Re: [cas-user] Service Registry - Store in MySQL database

2020-03-24 Thread Michele Melluso 
Hi Bob,

I'm glad to hear it. I will try to see if it deserves a PR at least to 
start a discussion about it.

Regards
Michele

On Tuesday, March 24, 2020 at 4:02:15 PM UTC+1, Bob wrote:
>
> Hello Michele,
>
> Finally managed to get it working by commenting out the code you 
> mentioned. Now it does read the JSON files and store it in MySQL database.
> I exported the database records as a SQL script and then reinstated the 
> code so it should be good to go.
> Thank you very much again!
> Regards,
>
> Bob
>
>
> On Saturday, March 14, 2020 at 12:20:46 AM UTC+1, Michele Melluso wrote:
>>
>> Hi Bob,
>>
>> I had a similar regression from 6.0 to 6.1. The problem is that 
>> EmbeddedResourceBasedServiceRegistry is registered in the registries chain.
>>
>> So, when the ServiceRegistryInitializer.java checks at row 66 if the json 
>> service exists already, it is found from 
>> EmbeddedResourceBasedServiceRegistry and then it is not added to 
>> JpaTicketRegistry.
>>
>> I solved somehow by avoiding the 
>> "embeddedJsonServiceRegistryExecutionPlanConfigurer" bean, just commenting 
>> it away in CasServiceRegistryInitializationConfiguration.java
>>
>> // @Bean
>> // @ConditionalOnMissingBean(name = 
>> "embeddedJsonServiceRegistryExecutionPlanConfigurer")
>> // public ServiceRegistryExecutionPlanConfigurer 
>> embeddedJsonServiceRegistryExecutionPlanConfigurer() {
>> // return plan -> 
>> plan.registerServiceRegistry(embeddedJsonServiceRegistry());
>> // }
>>
>> I don't know if there will be any collateral problems, by the way now 
>> json services are correctly copied on JpaTicketRegistry.
>> Wouldn't know how to fix it in a clean way as to make a pr.
>>
>> Hope it helps
>> Regards
>> Michele
>>
>>
>> On Thursday, January 30, 2020 at 1:00:47 PM UTC+1, Bob wrote:
>>>
>>> Thanks Misagh and Ray,
>>>
>>> I cloned the cas-overlay-template in a new location and used the 
>>> settings Misagh suggested but I still have the same problem that my casdb 
>>> still has an empty regex_registered_service table.
>>> Here's what I'm using:
>>>
>>> Here's what I'm using:
>>>
>>> CAS Version: 6.1.0
>>> CAS Branch: 6.1.x
>>> CAS Commit Id: c92590730249df0cf26fd1b4bebd8aea8447b256
>>> CAS Build Date/Time: 2019-10-28T02:43:18Z
>>> Spring Boot Version: 2.2.0.RELEASE
>>> Spring Version: 5.2.0.RELEASE
>>> Java Home: C:\Programs\Java\amazon-corretto\jdk11.0.3_7
>>> Java Vendor: Amazon.com Inc.
>>> Java Version: 11.0.3
>>>
>>>
>>> My dependencies in build.gradle:
>>>
>>> dependencies {
>>> // Other CAS dependencies/modules may be listed here...
>>> compile 
>>> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>>> compile 
>>> "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
>>> compile 
>>> "org.apereo.cas:cas-server-support-jpa-service-registry:${project.'cas.version'}"
>>> }
>>>
>>>
>>> My minimum cas.propertie (I omitted the LDAP part since that's working 
>>> fine):
>>>
>>> cas.server.name: https://localhost:8443
>>> cas.server.prefix: ${cas.server.name}/cas
>>>
>>> logging.config: file:/etc/cas/config/log4j2.xml
>>>
>>> server.ssl.key-store=file:/etc/cas/keystore.jks
>>> server.ssl.key-store-password=
>>> server.ssl.key-password=xxx
>>>
>>> cas.serviceRegistry.initFromJson=true
>>> cas.serviceRegistry.json.location=file:/etc/cas/config/services
>>>
>>> cas.serviceRegistry.jpa.user=xx
>>> cas.serviceRegistry.jpa.password=xxx
>>> cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver
>>>
>>> cas.serviceRegistry.jpa.url=jdbc:mysql://localhost:3306/casdb?allowPublicKeyRetrieval=true=UTF-8=FALSE
>>>
>>> cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL57InnoDBDialect
>>> cas.serviceRegistry.jpa.ddlAuto=update
>>>
>>>
>>> When I run CAS 6.1.0 I see: 
>>>
>>> [org.apereo.cas.services.AbstractServicesManager] - >> service(s) from [EmbeddedResourceBasedServiceRegistry,JpaServiceRegistry].>
>>>
>>>
>>> I can then use CAS to login to my application, but it does not insert 
>>> any Service Registry into the MySQL casdb.
>>> Do you see anything wrong

[cas-user] Re: CAS + Google authentication - after server restart again ask to scan the bar code

2020-03-17 Thread Michele Melluso 
Hi Sk,

i think I had your same problem and I solved this way:

https://groups.google.com/a/apereo.org/forum/?utm_medium=email_source=footer#!topic/cas-user/i_ImAVPB6jE

regards
Michele

On Tuesday, March 17, 2020 at 11:00:45 AM UTC+1, SK wrote:
>
> Using CAS + Google Authenticator + Mysql (JPA)
>
> Able to register and verify users successfully. But once restart the cas 
> server, again ask to scan the bar code ?
> How can I avoid this.
>
> CAS properties
> # Activate MFA globally for all, regardless of other settings
> cas.authn.mfa.globalProviderId=mfa-gauth
>
> cas.authn.mfa.gauth.issuer=CAS
> cas.authn.mfa.gauth.label=CAS
> cas.authn.mfa.gauth.windowSize=3
> cas.authn.mfa.gauth.codeDigits=6
> cas.authn.mfa.gauth.timeStepSize=30
> cas.authn.mfa.gauth.rank=0
> cas.authn.mfa.gauth.trustedDeviceEnabled=false
> cas.authn.mfa.gauth.name=
>
> #cas.authn.mfa.gauth.cleaner.enabled=true
> #cas.authn.mfa.gauth.cleaner.schedule.startDelay=2
> #cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=6
>
> cas.authn.mfa.gauth.bypass.type=DEFAULT
> cas.authn.mfa.gauth.bypass.principalAttributeName=data_
> cas.authn.mfa.gauth.bypass.principalAttributeValue=false
>
>
> cas.authn.mfa.gauth.jpa.user=root
> cas.authn.mfa.gauth.jpa.password=root
> cas.authn.mfa.gauth.jpa.driverClass=com.mysql.jdbc.Driver
>
> cas.authn.mfa.gauth.jpa.url=jdbc:mysql://localhost:3306/lportal?useSSL=false
> cas.authn.mfa.gauth.jpa.dialect=org.hibernate.dialect.MySQLDialect
> cas.authn.mfa.gauth.jpa.failFastTimeout=1
> cas.authn.mfa.gauth.jpa.healthQuery=
> cas.authn.mfa.gauth.jpa.isolateInternalQueries=false
> cas.authn.mfa.gauth.jpa.leakThreshold=10
> cas.authn.mfa.gauth.jpa.batchSize=1
> cas.authn.mfa.gauth.jpa.ddl-auto=none
>
> cas.authn.mfa.gauth.jpa.autocommit=false
> cas.authn.mfa.gauth.jpa.idleTimeout=5000
> cas.authn.mfa.gauth.jpa.pool.suspension=false
> cas.authn.mfa.gauth.jpa.pool.minSize=6
> cas.authn.mfa.gauth.jpa.pool.maxSize=18
> cas.authn.mfa.gauth.jpa.pool.maxWait=2000
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e32885f8-fc98-43c5-a9e3-53e46ad159d8%40apereo.org.

Re: [cas-user] Service Registry - Store in MySQL database

2020-03-13 Thread Michele Melluso 
Hi Bob,

I had a similar regression from 6.0 to 6.1. The problem is that 
EmbeddedResourceBasedServiceRegistry is registered in the registries chain.

