson, gidNumber:5137, givenName:Brian, gmuBannerGUID:REDACTED,
> gmuemployeestatus:C, gmugnumber:REDACTED, gmuMLPwdChanged:20170127190453Z,
> gmurup:true, gmusecurityquiz:1487691778, homeDirectory:REDACTED,
> iplanet-am-modifiable-by:cn=Top-level Admin Role,o=gmu.edu,
> l:opted-in-201103021755, loginShell:/bin/bash, mail:REDACTED,
> mailAllowedServiceAccess:-imap,pop,http,smtp:*,
> mailAlternateAddress:REDACTED, mailDeliveryOption:mailbox, mailHost:
> gmuedu.onmicrosoft.com, mailQuota:1048576000,
> mailRoutingAddress:REDACTED, nsmsgDisallowAccess:imap pop http smtp,
> nswmExtendedUserPrefs:[meTrashFolder=Trash, meSentFolder=Sent,
> meDraftFolder=Drafts, meInitialized=true], objectClass:[posixAccount,
> sunUCPreferences, mailrecipient, iplanetPreferences,
> inetLocalMailRecipient, iplanet-am-managed-person, inetOrgPerson,
> inetAdmin, ctCalUser, inetMailUser, iplanet-am-user-service, gmuPerson,
> shadowAccount, userPresenceProfile, inetUser, top, person,
> organizationalPerson, ipuser, eduPerson, account], ou=people,o=gmu.edu,o=pab,
> sn:Davidson, uid:REDACTED, uidNumber:888, userPassword:REDACTED]>
>
> On Feb 10, 2018, at 8:43 AM, Man H <info.ings...@gmail.com> wrote:
>
> Could you try this
>
> def boolean run(final Object... args){
> def authentication = args[0]
> def principal = args[1]
> def service = args[2]
> def provider = args[3]
> def logger = args[4]
> def httpRequest = args[5]
>
> logger.info("Evaluating principal attributes ${principal.attributes}")
>
> return true
> }
>
>
> El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
> escribió:
>
>> Removed that dependency and still git the same 500 error and same stack
>> trace.
>>
>> On Feb 10, 2018, at 7:20 AM, Man H <info.ings...@gmail.com> wrote:
>>
>> Why you hace this
>>
>>
>>   
>> javax.servlet
>> servlet-api
>> 2.5
>> jar
>> 
>>
>>
>> El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
>> escribió:
>>
>>> Running on apache-tomcat-8.5.24, so that should be servlet v3.1.x.
>>>
>>> Yes, this is CAS version 5.2.2.
>>>
>>> CAS w/ Duo works with no bypass groovy script in place.  CAS  works with
>>> bypass groovy script that returns false.  We’re just getting the exception
>>> when the groovy script returns true.
>>>
>>> Thanks again for all the help!
>>>
>>>
>>>
>>>
>>> External
>>>
>>> A CAS deployment may be deployed to any number of external servlet
>>> containers. The container MUST support the servlet specification v3.1.x at
>>> a minimum.
>>>
>>> On Feb 10, 2018, at 6:37 AM, Man H <info.ings...@gmail.com> wrote:
>>>
>>> Assuming you are on 5.2.2
>>>
>>> El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
>>> escribió:
>>>
>>>> I meant to add, our pom.xml has the following dependencies (in case
>>>> we’re missing something):
>>>>
>>>> 
>>>> 
>>>> org.apereo.cas
>>>> cas-server-webapp-${app.server}
>>>> ${cas.version}
>>>> war
>>>> runtime
>>>> 
>>>> 
>>>> org.apereo.cas
>>>> cas-server-support-ldap
>>>> ${cas.version}
>>>> 
>>>> 
>>>> org.apereo.cas
>>>> cas-server-s

Re: [cas-user] CAS 5.2.3 "500:Internal Server Error" with Groovy

[Man H]

Or this


def boolean run(final Object... args){
logger.info("Evaluating principal")
return true
}

El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
escribió:

> Removed that dependency and still git the same 500 error and same stack
> trace.
>
> On Feb 10, 2018, at 7:20 AM, Man H <info.ings...@gmail.com> wrote:
>
> Why you hace this
>
>
>   
> javax.servlet
> servlet-api
> 2.5
> jar
> 
>
>
> El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
> escribió:
>
>> Running on apache-tomcat-8.5.24, so that should be servlet v3.1.x.
>>
>> Yes, this is CAS version 5.2.2.
>>
>> CAS w/ Duo works with no bypass groovy script in place.  CAS  works with
>> bypass groovy script that returns false.  We’re just getting the exception
>> when the groovy script returns true.
>>
>> Thanks again for all the help!
>>
>>
>>
>>
>> External
>>
>> A CAS deployment may be deployed to any number of external servlet
>> containers. The container MUST support the servlet specification v3.1.x at
>> a minimum.
>>
>> On Feb 10, 2018, at 6:37 AM, Man H <info.ings...@gmail.com> wrote:
>>
>> Assuming you are on 5.2.2
>>
>> El sábado, 10 de febrero de 2018, Brian Davidson <awk.br...@gmail.com>
>> escribió:
>>
>>> I meant to add, our pom.xml has the following dependencies (in case
>>> we’re missing something):
>>>
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-webapp-${app.server}
>>> ${cas.version}
>>> war
>>> runtime
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-ldap
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-saml
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-hazelcast-ticket-registry>> tifactId>
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-duo
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-json-service-registry>> ctId>
>>> ${cas.version}
>>> 
>>> 
>>> org.javassist
>>> javassist
>>> 3.17.1-GA
>>> 
>>> 
>>> javax.servlet
>>> servlet-api
>>> 2.5
>>> jar
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-core-webflow
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-core-web
>>> ${cas.version}
>>> jar
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-core-configuration
>>> ${cas.version}
>>> jar
>>> 
>>> 
>>> org.apereo.cas
>>>cas-server-core-authentication
>>>${cas.version}
>>> 
>>> 
>>>
>>>
>>> On Feb 9, 2018, at 5:19 PM, Man H <info.ings...@gmail.com> wrote:
>>>
>>>
>>> add
>>> 
>>>  org.apereo.cas
>>>  cas-server-core-authentication
>>>  ${cas.version}
>>> 
>>>
>>> with:
>>>
>>> cas.authn.mfa.duo[0].bypass.type=GROOVY
>>> cas.authn.mfa.duo[0].bypass.groovy.location=file:/etc/cas/co
>>> nfig/mfaGroovyTrigger.groovy
>>>
>>> you should get
>>>
>>> 2018-02-09 19:10:39,145 DEBUG [org.apereo.cas.authentication
>>> .GroovyMultifactorAuthenticationProviderBypass] - >> multifactor authentication bypass properties for principal [casuser],
>>> service [null] and provider [DefaultDuoMultifactorAuthenticationProvider]
>>> via Groovy script [URL [file:/etc/cas/config/mfaGroovyTrigger.groovy]]>
>>>
>>>
>>>
>