So, when the ServiceRegistryInitializer.java checks at row 66 if the json 
service exists already, it is found from 
EmbeddedResourceBasedServiceRegistry and then it is not added to 
JpaTicketRegistry.

I solved somehow by avoiding the 
"embeddedJsonServiceRegistryExecutionPlanConfigurer" bean, just commenting 
it away in CasServiceRegistryInitializationConfiguration.java

// @Bean
// @ConditionalOnMissingBean(name = 
"embeddedJsonServiceRegistryExecutionPlanConfigurer")
// public ServiceRegistryExecutionPlanConfigurer 
embeddedJsonServiceRegistryExecutionPlanConfigurer() {
// return plan -> 
plan.registerServiceRegistry(embeddedJsonServiceRegistry());
// }

I don't know if there will be any collateral problems, by the way now json 
services are correctly copied on JpaTicketRegistry.
Wouldn't know how to fix it in a clean way as to make a pr.

Hope it helps
Regards
Michele


On Thursday, January 30, 2020 at 1:00:47 PM UTC+1, Bob wrote:
>
> Thanks Misagh and Ray,
>
> I cloned the cas-overlay-template in a new location and used the settings 
> Misagh suggested but I still have the same problem that my casdb still has 
> an empty regex_registered_service table.
> Here's what I'm using:
>
> Here's what I'm using:
>
> CAS Version: 6.1.0
> CAS Branch: 6.1.x
> CAS Commit Id: c92590730249df0cf26fd1b4bebd8aea8447b256
> CAS Build Date/Time: 2019-10-28T02:43:18Z
> Spring Boot Version: 2.2.0.RELEASE
> Spring Version: 5.2.0.RELEASE
> Java Home: C:\Programs\Java\amazon-corretto\jdk11.0.3_7
> Java Vendor: Amazon.com Inc.
> Java Version: 11.0.3
>
>
> My dependencies in build.gradle:
>
> dependencies {
> // Other CAS dependencies/modules may be listed here...
> compile 
> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
> compile 
> "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
> compile 
> "org.apereo.cas:cas-server-support-jpa-service-registry:${project.'cas.version'}"
> }
>
>
> My minimum cas.propertie (I omitted the LDAP part since that's working 
> fine):
>
> cas.server.name: https://localhost:8443
> cas.server.prefix: ${cas.server.name}/cas
>
> logging.config: file:/etc/cas/config/log4j2.xml
>
> server.ssl.key-store=file:/etc/cas/keystore.jks
> server.ssl.key-store-password=
> server.ssl.key-password=xxx
>
> cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.json.location=file:/etc/cas/config/services
>
> cas.serviceRegistry.jpa.user=xx
> cas.serviceRegistry.jpa.password=xxx
> cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver
>
> cas.serviceRegistry.jpa.url=jdbc:mysql://localhost:3306/casdb?allowPublicKeyRetrieval=true=UTF-8=FALSE
> cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL57InnoDBDialect
> cas.serviceRegistry.jpa.ddlAuto=update
>
>
> When I run CAS 6.1.0 I see: 
>
> [org.apereo.cas.services.AbstractServicesManager] -  from [EmbeddedResourceBasedServiceRegistry,JpaServiceRegistry].>
>
>
> I can then use CAS to login to my application, but it does not insert any 
> Service Registry into the MySQL casdb.
> Do you see anything wrong in my setup?
> Thanks,
>
> Bob
>
> On Wednesday, January 29, 2020 at 11:21:24 AM UTC+1, Misagh Moayyed wrote:
>>
>>
>> Something along the following lines should work:
>>
>> cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.json.location=file:/etc/cas/config/services
>>
>> - Then, make sure your JSON files are in the above noted directory.
>> - Then, make sure your overlay contains a reference to the JPA service 
>> registry
>>
>> (You do not need to include the JSON service registry, IIRC, in the 
>> overlay)
>>
>> Then, on startup, CAS will import your JSON files from that directory 
>> over to the real (JPA) service registry.
>>
>> YMMV.
>>
>>
>> On Wednesday, January 29, 2020 at 12:56:11 AM UTC+4, rbon wrote:
>>>
>>> Bob,
>>>
>>> We are using the 5.1.5 version of cas management. You only need to 
>>> upgrade it if you want newer features, etc.
>>> I also have grumblings about the 6.x version. I put off upgrading cas 
>>> management until it settles. 
>>>
>>> Ray
>>>
>>> On Tue, 2020-01-28 at 12:34 -0800, Bob wrote:
>>>
>>> Hi Ray,
>>>
>>> No, I'm currently just using the cas overlay (6.1.x).
>>> I did try to get cas management working but had some issue with a 
>>> pre-defined service registry in some kind of git repo.
>>> Whenever I tried to enter a service via cas management, there was no 
>>> option to save it to my database. All it ever did was show this 1 entry 
>>> from a git repo.
>>> SInce I did get it working (reading my json file and store it in MySQL 
>>> database) without cas management for version 5.3.9, I assumed it would work 
>>> for version 6 as well.
>>> Do you think cas management is the only way to get it stored in the 
>>> database? I might have another look at it then.
>>> Thanks,

Re: [cas-user] [Cas 6.0 6.1] Trusted devices and gauth account are forgotten on cas reboot

2020-03-12 Thread Michele Melluso 
I found it out.

Cas was generating encription keys every boot asking for me to set it in 
cas.conf.
At the next reboot the key was different so Cas was unable to decript the 
previously stored infos.

Thanks a lot
Michele 

On Thursday, March 12, 2020 at 5:54:55 PM UTC+1, Michele Melluso wrote:
>
> Hi,
> thank you for the reply.
>
> I'm storing session on MariaDB 
> https://apereo.github.io/cas/6.1.x/ticketing/JPA-Ticket-Registry.html
>
> So far it seemed to be working fine, since if i reboot Cas, sso session 
> are mantained and no new login is required.
> I also checked the TICKETGRANTINGTICKET table, and TGT are still there.
>
> meanwhile i keep debugging :)
> thank you again for your time
> Michele
>
> On Thursday, March 12, 2020 at 5:43:41 PM UTC+1, rbon wrote:
>>
>> Michele,
>>
>> Rebooting may remove cas sessions (Ticket Granting Ticket).
>> How are you storing login sessions, (
>> https://apereo.github.io/cas/6.1.x/ticketing/Configuring-Ticketing-Components.html
>> )?
>>
>> Ray
>>
>> On Thu, 2020-03-12 at 05:40 -0700, Michele Melluso wrote:
>>
>> Notice: This message was sent from outside the University of Victoria 
>> email system. Please be cautious with links and sensitive information. 
>>
>> Hi all,  
>> I'm having a problem with mfa persistence both in cas 6.0 and 6.1. 
>> I configured jpa persistence (and also tried json persistence) for 
>> trusted devices and gauth accounts. I can see that the informations are 
>> stored correctly on my dbms (also on json files). 
>>
>> The problem is when i reboot CAS, the informations are ignored and mfa is 
>> triggered again. Even worst Cas will ask again a user to register gauth. 
>> Any idea about this ?
>>
>> thanks
>> Michele
>>
>> -- 
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | rb...@uvic.ca
>>
>> I respectfully acknowledge that my place of work is located within the 
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
>> WSÁNEĆ Nations.
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/625e7a81-b86a-499a-bd89-5bc650f5cf34%40apereo.org.

Re: [cas-user] [Cas 6.0 6.1] Trusted devices and gauth account are forgotten on cas reboot

2020-03-12 Thread Michele Melluso 
Hi,
thank you for the reply.

I'm storing session on MariaDB 
https://apereo.github.io/cas/6.1.x/ticketing/JPA-Ticket-Registry.html

So far it seemed to be working fine, since if i reboot Cas, sso session are 
mantained and no new login is required.
I also checked the TICKETGRANTINGTICKET table, and TGT are still there.

meanwhile i keep debugging :)
thank you again for your time
Michele

On Thursday, March 12, 2020 at 5:43:41 PM UTC+1, rbon wrote:
>
> Michele,
>
> Rebooting may remove cas sessions (Ticket Granting Ticket).
> How are you storing login sessions, (
> https://apereo.github.io/cas/6.1.x/ticketing/Configuring-Ticketing-Components.html
> )?
>
> Ray
>
> On Thu, 2020-03-12 at 05:40 -0700, Michele Melluso wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
> Hi all,  
> I'm having a problem with mfa persistence both in cas 6.0 and 6.1. 
> I configured jpa persistence (and also tried json persistence) for trusted 
> devices and gauth accounts. I can see that the informations are stored 
> correctly on my dbms (also on json files). 
>
> The problem is when i reboot CAS, the informations are ignored and mfa is 
> triggered again. Even worst Cas will ask again a user to register gauth. 
> Any idea about this ?
>
> thanks
> Michele
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca 
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/855d10c4-f551-4ea3-9697-34de90fac9a6%40apereo.org.

[cas-user] [Cas 6.0 6.1] Trusted devices and gauth account are forgotten on cas reboot

2020-03-12 Thread Michele Melluso 
Hi all, 
I'm having a problem with mfa persistence both in cas 6.0 and 6.1. 
I configured jpa persistence (and also tried json persistence) for trusted 
devices and gauth accounts. I can see that the informations are stored 
correctly on my dbms (also on json files). 

The problem is when i reboot CAS, the informations are ignored and mfa is 
triggered again. Even worst Cas will ask again a user to register gauth. 
Any idea about this ?

thanks
Michele

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e81744a1-de89-4889-84aa-82436fcfffd5%40apereo.org.

[cas-user] [Cas 6.0.7] Surrogate authentication not working through REST

2019-12-16 Thread Michele Melluso 
Hi,

I'm using CAS to authenticate both with web interface and rest calls.

While trying to configure Surrogate authentication, it works with web 
interface but it doesn't with rest.

e.g.
  
  curl -k -X POST \
  https://local.host.it:8444/cas/v1/tickets/ \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'cache-control: no-cache' \
  -d 'token=true=myuser=mypwd'

it works



while

  
  curl -k -X POST \
  https://local.host.it:8444/cas/v1/tickets/ \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'cache-control: no-cache' \
  -d 'token=true=myuser+myprincipal=myprincipalpwd'

returns 401 (even with url-encoded parameters) with the following log:

2019-12-16 14:34:03,861 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 

2019-12-16 14:34:03,862 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[QueryDatabaseAuthenticationHandler] exception details: 
[myuser+myprincipal not found with SQL query].>
2019-12-16 14:34:03,862 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5caedd89-5d5d-4973-aae0-131a53af2817%40apereo.org.

[cas-user] Re: [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

2019-12-09 Thread Michele Melluso 
Hi Andy,

I did setup my environment as yours and I also receive the surrogate user 
attributes.

My problem is about these ones:
https://apereo.github.io/cas/6.0.x/installation/Surrogate-Authentication.html#surrogate-attributes

In both methods I correctly receive surrogate user attributes,
but only in preselection mode i receive surrogate principal ones.

I tried with you suggested json conf both in cas 6.0 and 6.2 versions.

Thanks again
Michele

On Friday, December 6, 2019 at 3:03:45 PM UTC+1, Andy Ng wrote:
>
> Hi Michele,
>
> I have setup a surrogate authentication demo in my testing docker 
> environment 
> ,
>  
> I tried both CAS version 6.0.7 and 6.1.2 and the surrogate attribute seems 
> to be working just fine.
>
> I don't want to setup the exact config as yours, since it might take some 
> time. Instead, I used the following setup :
> - Static Authentication
> - Json Attribute Storage
> - Json Surrogate Authentication mapping
> - PHPCas Client
>
> I got the following account setup:
> - Username: *surrogate-admin*, Attribute: name = Surrogate Admin
> - Username: *surrogate-user*, Attribute: name = Surrogate User
> - And *surrogate-admin* and *surrogate-user* is a surrogate relationship.
>
> *Result in the testing enviornment is that:*
> After login with *surrogate-user* using *surrogate-admin* credential, my 
> client shows the correct attributes (Surrogate User).
>
>
>
> Is the above something similar to what you want to archive? Or by 
> surrogate attribute you have different envision of how the attribute should 
> be retrieved?
>
> I will paste some of my config below so you can have a look if you like to:
>
> ---
> *cas.yml*
> cas.authn.accept.users: 
> surrogate-admin::Mellon,surrogate-user::Mellon,surrogate-user2::Mellon
>
> cas.authn.surrogate.json.location: 
> file://${RESOURCE_PATH}/${PROTOCOL_SURROGATE_AUTHENTICATION_PATH}/surrogate.json
> cas.authn.attributeRepository.json:
> - location: 
> file://${RESOURCE_PATH}/${PROTOCOL_SURROGATE_AUTHENTICATION_PATH}/surrogate-attributes.json
>
>
> *surrogate-attributes.json*
> {
> "surrogate-user": {
> "name":["Surrogate User"]
> },
> "surrogate-user2": {
> "name":["Surrogate User2"]
> },
> "surrogate-admin": {
> "name":["Surrogate Admin"]
> }
> }
>
> *surrogate.json*
> {
> "surrogate-admin": ["surrogate-user", "surrogate-user2"]
> }
>
>
> And I login using the following 2 methods:
> - GUI mode: `+surrogate-admin` as , `Mellon` as password. Then select 
> my surrogate target.
> - preselection mode: `surrogate-admin+surrogate-user` as username, 
> `Mellon` as password.
>
>
> See if the above helps...
>
>
> Cheers!
> - Andy
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/203cf25e-5fab-403b-8726-cebea84685db%40apereo.org.

[cas-user] [Cas 6.0.7] Surrogate attributes are lost when account is selected in GUI mode

2019-12-05 Thread Michele Melluso 
Hi all,

I'm trying to implement surrogate authentication on Cas 6.0.7 with account 
selection both preselected and gui mode.
I actually manage to authenticate in both modes, but qith gui account 
selection mode the surrogate attributes are lost.


With preselection mode (correct):

WHO: (Primary User: [[myoperator, myoperator]], Surrogate User: 
[[mycustomer, mycustomer]])
WHAT: TGT-2-*EtKSM5O9Bc-myhost-local
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Dec 05 15:44:18 CET 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1




With Gui mode (wrong):
=
WHO: myoperator
WHAT: Supplied credentials: 
[UsernamePasswordCredential(username=myoperator, source=null)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Dec 05 15:56:09 CET 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=

>
2019-12-05 15:56:26,724 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/df070006-4496-4ec3-b13d-0153a6ff28fc%40apereo.org.

Re: [cas-user] Re: JWT without encryption key

2019-05-21 Thread Michele Melluso 
Hi all,

I got a similar issue when I try to verify the jwt signature with several 
libreries including Node.js jsonwebtoken, since the library allows only 
base64url encoded tokens because of mentioned RFC7515.
With java-jwt library the token is correctly verified.

Debugging the code i found in cas version 6.0 EncodingUtils.java:362 the 
following code:

@SneakyThrows
361 public static byte[] signJws(final Key key, final byte[] value, 
final String algHeaderValue) {
362 val base64 = EncodingUtils.encodeBase64(value);
363 val jws = new JsonWebSignature();
364 jws.setEncodedPayload(base64);
365 jws.setAlgorithmHeaderValue(algHeaderValue);
366 jws.setKey(key);
367 jws.setHeader("typ", "JWT");
368 return 
jws.getCompactSerialization().getBytes(StandardCharsets.UTF_8);
369 }


could it be convenient to use the base64url encoder in the same class 
instead? I've been trying to inject the patch into my overlay environment 
without success because of my poor gradle skills.

best regards
Michele



On Monday, December 17, 2018 at 4:04:38 PM UTC+1, William E. wrote:
>
> I think the jwt as seen in the url as the value for the token parameter 
> has been rul'ized by converting some characters to their html entity 
> values.  If you look at the same jwt as seen in the cas logs you will find 
> it does not have the html characters, it's pure base64.  If I use that 
> value or convert the token value to non-url safe characters, it will 
> validate with jose.
>
> However, although I can validate in jose in java and python, I cannot in 
> another python jwt library. I've been in direct contact with that 
> maintainer and they tell me the jwt built by cas may not be following 
> spec.  That the signature is being built with the base64, not base64-url 
> encoding.  Jose validates because it doesn't verify payload first.  I'm not 
> sure where the issue is for certain as I am no jwt expert.  Perhaps one of 
> the cas developers can weigh in?
>
> From the jwcrypto library maintainer:
>
> RFC7515 point 2:
>
> Base64url Encoding
> Base64 encoding using the URL- and filename-safe character set
> defined in Section 5 of RFC 4648 [RFC4648], with all trailing '='
> characters omitted (as permitted by Section 3.2) and without the
> inclusion of any line breaks, whitespace, or other additional
> characters. Note that the base64url encoding of the empty octet
> sequence is the empty string. (See Appendix C for notes on
> implementing base64url encoding without padding.)
>
>
> -W
>
>
> On Monday, December 17, 2018 at 6:10:51 AM UTC-6, Devendra Sisodia wrote:
>>
>> I am observing that extra non base64 char are appended to payload. If i 
>> remove them then I am able to verify signature. Can someone suggest if this 
>> is CAS issue or issue in my configurations ?
>>
>>
>> JWT:eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpdmVyYXNlIiwiaXNGcm9tTmV3TG9naW4iOiJ0cnVlIiwiYXV0aGVudGljYXRpb25EYXRlIjoiMjAxOC0xMi0xN1QxMzowNTowOS43MzkrMDE6MDBbRXVyb3BlXC9CZXJsaW5dIiwicm9sZXMiOlsidXNlciIsImFjZV9vcGVyYXRvciIsIkFSQ0hJVkVfT1BFUkFUT1IiLCJQSEFTRTNfT1BFUkFUT1IiLCJHTkxUX1VTRVIiLCJDQVRBTE9HVUVfT1BFUkFUT1IiLCJhc21fdXNlciJdLCJzdWNjZXNzZnVsQXV0aGVudGljYXRpb25IYW5kbGVycyI6IkVTTyBBdXRoIEhhbmRsZXIiLCJpc3MiOiJodHRwczpcL1wvY2FzLmV4YW1wbGUub3JnOjg0NDNcL3NzbyIsImNyZWRlbnRpYWxUeXBlIjoiVXNlcm5hbWVQYXNzd29yZENyZWRlbnRpYWwiLCJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODg4OFwvYXBpIiwiaXNJbXBlcnNvbmF0aW5nIjoiZmFsc2UiLCJhdXRoZW50aWNhdGlvbk1ldGhvZCI6IkVTTyBBdXRoIEhhbmRsZXIiLCJsb25nVGVybUF1dGhlbnRpY2F0aW9uUmVxdWVzdFRva2VuVXNlZCI6ImZhbHNlIiwiZXhwIjoxNTQ1MDc3MTEwLCJpYXQiOjE1NDUwNDgzMTAsImp0aSI6IlNULTEtYUZwSnRnRXFXTHc3VUREVlN3VnB4SGZucDhnR0EwMjI1ODcifQ
>> %3D%3D
>> .WB71awCAFz2tsa1ZqoZnWacKKVAarjsylBuOvnetHf9CHsIFgYtg58-2hCbeJT-gMFlCzaolriDsks1bE_RIPw
>>
>> If I remove '%3D%3D' from JWT then verification succeeds. 
>>
>>
>>
>> On Sat, Dec 15, 2018 at 4:14 PM William E.  wrote:
>>
>>> I think you are seeing the discrepancy due to base64 vs. base64url 
>>> decoding.  I think the jwt spec. wants base64 url vs. plain base64.
>>>
>>> https://en.wikipedia.org/wiki/Base64#URL_applications
>>>
>>>
>>> On Friday, December 14, 2018 at 9:37:45 AM UTC-6, Devendra Sisodia wrote:

 While decoding JWT there is error "Bad Base64 input character decimal 
 37 in array position 806" Which means 37(%) is not allowed in encoded base 
 64 string in JWT.

 My JWT looks like below and yellow highlighted is the 806th element 
 that cannot be base 64 decode. 

 eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpdmVyYXNlINTg3In0%3D.
 UmNz8ikEOFYqPgHRmZb1SK6A1pRFu48fSfYTasMGYHKtg7V8JepAfwunXwFeHsx5JTi4yKBug1Tq9PqfdY93lA

 On Fri, Dec 14, 2018 at 2:11 PM Giuseppe Infurna  
 wrote:

>
> i'm using io.jsonwebtoken.jjwt library
>
> Jwts.parser().setSigningKey().parseClaimsJws();
>
>
>
> Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha 
> scritto:
>>
>> Hello,

[cas-user] Re: Send reset password email in html instead of plain text

2019-04-11 Thread Michele Melluso 
Just opened a new topic at CAS developer:

https://groups.google.com/a/apereo.org/forum/#!topic/cas-dev/hdEXtWk9yQg


On Thursday, April 11, 2019 at 12:03:34 PM UTC+2, Michele Melluso wrote:
>
>
> Hi,
>
> I made your same path in finding a solution.
>
> Our problem is that the reset link in plain text is misinterpreted by 
> apple mail client, and when users click the link, the token is truncated at 
> the first dot occurrence.
>
> @cas developers
> Would it be a possibility to add a property to be used to eventually add 
> the 'true' for html text? If so we could even submit a pull request about 
> it.
>
> best regards
> Michele
>
>  
>
>
>
> On Monday, March 26, 2018 at 5:59:16 PM UTC+2, Marc Maurice wrote:
>>
>> Hello all,
>>
>> We need to send the reset password email in html instead of plain text 
>> (marketing demands).
>>
>> Looking at the source code it seems simple. It's just a matter of adding 
>> a "true" parameter to tell spring that the email is in html :
>>
>>
>> https://github.com/apereo/cas/blob/5.2.x/core/cas-server-core-util/src/main/java/org/apereo/cas/util/io/CommunicationsManager.java#L102
>>
>> https://docs.spring.io/spring/docs/3.0.0.M3/reference/html/ch26s03.html
>>
>> Do you know any simple way to patch the cas server core using the overlay 
>> way ? Or do we have to compile the entire stack ?
>>
>> We really would like to keep the overlay system, in order to ease future 
>> updates.
>>
>> Thanks in advance,
>> Marc
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d572b27d-a360-4ba1-8785-37f61560f9c0%40apereo.org.

[cas-user] Re: Send reset password email in html instead of plain text

2019-04-11 Thread Michele Melluso 

Hi,

I made your same path in finding a solution.

Our problem is that the reset link in plain text is misinterpreted by apple 
mail client, and when users click the link, the token is truncated at the 
first dot occurrence.

@cas developers
Would it be a possibility to add a property to be used to eventually add 
the 'true' for html text? If so we could even submit a pull request about 
it.

best regards
Michele

 



On Monday, March 26, 2018 at 5:59:16 PM UTC+2, Marc Maurice wrote:
>
> Hello all,
>
> We need to send the reset password email in html instead of plain text 
> (marketing demands).
>
> Looking at the source code it seems simple. It's just a matter of adding a 
> "true" parameter to tell spring that the email is in html :
>
>
> https://github.com/apereo/cas/blob/5.2.x/core/cas-server-core-util/src/main/java/org/apereo/cas/util/io/CommunicationsManager.java#L102
>
> https://docs.spring.io/spring/docs/3.0.0.M3/reference/html/ch26s03.html
>
> Do you know any simple way to patch the cas server core using the overlay 
> way ? Or do we have to compile the entire stack ?
>
> We really would like to keep the overlay system, in order to ease future 
> updates.
>
> Thanks in advance,
> Marc
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/47369509-9b84-451a-b34b-005d342c554d%40apereo.org.

[cas-user] Re: CAS JWT Service ticket validation getting failed

2019-02-06 Thread Michele Melluso 
Hi,

cas is not supposed at all to internally validate the JWT, since it should 
be generated by cas only after the ST is internally validated, (as its 
shown on the documentation flow diagram).

When it happened to me, it was because i was using a cas client which was 
applying the cas protocol providing back the ticket argument to the 
validation endpoint of cas.
Could you check that you are not using any cas client and provide your app 
code that you are using to validate the jwt?

regards
Michele

On Monday, February 4, 2019 at 7:24:23 PM UTC+1, srmudigan wrote:
>
> Hi Michele,
>
> I have gone through the link. But before I implement reading the token on 
> client side, i need to disable the validation happening on cas side. Could 
> you help me how to disable the validation that's happening on cas as it's 
> doing JWTvalidation like ST ticket ? It looks like after JWT is generated, 
> it's getting validated on cas. The generated URL has 
> redirected=true=JWT-ticket. May be that's causing the automatic 
> validation ? It looks like the jwt ticket is not even reaching client. So 
> can you please suggest how to stop the validation ? 
>
> Thank you for your help.
>
> Regards,
> srmudiganti
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/adf9ce56-345e-4ec7-a03b-5747ed23fab2%40apereo.org.

[cas-user] Re: CAS JWT Service ticket validation getting failed

2019-01-31 Thread Michele Melluso 
Hi srmudiganti,

try to see if this helps:

https://groups.google.com/a/apereo.org/d/msg/cas-user/2kby6bDGnoQ/J-AmktLCFgAJ

regards
Michele


On Thursday, January 31, 2019 at 4:28:25 PM UTC+1, srmudigan wrote:
>
> Hi Michele,
>
> Thanks for your reply.I tried to authenticate CAS without client app and I 
> see it generated the jwt. I used the URL 
> https://localhost:8443/cas/login?service=https://www.example.org to 
> authenticate against cas. It generated the JWT ticket in the URL: 
> https://www.example.org/?ticket=eyJhbGciOiJIUzUxMiJ9.eyJjcmVkZW50aWFsVHlwZSI6IlVzZXJuYW1lUGFzc3dvcmRDcmVkZW50aWFsIiwiYXVkIjoiaHR0cHM6XC9cL3d3dy5leGFtcGxlLm9yZyIsInN1YiI6InNtdWRpZ2FuIiwiaXNGcm9tTmV3TG9naW4iOiJ0cnVlIiwiYXV0aGVudGljYXRpb25EYXRlIjoiMjAxOS0wMS0zMVQxMDoyMToyOS4wMjktMDU6MDBbQW1lcmljYVwvTmV3X1lvcmtdIiwiYXV0aGVudGljYXRpb25NZXRob2QiOiJBY2NlcHRVc2Vyc0F1dGhlbnRpY2F0aW9uSGFuZGxlciIsInN1Y2Nlc3NmdWxBdXRoZW50aWNhdGlvbkhhbmRsZXJzIjoiQWNjZXB0VXNlcnNBdXRoZW50aWNhdGlvbkhhbmRsZXIiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2NhcyIsImxvbmdUZXJtQXV0aGVudGljYXRpb25SZXF1ZXN0VG9rZW5Vc2VkIjoiZmFsc2UiLCJleHAiOjE1NDg5NzY4ODksImlhdCI6MTU0ODk0ODA4OSwianRpIjoiU1QtMS10VnNmZ0FPcjRIQkFNT3lTb0RlNThhV1pTR2ctTllDLTdMLTU1Nzg4MDAzIn0%3D.34JcJbiCipnTWNdKufWFeF1VwY77eYAPyqDh06MmqkQiOXYkzY9Iauo9BAy-aa2clwZLZYeSI2fMZgDjjm-_wA
>
> How do I turn off client app ? As I understand from your reply that 
> "validate the jwt as it was ST", it seems like it's happening same for me. 
> Can you please let me know how did you solved the issue ? When we use jwt, 
> whats the correct the way to use jwt ? I am using the service name in 
> service registry for which the jwt is getting generated, then jwt is 
> getting passed to the application URL in service registry with 
> redirect=true and ticket=generate-jwt but again it's getting validated 
> against cas and it's throwing service ticket does not exist. So my question 
> is where should we validate JWT ? on CAS server or client ? but it seems 
> the validation is automatically happening on cas server. Once jwt is 
> generated, why keep on getting ticket does not exist. 
>
> Thanks in advance.
>
> Regards,
> srmudiganti
>
> On Thursday, January 31, 2019 at 2:59:28 AM UTC-5, Michele Melluso wrote:
>>
>> Hi,
>>
>> that happened to me while i was attempting by mistake to validate the Jwt 
>> as if it was a ST.
>> Actually Jwt is not intended to be validated against CAS, because its 
>> authenticity is granted by its signature (
>> https://apereo.github.io/cas/6.0.x/installation/Configure-ServiceTicket-JWT.html
>> ).
>>
>> Could you try to authenticate over cas with your client app turned off 
>> and see if the Jwt is returned?
>>
>> cheers
>> Michele
>>
>>
>> On Wednesday, January 30, 2019 at 8:50:11 PM UTC+1, srmudigan wrote:
>>>
>>> Hi,
>>>
>>> I am using CAS overlay 5.2.x and I am trying to use JWT token for single 
>>> sign on. I configured the cas.properties with signing key and encryption 
>>> key. Also add the service json with keys. I see that JWT is getting 
>>> generated but seems like the validation is failing. I am new to the CAS, so 
>>> can any body please let me know how do we validate the JWT on CAS server. I 
>>> see the following audit trail:
>>>
>>> WHO: audit:unknown
>>> WHAT: [event=success,timestamp=Wed Jan 30 13:25:36 EST 
>>> 2019,source=RankedAuthenticationProviderWebflowEventResolver]
>>> ACTION: AUTHENTICATION_EVENT_TRIGGERED
>>> APPLICATION: CAS
>>> WHEN: Wed Jan 30 13:25:36 EST 2019
>>> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
>>> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>>>
>>> WHO: testuser
>>> WHAT: Supplied credentials: [testuser]
>>> ACTION: AUTHENTICATION_SUCCESS
>>> APPLICATION: CAS
>>> WHEN: Wed Jan 30 13:27:03 EST 2019
>>> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
>>> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>>>
>>> WHO: testuser
>>> WHAT: 
>>> TGT-1-*o9ZO9-5-lg-hostname
>>> ACTION: TICKET_GRANTING_TICKET_DESTROYED
>>> APPLICATION: CAS
>>> WHEN: Wed Jan 30 13:27:04 EST 2019
>>> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
>>> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>>>
>>> WHO: testuser
>>> WHAT: 
>>> TGT-1-*9AvnnUJ-eU-hostname
>>> ACTION: TICKET_GRANTING_TICKET_CREATED
>>> APPLICATION: CAS
>>> WHEN: Wed Jan 30 13:27:04 EST 2019
>>> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
>>> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>>>
>

[cas-user] Re: CAS JWT Service ticket validation getting failed

2019-01-30 Thread Michele Melluso 
Hi,

that happened to me while i was attempting by mistake to validate the Jwt 
as if it was a ST.
Actually Jwt is not intended to be validated against CAS, because its 
authenticity is granted by its signature 
(https://apereo.github.io/cas/6.0.x/installation/Configure-ServiceTicket-JWT.html).

Could you try to authenticate over cas with your client app turned off and 
see if the Jwt is returned?

cheers
Michele


On Wednesday, January 30, 2019 at 8:50:11 PM UTC+1, srmudigan wrote:
>
> Hi,
>
> I am using CAS overlay 5.2.x and I am trying to use JWT token for single 
> sign on. I configured the cas.properties with signing key and encryption 
> key. Also add the service json with keys. I see that JWT is getting 
> generated but seems like the validation is failing. I am new to the CAS, so 
> can any body please let me know how do we validate the JWT on CAS server. I 
> see the following audit trail:
>
> WHO: audit:unknown
> WHAT: [event=success,timestamp=Wed Jan 30 13:25:36 EST 
> 2019,source=RankedAuthenticationProviderWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Wed Jan 30 13:25:36 EST 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>
> WHO: testuser
> WHAT: Supplied credentials: [testuser]
> ACTION: AUTHENTICATION_SUCCESS
> APPLICATION: CAS
> WHEN: Wed Jan 30 13:27:03 EST 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>
> WHO: testuser
> WHAT: 
> TGT-1-*o9ZO9-5-lg-hostname
> ACTION: TICKET_GRANTING_TICKET_DESTROYED
> APPLICATION: CAS
> WHEN: Wed Jan 30 13:27:04 EST 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>
> WHO: testuser
> WHAT: 
> TGT-1-*9AvnnUJ-eU-hostname
> ACTION: TICKET_GRANTING_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Jan 30 13:27:04 EST 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>
> WHO: testuser
> WHAT: ST-1-5rXI2d9rn7Rf-BWXld2b6hct6xA-hostname for 
> http://localhost:8080/appname
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Jan 30 13:27:04 EST 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
>
> WHO: testuser
> WHAT: ST-1-5rXI2d9rn7Rf-BWXld2b6hct6xA-hostname
> ACTION: SERVICE_TICKET_VALIDATED
> APPLICATION: CAS
> WHEN: Wed Jan 30 13:27:05 EST 2019
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
>
> Then I see this failed message (service ticket doesn't exist):
>
> 2019-01-30 13:27:05,396 DEBUG 
> [org.apereo.cas.AbstractCentralAuthenticationService] -  decode service ticket 
> [eyJhbGciOiJIUzUxMiJ9.eyJjcmVkZW50aWFsVHlwZSI6IlVzZXJuYW1lUGFzc3dvcmRDcmVkZW50aWFsIiwiYXVkIjoiaHR0cDpcL1wvbG9jYWxob3N0OjkwNTBcL2NhcnQtd2ViXC9jYXJ0SG9tZS5kbyIsInN1YiI6InNtdWRpZ2FuIiwiaXNGcm9tTmV3TG9naW4iOiJ0cnVlIiwiYXV0aGVudGljYXRpb25EYXRlIjoiMjAxOS0wMS0zMFQxMzoyNzowNC4xMzgtMDU6MDBbQW1lcmljYVwvTmV3X1lvcmtdIiwiYXV0aGVudGljYXRpb25NZXRob2QiOiJBY2NlcHRVc2Vyc0F1dGhlbnRpY2F0aW9uSGFuZGxlciIsInN1Y2Nlc3NmdWxBdXRoZW50aWNhdGlvbkhhbmRsZXJzIjoiQWNjZXB0VXNlcnNBdXRoZW50aWNhdGlvbkhhbmRsZXIiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2NhcyIsImxvbmdUZXJtQXV0aGVudGljYXRpb25SZXF1ZXN0VG9rZW5Vc2VkIjoiZmFsc2UiLCJleHAiOjE1NDg5MDE2MjUsImlhdCI6MTU0ODg3MjgyNSwianRpIjoiU1QtMS01clhJMmQ5cm43UmYtQldYbGQyYjZoY3Q2eEEtTllDLTdMLTU1Nzg4MDAzIn0=.d2h6CYWdYbDUvEdjnDpYpNKB7QIgfHU_ztYOeBN0dOp-H_p_Nwgnw1_kBoqXQytuPae4eyNeH05RiwUyQbOh-g]
>  
> to verify authenticity>
> 2019-01-30 13:27:05,396 WARN 
> [org.apereo.cas.DefaultCentralAuthenticationService] -  [eyJhbGciOiJIUzUxMiJ9.eyJjcmVkZW50aWFsVHlwZSI6IlVzZXJuYW1lUGFzc3dvcmRDcmVkZW50aWFsIiwiYXVkIjoiaHR0cDpcL1wvbG9jYWxob3N0OjkwNTBcL2NhcnQtd2ViXC9jYXJ0SG9tZS5kbyIsInN1YiI6InNtdWRpZ2FuIiwiaXNGcm9tTmV3TG9naW4iOiJ0cnVlIiwiYXV0aGVudGljYXRpb25EYXRlIjoiMjAxOS0wMS0zMFQxMzoyNzowNC4xMzgtMDU6MDBbQW1lcmljYVwvTmV3X1lvcmtdIiwiYXV0aGVudGljYXRpb25NZXRob2QiOiJBY2NlcHRVc2Vyc0F1dGhlbnRpY2F0aW9uSGFuZGxlciIsInN1Y2Nlc3NmdWxBdXRoZW50aWNhdGlvbkhhbmRsZXJzIjoiQWNjZXB0VXNlcnNBdXRoZW50aWNhdGlvbkhhbmRsZXIiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2NhcyIsImxvbmdUZXJtQXV0aGVudGljYXRpb25SZXF1ZXN0VG9rZW5Vc2VkIjoiZmFsc2UiLCJleHAiOjE1NDg5MDE2MjUsImlhdCI6MTU0ODg3MjgyNSwianRpIjoiU1QtMS01clhJMmQ5cm43UmYtQldYbGQyYjZoY3Q2eEEtTllDLTdMLTU1Nzg4MDAzIn0=.d2h6CYWdYbDUvEdjnDpYpNKB7QIgfHU_ztYOeBN0dOp-H_p_Nwgnw1_kBoqXQytuPae4eyNeH05RiwUyQbOh-g]
>  
> does not exist.>
>
> WHO: audit:unknown
> WHAT: 
>

[cas-user] [6.x] [REST Protocol] [Request a Service Ticket] HTTP 200 - empty body

2019-01-28 Thread Michele Melluso 
Hi all,

we're trying to integrate Rest Protocol as described here:

https://apereo.github.io/cas/6.0.x/protocol/REST-Protocol.html

in 5.3.6 everything works just fine, we obtain TGTs and STs also in Jwt 
format.

in all 6.x versions we manage to get a TGT (also in JWT format) but when we 
try to get an ST we receive a 200 response with empty body.
Our java version is java-11-openjdk-11.0.1.13-10.fc29.x86_64

the Api is called exactly as in 5.3.6 version:

curl -X POST \
  https://localhost:8443/cas/v1/tickets/TGT-1-sF-... \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'cache-control: no-cache' \
  -d 'service=https%3A%2F%2Flocalhost..=true'

the result is:
HTTP/1.1 200 
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=15768000 ; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Type: application/vnd.cas.services+yaml;charset=UTF-8
Content-Length: 0
Date: Mon, 28 Jan 2019 13:48:52 GMT
Server: Apereo CAS




Cas log says that the ticket is created:
=
WHO: {myuser}
WHAT: [status=200-OK,body=ST-1-GiBOLycp8wL.]
ACTION: REST_API_SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Mon Jan 28 14:34:39 CET 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=


Debugging the following class i can see a nicely populated ResponseEntity :

[image: Screenshot from 2019-01-28 14-41-40.png]


org.apereo.cas.support.rest.resources.ServiceTicketResource.createServiceTicket

return this.serviceTicketResourceEntityResponseFactory.build(tgtId, 
service, authenticationResult);

but no body is returned.


any help is welcome
thanks in advance
Michele

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2e774cc6-7cab-454a-9f13-850654bed7d7%40apereo.org.

[cas-user] [6.0.x Documentation] Algolia search: No results found for query

2019-01-23 Thread Michele Melluso 
Hi,

it seems like in the 6.0 documentation page, the box search does not return 
any result, eg with the keyword jdbc.

https://apereo.github.io/cas/6.0.x/

Looking at the browser's console I see no errors and in the Network tab the 
query calls are correctly fired, still they return an empty result like the 
following:

{
  "results": [
{
  "hits": [],
  "nbHits": 0,
  "page": 0,
  "nbPages": 0,
  "hitsPerPage": 5,
  "processingTimeMS": 1,
  "exhaustiveNbHits": true,
  "query": "authen",
  "params": 
"query=authen=5=%5B%22version%3A%206.0.x%22%5D",
  "index": "apereo"
}
  ]
}



The search box works correctly with any other version including 
development. I tried cleaning cache and with different browsers.

thanks for you time
regards
Michele

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/62d4738a-69b3-4994-97b3-04fe240bf6ec%40apereo.org.

Re: [cas-user] CAS Attribute

2019-01-22 Thread Michele Melluso 
Could you try the same property without squared brackets?
cas.authn.attributeRepository.*jdbc*.attributes.mail=email

as described here?
https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#jdbc




On Tuesday, January 22, 2019 at 10:23:28 AM UTC+1, john adz wrote:
>
> Hi Michele,
>
> I get an invalid property error when I use jdbc [0]. I'il try again and 
> send the log. Because I am using cas 5.0.x. I think you said for 5.2. In 
> the meantime, I can understand how the mail sent mail.
>
> Thanks,
>
> On Tue, Jan 22, 2019 at 11:38 AM Michele Melluso  > wrote:
>
>> Hi, 
>> I was wrong, please ignore my previous answer.
>>
>> Looking at your configuration I think you may be using the wrong 
>> properties to select attributes:
>> cas.authn.attributeRepository.attributes.mail=email
>>
>> both in my configuration and here: 
>> https://apereo.github.io/2018/02/20/cas-service-rbac-attributeresolution/  
>> the following properties are used:
>> cas.authn.attributeRepository.*jdbc[0**]*.attributes.mail=email
>>
>> I hope this time to be correct :)
>> Michele
>>
>>
>>
>> On Tuesday, January 22, 2019 at 9:17:28 AM UTC+1, Michele Melluso wrote:
>>>
>>> Looking at your configuration I think you should replace in 
>>> defaultattributesToRelease property the value email with mail.
>>> That is because you defined an attribute called "mail" populated with 
>>> the "email" field. The the new attribute "mail" is what you want to release.
>>>
>>> cas.authn.attributeRepository.attributes.mail=email
>>> cas.authn.attributeRepository.defaultAttributesToRelease=*mail*
>>>
>>> Michele
>>>
>>>
>>> On Tuesday, January 22, 2019 at 8:41:38 AM UTC+1, john adz wrote:
>>>>
>>>> Hi Ray,
>>>> Thanks for your answer. I've done something, and I see e-mails in the 
>>>> logs. But I don't know how to send this email address to the application. 
>>>> Or I don't know if I'm sending it right now. log like
>>>>
>>>> 2019-01-22 07:28:04,472 INFO 
>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>>>> 
>>>>
>>>> 2019-01-22 07:28:04,477 INFO 
>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>>>> >>> a...@gmail.com} with credentials [username**].>
>>>>
>>>> 2019-01-22 07:28:04,478 INFO 
>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >>> trail record BEGIN
>>>>
>>>> =
>>>>
>>>> WHO: username**
>>>>
>>>> WHAT: Supplied credentials: [username**]
>>>>
>>>> ACTION: AUTHENTICATION_SUCCESS
>>>>
>>>> APPLICATION: CAS
>>>>
>>>> WHEN: Tue Jan 22 07:28:04 UTC 2019
>>>>
>>>>
>>>> =
>>>>
>>>>
>>>> >
>>>>
>>>> 2019-01-22 07:28:04,478 INFO 
>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >>> trail record BEGIN
>>>>
>>>> =
>>>>
>>>> WHO: username**
>>>>
>>>> WHAT: Supplied credentials: [username**]
>>>>
>>>> ACTION: AUTHENTICATION_SUCCESS
>>>>
>>>> APPLICATION: CAS
>>>>
>>>> WHEN: Tue Jan 22 07:28:04 UTC 2019
>>>>
>>>>
>>>> =
>>>>
>>>>
>>>> >
>>>>
>>>> 2019-01-22 07:28:04,480 DEBUG 
>>>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] 
>>>> - 
>>>> 
>>>>
>>>> 2019-01-22 07:28:04,481 DEBUG 
>>>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] 
>>>> - 
>>>> 
>>>>
>>>> 2019-01-22 07:28:04,481 DEBUG 
>>>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] 
>>>> - 
>>>> >>> attributes for username**>
>>>>
>>>> 2019-01-22 07:28:04,481 DEBUG 
>>>> [org.apereo.cas.services.Abst

Re: [cas-user] CAS Attribute

2019-01-22 Thread Michele Melluso 
Hi, 
I was wrong, please ignore my previous answer.

Looking at your configuration I think you may be using the wrong properties 
to select attributes:
cas.authn.attributeRepository.attributes.mail=email

both in my configuration and 
here: https://apereo.github.io/2018/02/20/cas-service-rbac-attributeresolution/ 
 
the following properties are used:
cas.authn.attributeRepository.*jdbc[0**]*.attributes.mail=email

I hope this time to be correct :)
Michele



On Tuesday, January 22, 2019 at 9:17:28 AM UTC+1, Michele Melluso wrote:
>
> Looking at your configuration I think you should replace in 
> defaultattributesToRelease property the value email with mail.
> That is because you defined an attribute called "mail" populated with the 
> "email" field. The the new attribute "mail" is what you want to release.
>
> cas.authn.attributeRepository.attributes.mail=email
> cas.authn.attributeRepository.defaultAttributesToRelease=*mail*
>
> Michele
>
>
> On Tuesday, January 22, 2019 at 8:41:38 AM UTC+1, john adz wrote:
>>
>> Hi Ray,
>> Thanks for your answer. I've done something, and I see e-mails in the 
>> logs. But I don't know how to send this email address to the application. 
>> Or I don't know if I'm sending it right now. log like
>>
>> 2019-01-22 07:28:04,472 INFO 
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>> 
>>
>> 2019-01-22 07:28:04,477 INFO 
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>> > a...@gmail.com} with credentials [username**].>
>>
>> 2019-01-22 07:28:04,478 INFO 
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>>
>> =
>>
>> WHO: username**
>>
>> WHAT: Supplied credentials: [username**]
>>
>> ACTION: AUTHENTICATION_SUCCESS
>>
>> APPLICATION: CAS
>>
>> WHEN: Tue Jan 22 07:28:04 UTC 2019
>>
>>
>> =
>>
>>
>> >
>>
>> 2019-01-22 07:28:04,478 INFO 
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>>
>> =
>>
>> WHO: username**
>>
>> WHAT: Supplied credentials: [username**]
>>
>> ACTION: AUTHENTICATION_SUCCESS
>>
>> APPLICATION: CAS
>>
>> WHEN: Tue Jan 22 07:28:04 UTC 2019
>>
>>
>> =
>>
>>
>> >
>>
>> 2019-01-22 07:28:04,480 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,481 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,481 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > attributes for username**>
>>
>> 2019-01-22 07:28:04,481 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > for username**>
>>
>> 2019-01-22 07:28:04,482 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,482 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > any>
>>
>> 2019-01-22 07:28:04,482 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,483 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,483 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,483 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,483 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,484 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,484 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-22 07:28:04,485 INFO 
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail r

Re: [cas-user] CAS Attribute

2019-01-22 Thread Michele Melluso 
;> cas.authn.attributeRepository.jdbc.password=***
>>
>> ###cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
>>
>> cas.authn.attributeRepository.jdbc.driverClass=com.mysql.jdbc.Driver
>>
>> cas.authn.attributeRepository.jdbc.columnMappings.password=email
>>
>> cas.authn.attributeRepository.jdbc.healthQuery=SELECT 1 FROM 
>> account_db.users
>>
>> cas.authn.attributeRepository.attributes.mail=email
>>
>> cas.authn.attributeRepository.defaultAttributesToRelease=email
>>
>> cas.log is also the attribute field as follows
>>
>> 2019-01-21 13:18:40,953 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,955 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,956 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > attributes for **username**>
>>
>> 2019-01-21 13:18:40,956 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > for **username**>
>>
>> 2019-01-21 13:18:40,956 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,956 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> > any>
>>
>> 2019-01-21 13:18:40,957 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,957 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,957 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,957 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,957 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> 2019-01-21 13:18:40,958 DEBUG 
>> [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - 
>> 
>>
>> I don't understand where I'm doing wrong. I'm using cas 5.0.x.
>>
>>
>> On Mon, Jan 21, 2019 at 11:39 AM Michele Melluso > > wrote:
>>
>> It seems like you are missing how to extract attributes. 
>>
>> You can see how this is done here:
>> https://apereo.github.io/2018/02/20/cas-service-rbac-attributeresolution/
>>
>>
>> then i guess that you should define an attribute release policy as 
>> described here:
>>
>> https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html
>>
>> hope it helps
>> Michele
>>
>> On Sunday, January 20, 2019 at 7:37:34 PM UTC+1, john adz wrote: 
>>
>> I added what you said in the file, but I got an error. The file contents 
>> and the output of cas.log are as follows.
>>
>> application.properties
>>
>> cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
>>
>>
>> cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
>>
>>
>> cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
>>
>>
>> cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=SHA-256
>>
>>
>> cas.authn.jdbc.query[0].passwordEncoder.secret=
>>
>>
>> cas.authn.jdbc.query[0].passwordEncoder.strength=16
>>
>>
>> #cas.authn.jdbc.query[0].principalAttributeList=email,mail
>>
>>
>>
>> cas.authn.attributeRepository.jdbc[0].attributes.mail=mail
>>
>>
>>
>>
>>
>>
>> cas.log
>>
>> WARN 
>> [org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext]
>>  
>> - > attempt: org.springframework.beans.factory.BeanCreationException: Error 
>> creating bean with name 
>> 'com.ryantenney.metrics.spring.MetricsBeanPostProcessorFactory#4': Cannot 
>> resolve reference to bean 'metrics' while setting constructor argument; 
>> nested exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'casMetricsConfiguration': Unsatisfied dependency 
>> expressed through field 'handlerMapping'; nested exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'casWebAppConfiguration': Unsatisfied dependency 
>> expressed through field 'casProperties'; nested exception is 
>>

[cas-user] Re: [Themed view] fragment ignored

2019-01-16 Thread Michele Melluso 
Hi Andy,

thank you for the reply. I successfully applied your suggestion.

The only difference is that I had to add the theme name in the th:replace 
tag instead of href


  Login Form goes here


thanks again
Michele

On Wednesday, January 16, 2019 at 8:49:20 AM UTC+1, Andy Ng wrote:
>
> Hi Michele,
>
> For fragments, by default even if you are using theme, it will point to 
> the main fragment.
>
> This is because thymeleaf render path by attaching the path with the 
> prefix, instead of using the one in the theme directory.
>
>
> Refering to: 
> https://github.com/apereo/cas/blob/v6.0.0/webapp/resources/templates/casLoginView.html
>
> As you can see, fragment is called like this: cookies fragment
>
> Hence, even in themed login, it will still point to (in your case): 
> /etc/cas/templates/ + fragments/cookies.html = 
> /etc/cas/templates/fragments/cookies.html
>
> My current work around is only to add back the themed name to 
> casLoginView.html in the theme directory (e.g. cookies fragment ), there might be ways to 
> make it modular but I am out of idea during that time.
>
> See if the above help you!
>
>
> Cheers!
> - Andy
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0aafe1c5-23a2-41cb-8dd6-7a145d70cf29%40apereo.org.

[cas-user] Re: JWT Client - Cas Server

2019-01-15 Thread Michele Melluso 
I think you should implement directly an AuthenticationProvider and place 
your custom code which validates the jwt ticket in the authenticate() 
method.

When using the Jwt as service ticket I guess there is no need to use any of 
CasAuthenticationProvider facilities, since you are not supposed to contact 
cas any longer ( 
https://apereo.github.io/cas/6.0.x/installation/Configure-ServiceTicket-JWT.html
 
)

Hope it helps
Michele

On Tuesday, January 15, 2019 at 4:12:24 PM UTC+1, Xavier Rodríguez wrote:
>
> Hi,
>
> My question is if in this line:
>
>CasAuthenticationProvider provider = new 
> CasAuthenticationProvider();
>
> I have to modify the "CasAuthenticationProvider" to another similar: 
> "JWTAuthenticationProvider"
>  
>JWTAuthenticationProvider provider = new 
> JWTAuthenticationProvider(..)
>
> And I have to implement in this JWTAuthenticationProvider the  
> authenticate() method that only validate the "tiket" passed inthe request?
>
> Thanks,
>
> - Xavier -
>
> El dilluns, 14 gener de 2019 16:23:13 UTC+1, Michele Melluso va escriure:
>>
>> Hi,
>>
>> we did it with java-jwt library. Taking inspiration from the readme, hope 
>> it helps:
>>
>> https://github.com/auth0/java-jwt
>>
>> regards
>> Michele
>>
>> On Monday, January 14, 2019 at 4:09:57 PM UTC+1, Xavier Rodríguez wrote:
>>>
>>> I've configured CAS-Server to return JWT and it works fine. My problem 
>>> is that I don't know how configure correctly my client to read this token. 
>>> My client is configured with spring-security-cas package. In a 
>>> "traditional authentication" CAS I define something similar as:
>>>
>>> public CasAuthenticationProvider casAuthenticationProvider() {
>>> CasAuthenticationProvider provider = new 
>>> CasAuthenticationProvider();
>>> provider.setServiceProperties(serviceProperties());
>>> provider.setTicketValidator(ticketValidator());
>>> ...
>>> provider.setUserDetailsService(
>>> s -> new User(...)
>>> ...
>>> return provider;
>>> }
>>>
>>> In JWT case, I've to define an implementation similar to 
>>> CasAuthenticationProvider that it reads the ticket 
>>> (=eyJhbGciOiJIUzUxMiJ9.ZX...) received from de the cas? Any idea to 
>>> do this?
>>>
>>> Regards!
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/894c9afd-0dbd-42bc-a96a-f5076d1b1045%40apereo.org.

[cas-user] Re: JWT Client - Cas Server

2019-01-14 Thread Michele Melluso 
Hi,

we did it with java-jwt library. Taking inspiration from the readme, hope 
it helps:

https://github.com/auth0/java-jwt

regards
Michele

On Monday, January 14, 2019 at 4:09:57 PM UTC+1, Xavier Rodríguez wrote:
>
> I've configured CAS-Server to return JWT and it works fine. My problem is 
> that I don't know how configure correctly my client to read this token. 
> My client is configured with spring-security-cas package. In a 
> "traditional authentication" CAS I define something similar as:
>
> public CasAuthenticationProvider casAuthenticationProvider() {
> CasAuthenticationProvider provider = new 
> CasAuthenticationProvider();
> provider.setServiceProperties(serviceProperties());
> provider.setTicketValidator(ticketValidator());
> ...
> provider.setUserDetailsService(
> s -> new User(...)
> ...
> return provider;
> }
>
> In JWT case, I've to define an implementation similar to 
> CasAuthenticationProvider that it reads the ticket 
> (=eyJhbGciOiJIUzUxMiJ9.ZX...) received from de the cas? Any idea to 
> do this?
>
> Regards!
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ee58f6ea-1819-4f4c-b423-49c18d79b116%40apereo.org.

[cas-user] [Themed view] fragment ignored

2019-01-14 Thread Michele Melluso 
Hi,

we're trying to customize the view as described in the following pages in 
cas 6.0 (but didn't manage even on 5.3.x):

https://apereo.github.io/cas/6.0.x/ux/User-Interface-Customization-Themes.html
https://apereo.github.io/2018/06/10/cas-userinterface-customizations/

our templates have been externalized and linked using the following 
properties:

spring.thymeleaf.prefix=file:///etc/cas/templates/
cas.view.templatePrefixes[0]=file:///etc/cas/templates

in /etc/cas/templates we cloned all the views (for Frontend Team editing) 
and added the same views, including fragments the folder:

/etc/cas/templates/mytheme

the theme is being recognized as css and casLoginView.html is rendered but 
fragment themed customization (eg. 
/etc/cas/templates/mytheme/fragments/loginform.html) is not recognized, 
since cas keeps rendering the main one 
(/etc/cas/templates/fragments/loginform.html).

I saw in documentation there is a "View vs Fragment" banner, but I cannot 
understand whether fragment theme customization is possible or not.

i found the following topic:
https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/k-yfoou7Zy0

but it doesn't speak about fragments.

Thanks in advance
Michele

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d5054078-edd5-4559-a5b2-5869a3ae25bc%40apereo.org.